84 lines
2.5 KiB
Markdown
84 lines
2.5 KiB
Markdown
title: How to enable IPv6 in docker
|
|
---
|
|
pub_date: 2019-12-13
|
|
---
|
|
author: ungleich virtualisation team
|
|
---
|
|
twitter_handle: ungleich
|
|
---
|
|
_hidden: no
|
|
---
|
|
_discoverable: yes
|
|
---
|
|
abstract:
|
|
It's time for IPv6 in docker, too.
|
|
---
|
|
body:
|
|
|
|
If you are like us and like to do fun things with IPv6 and if you also
|
|
like to run docker containers, then this article is for you.
|
|
|
|
## Enabling IPv6 in docker
|
|
|
|
Recent docker versions just need to have the **ipv6** flag and an IPv6
|
|
network specfied in the **daemon.json**. This might look as follows:
|
|
|
|
```
|
|
{
|
|
"ipv6": true,
|
|
"fixed-cidr-v6": "your-ipv6-network-here"
|
|
}
|
|
```
|
|
|
|
This configuration needs to be placed in **/etc/docker/daemon.json**.
|
|
|
|
## Selecting the right IPv6 network
|
|
|
|
In the IPv6 world we usually say, "just take a /64 for
|
|
everything". And while we will never create 18446744073709551616
|
|
containers on one host, we will just follow this dogma and use
|
|
a /64 for docker.
|
|
|
|
Why would we do this? One of the big advantages of IPv6 is that things
|
|
get simpler. Instead of using a tiny network like a /120 that is
|
|
suitable for 256 containers, we always choose a /64. This way we don't
|
|
have to use our brain power on choosing the network size or to
|
|
eventually later resize the network.
|
|
|
|
If you have a /48 assigned to your host (like when you use the
|
|
[IPv6VPN](https://IPv6VPN.ch)), you can basically use **any** of the
|
|
65'536 networks that are available. We like to remember names so we
|
|
usually take the **b00** network for containers (b00 as in the sound a
|
|
ghost makes when flying around).
|
|
|
|
So if your main /48 network was for instance 2a0a:e5c1:137::/48, we
|
|
would use *2a0a:e5c1:137:b00::/64* and the daemon.json configuration file
|
|
would look as follows:
|
|
|
|
```
|
|
{
|
|
"ipv6": true,
|
|
"fixed-cidr-v6": "2a0a:e5c1:137:b00::/64"
|
|
}
|
|
```
|
|
|
|
After adding this configuration, you will also need to restart the
|
|
docker daemon. After that, your containers should be using IPv6.
|
|
|
|
## What if you don't have an IPv6 network?
|
|
|
|
Luckily, anyone can get an IPv6 network anywhere in the world
|
|
nowadays. You can checkout [IPv6VPN](https://IPv6VPN.ch) for our
|
|
Switzerland based offer.
|
|
|
|
## IPv6++
|
|
|
|
If you want to learn more about IPv6 or how to secure your docker
|
|
containers, stay tuned for the next blog posts, [which will explain on
|
|
how to secure access to your docker
|
|
containers](https://ungleich.ch/u/blog/securing-network-access-to-ipv6-docker-containers/).
|
|
|
|
In the mean time, you can also join the IPv6 discussion on
|
|
[IPv6.Chat](https://IPv6.chat) or if you want to spawn your docker
|
|
containers on a VM, you can do so on
|
|
[IPv6OnlyHosting.com](https://IPv6OnlyHosting.com).
|