How to use IPv6 for docker containers on Digitalocean
August 7, 2017
You get ipv6 adrresses on digitalocean for free, so why not give your containers an address which is reachable from everywhere in the world?
A few words
You only get a routable space from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx0
to xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxf
, which means your’re able to use 14 addresses for your containers (-2, because of droplet address and network address).
Since we need to tell docker which subnet to use, I will use xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx0/124
in this tutorial, which will give you 14 addresses available to your containers.
Since we’re only part of a subnet, we need to enable NDP Proxying on the droplet later on.
You could read more about NDP Proxying here
Start
First, create a new droplet. I use the smallest kind of droplet, but every kind should work. Just make sure you activate ipv6.
After creating, it should look somewhat like that on the DO page:
Setting up your droplet
Login in into your droplet, head over to docker.io and install docker.
Recently the docker page got quite confusing, make sure you take the CE (Community Edition) and install it on your system.
Configuring the docker daemon
With your favorite text editor open /etc/default/docker
(with sudo, otherwise, you won’t be able to write), find the line
DOCKER_OPTS=””
and replace it with
DOCKER_OPTS="--ipv6 --fixed-cidr-v6 xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx0/124"
Setting up NDP Proxying
NDP(Network Discovery Protocol) is basically the DHCP Replacement for IPv6. Because our host already has an address assigned from the subnet docker will use, we need to make sure NDP takes that into account, which is done by NDP Proxying.
To do that, just execute the following command on your droplet to activate NDP Proxying
user@droplet $ sudo sysctl net.ipv6.conf.eth0.proxy_ndp=1
Restart the docker daemon
Now we’re ready to go, so restart the docker daemon
user@droplet $ sudo service docker restart
Running containers
Sadly, we need to tell the host for every container we run which ipv6 address it got, so the host is able to route the traffic to the corresponding droplet.
So, start your container, exec a shell and run
user@droplet $ sudo ip a
You should see an ipv6 address from the correct subnet, if it’s your first container it should get the address after your host.
Let’s assume you get the address: 2001:XXXX::X009
To tell that to the host, execute
user@droplet $ sudo ip -6 neigh add proxy 2001:XXXX::X009 dev eth0
Fin
Your container should now be available from everywhere in the world, congratulations!
Troubleshooting
If you’re not able to reach it, make sure you disable the firewall.
On ubuntu that’s done by
user@droplet$ sudo ufw disable