ipv6 docker

DOCKERIPV6

BASIC CONFIGURATION OF DOCKER ENGINE WITH IPV6

SEPTEMBER 21, 2015 EYEPV6(AT)GMAIL(DOT)COM 4 COMMENTS

This is the start of a blog series dedicated to enabling IPv6 for the various components in the Docker toolbox.

I am starting the series off by talking about the basic configuration for enabling IPv6 with Docker Engine.  There are some good examples that the Docker folks have put together that you will want to read through: https://docs.docker.com/engine/userguide/networking/default_network/ipv6/

Disclaimer: I am not teaching you Docker.  There are a zillion places to go learn Docker.  I am making the dangerous assumption that you already know what Docker is, how to install it and how to use it.

I am also not teaching you IPv6.  There are also a zillion places to go learn IPv6.  I am making the even more dangerous assumption that you know what IPv6 is, what the addressing details are and how to use it.

Diagram

The graphic below shows a high-level view of my setup.  I have two Docker hosts (docker-v6-1 and docker-v6-2) that are running Ubuntu 14.04.  As of this first post, I am using Docker 1.8.2. Both hosts are attached to a Layer-2 switch via their eth0 interfaces.  I am using static IPv4 addresses (not relevant here) for the host and StateLess Address AutoConfiguration (SLAAC) for IPv6 address assignment out of the Unique Local Address (ULA)FD15:4BA5:5A2B:1009::/64 range.

Preparing the Docker Host for IPv6:

As I mentioned before, I am using SLAAC-based assignment for IPv6 addressing on each host.  You can use static, SLAAC, Stateful DHCPv6 or Stateless DHCPv6 if you want.  I am not covering any of that as they don’t pertain directly to Docker.

Each Docker host as an IPv6 address and can reach the outside world:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:f3:f8:48 brd ff:ff:ff:ff:ff:ff
    inet 192.168.80.200/24 brd 192.168.80.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fd15:4ba5:5a2b:1009:cc7:2609:38b7:e6c6/64 scope global temporary dynamic
       valid_lft 86388sec preferred_lft 14388sec
    inet6 fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848/64 scope global dynamic
       valid_lft 86388sec preferred_lft 14388sec
    inet6 fe80::20c:29ff:fef3:f848/64 scope link
       valid_lft forever preferred_lft forever

[email protected]:~# ping6 -n www.google.com
PING www.google.com(2607:f8b0:400f:802::2004) 56 data bytes
64 bytes from 2607:f8b0:400f:802::2004: icmp_seq=1 ttl=255 time=13.7 ms
64 bytes from 2607:f8b0:400f:802::2004: icmp_seq=2 ttl=255 time=14.5 ms

Since I am using router advertisements (RAs) for my IPv6 address assignment, it is important to force the acceptance of RAs even when forwarding is enabled:

sysctl net.ipv6.conf.eth0.accept_ra=2

Now, if you haven’t already, install Docker using whatever method you are comfortable with.  Again, this is not a primer on Docker. 

Docker! Docker! Docker!

Now that the IPv6 basics are there on the host and you have Docker installed, it is time to set the IPv6 subnet for Docker.  You can do this via the ‘docker daemon’ command or you can set it in the /etc/default/docker file.  Below is the example using the ‘docker daemon’ command. Here, I am setting the fixed IPv6 prefix as FD15:4BA5:5A2B:100A::/64.

[email protected]:~# docker daemon --ipv6 --fixed-cidr-v6="fd15:4ba5:5a2b:100a::/64

Here is the same IPv6 prefix being set, but this is using the /etc/default/docker file:

DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --ipv6 --fixed-cidr-v6=fd15:4ba5:5a2b:100a::/64"

Let’s fire up a container and see what happens. The example below shows that the container got an IPv6 address out of the prefix we set above:

[email protected]:~# docker run -it ubuntu bash
[email protected]:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:01 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fd15:4ba5:5a2b:100a:0:242:ac11:1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:1/64 scope link
       valid_lft forever preferred_lft forever

Ping the outside world:

[email protected]:/# ping6 www.google.com
PING www.google.com(den03s10-in-x04.1e100.net) 56 data bytes
64 bytes from den03s10-in-x04.1e100.net: icmp_seq=1 ttl=254 time=14.6 ms
64 bytes from den03s10-in-x04.1e100.net: icmp_seq=2 ttl=254 time=12.5 ms

Fire up another container and ping the first container over IPv6:

[email protected]:~# docker run -it ubuntu bash
[email protected]:/# ping6 fd15:4ba5:5a2b:100a:0:242:ac11:1
PING fd15:4ba5:5a2b:100a:0:242:ac11:1(fd15:4ba5:5a2b:100a:0:242:ac11:1) 56 data bytes
64 bytes from fd15:4ba5:5a2b:100a:0:242:ac11:1: icmp_seq=1 ttl=64 time=0.094 ms
64 bytes from fd15:4ba5:5a2b:100a:0:242:ac11:1: icmp_seq=2 ttl=64 time=0.057 ms
Add the 2nd Docker host

Sweet! We have one host (docker-v6-1) running with two containers that can reach each other over IPv6 and reach the outside world.  Now let’s add the second Docker host (docker-v6-2).

Repeat all of the steps from above but change the IPv6 prefix that Docker is going to use. Here is an example using FD15:4BA5:5A2B:100B::/64:

DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --ipv6 --fixed-cidr-v6=fd15:4ba5:5a2b:100b::/64”

In order to have containers on one host reach containers on another host over IPv6, we have to figure out routing. You can enable host-based routing (the example I will show below) or you can just use the Layer-3 infrastructure you likely already have in your Data Center. I would recommend the latter option. Remember that Docker is not doing NAT for IPv6 so you have to have some mechanism to allow for pure L3 reachability between the various IPv6 address spaces you are using.
Here is an example of using host-based routing on each of the two Docker hosts. First, configure a static IPv6 route on the first Docker host (i.e. docker-v6-1). The route statement below says to route all traffic destined for the fd15:4ba5:5a2b:100b::/64 prefix (the one being used on docker-v6-2) to the IPv6 address of the docker-v6-2 eth0 interface.

[email protected]:~# ip -6 route add fd15:4ba5:5a2b:100b::/64 via fd15:4ba5:5a2b:1009:20c:29ff:febb:cbf8

Now, do the same on the 2nd Docker host (docker-v6-2). This route statement says to route all traffic destined for the fd15:4ba5:5a2b:100a::/64 prefix (used on docker-v6-1) to the IPv6 address of the docker-v6-1 eth0 interface:

[email protected]:~# ip -6 route add fd15:4ba5:5a2b:100a::/64 via fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848

The final test is to ping from one container on docker-v6-1 to a container on docker-v6-2:

[email protected]:/# ping6 fd15:4ba5:5a2b:100b:0:242:ac11:1
PING fd15:4ba5:5a2b:100b:0:242:ac11:1(fd15:4ba5:5a2b:100b:0:242:ac11:1) 56 data bytes
64 bytes from fd15:4ba5:5a2b:100b:0:242:ac11:1: icmp_seq=3 ttl=62 time=0.570 ms
64 bytes from fd15:4ba5:5a2b:100b:0:242:ac11:1: icmp_seq=4 ttl=62 time=0.454 ms

It works!

We will build on this scenario in upcoming posts as we walk through enabling IPv6 functionality in a variety of Docker network scenarios and other Docker services.

Shannon

Post navigation

PREVIOUS POSTVMware Fusion 8 Pro – IPv6 NATNEXT POSTDocker Hub – We don’t need no stinking IPv6!

4 THOUGHTS ON “BASIC CONFIGURATION OF DOCKER ENGINE WITH IPV6”

  1. John Mann

    SEPTEMBER 21, 2015 AT 19:50

    I can’t see how you managed to do
    “[email protected]:~# ping6 -n http://www.google.com
    when docker-v6-1 has a ULA address.

    Also, how does this work?
    ” [email protected]:/# ping6 http://www.google.com
    Doesn’t the upstream router need to be told a route to the docker-v6-1 internal network:
    route fd15:4ba5:5a2b:100a::/64 via fd15:4ba5:5a2b:1009:20c:29ff:fef3:f848

    PS. Why use ULA addresses while also wanting global reach (to http://www.google.com)?
    Why not use GUA addresses everywhere?

    REPLY

    1. eyepv6(at)gmail(dot)com

      SEPTEMBER 22, 2015 AT 07:32

      Hey John!

      Thanks for the comment. I am doing all of this on VMware Fusion 8 Pro which doesn’t do native IPv6 routing between interfaces. It only supports NAT with ULA addresses. You can see my previous post on this topic:http://www.debug-all.com/?p=123. Yes, you would want to use real GUA addresses in a production environment but my current setup is running in Fusion. 

      REPLY

  2. Pingback: Docker Hub – We don’t need no stinking IPv6! | Debug-All
  3. Pingback: Docker Registry with IPv6 | Debug-All

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

原文地址:https://www.cnblogs.com/zafu/p/9209272.html

时间: 2024-11-13 17:44:46

ipv6 docker的相关文章

理解Docker(1):Docker 安装和基础用法

1. 安装 1.1 在 Ubuntu 14.04 上安装 Docker 前提要求: 内核版本必须是3.10或者以上 依次执行下面的步骤: sudo apt-get update sudo apt-get install apt-transport-https ca-certificates sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF7

docker 配置文件引发的问题

好久没有配置灯塔了,突然间来了兴趣,结果让我失望了,登陆反复的被refused; 这个是配置文件地址:https://github.com/vmware/harbor/blob/master/docs/user_guide.md 感觉是没有错的 [email protected]:~/works/harbor/Deploy$ docker login 192.168.1.15 Username: jackluo Password: Error response from daemon: Get

基于Docker的持续发布都要解决哪些问题 第一集

郑昀编著,文字资料来自于张帆.白俊华.刘飞宇以及网络资料 创建于2015/10/21 最后更新于2015/10/29 关键词:Docker,容器,持续集成,持续发布,CI,私有云 本文档适用人员:广义上的技术人员 提纲: 集装箱还是卷挂载? Host Networking 还是 Bridge Networking? 容器要固定IP吗? 容器内部如何获取宿主机的IP? 待续   首先,你要明白容器并不是虚拟机,虽然它可以解决虚拟机能够解决的问题,同时也能够解决虚拟机由于资源要求过高而无法解决的问题

Docker周报2015年1月(下)

声明: 本博客欢迎转发,但请保留原作者信息! 博客地址:http://blog.csdn.net/halcyonbaby 内容系本人学习.研究和总结,如有雷同,实属荣幸! [Docker官方] 1. docker 1.5.0rc发布 2015.1.23 Docker 1.5 rc1发布. 新特性摘录: 支持新版registry API 加速"docker push"(针对images的多数层在仓库中已经存在的情况) 支持以下新的事件,如"OOM", 'exec_cr

Docker的常规应用手册

一 .什么是 Docker Docker 最初是 dotCloud 公司创始人 Solomon Hykes 在法国期间发起的一个公司内部项目,它是基于 dotCloud 公司多年云服务技术的一次革新,并于 2013 年 3月以 Apache 2.0 授权协议开源),主要项目代码在 GitHub 上进行维护.Docker 项目后来还加入了 Linux 基金会,并成立推动开放容器联盟.其主要特点有: 源码开源,免费 使用 Google公司推出的 Go 语言进行开发实现 基于 Linux 内核技术,对

docker run option

Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container Options: --add-host value Add a custom host-to-IP mapping (host:ip) (default []) -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) --blkio-weight va

Calico在Docker中的搭建

一,Multi-host网络需求 开始之前推荐两篇文章 http://xelatex.github.io/2015/11/15/Battlefield-Calico-Flannel-Weave-and-Docker-Overlay-Network/ http://mp.weixin.qq.com/s?__biz=MzAwMDU1MTE1OQ==&mid=400983139&idx=1&sn=f033e3dca32ca9f0b7c9779528523e7e&scene=1&a

Docker的安装基本命令配置详解

Docker 官网:https://docs.docker.com      Docker值得关注的特性:         文件系统隔离:每个进程容器运行在一个完全独立的根文件系统里.         资源隔离:系统资源,像CPU和内存等可以分配到不同的容器中,使用Cgroup.         网络隔离:每个进程容器运行在自己的网络空间,虚拟接口和IP地址.             日志记录:Docker将会收集和记录每个进程容器的标准流(stdout/stderr/stdin),用于实时检索

(二)Docker的配置文件(2-2)

通常我们修改Docker的守护进程的一些特性是通过在/lib/systemd/system/docker.service这个配置文件的ExecStart后面增加启动参数,但是如果要设置的特性比较多,显然这个参数会很长.所以还是通过修改配置文件更加直观和方便. 配置文件在哪里: 在我们使用的这个Docker版本中,默认的配置文件是/etc/docker/daemon.json,但是这个文件并不存在,不过这个目录是存在的. 既然没有那个文件,我们就建立一个.这个文件的格式是JSON格式,其实没有什么