3:30 systemctl restart docker Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
I had the same issue on my side. Ensure that the CIDR notation of the IPv6 subnet you have set in the json file doesn't have any typos or syntax errors.
Thank you for the absolute necessary explanation that we have to create this new file! The official Docker document is stupid, I know they want to use Occam's Razor but it's confusing for us.
does anyone know how to use ipv6 in Docker if you only got three single IPV6 addresses from the provider? I got a VM in Proxmox from the provider. It was no problem to include a complete ipv6 network, but single addresses I did not succeed so far.
Thanks Joe. I do appreciate you are explaining NAT. But be honest setting up a static route doesn't fix the initail issue: Docker isn't natting ipv6. So from what I have learned so far from googling that I'd need to set up my docker container with mcvlan which would let expose the whole container to the public www. Which is a horrible solution. I think its kind of sad how bad docker is at ipv6 :/
Hi Mike, thanks for your comment. You're correct, docker isn't using NAT for IPv6 networks. You mention mcvlan, for my own setup I'm using another option, that is IPvlan, here the docker host's globally routable network is shared with the containers, and the host acts at L2 rather than as an L3 gateway. It follows that if the docker host's IPv6 address is exposed publicly, then all the containers on that network will be as well. I write about this in the final section of this blog: dev.to/joeneville_/build-a-docker-ipv6-network-dfj At the heart of this discussion is the fundamental difference in approach to network design between IPv4 and IPv6. v4 uses NAT, v6 networkers advocate, on the whole, for no NAT but global end to end communication. The approach being, rather than use NAT, v6 nodes can be globally routable on the public internet, but firewalled to prevent access to those that should have such restrictions. You'll see this in v6 home networking, my ISP provides a gateway that NATs v4 but my v6 network is exposed publicly and firewalled. If you want the v6 equivalent of RFC1918 addressing you would use ULA. Docker isn't good at v6 but the lack of v6 NAT is not docker specific, it is v6 in general.
@@null_zero Thank you for your reply! So based of your blog and the situation that your ISP provides you a /64 network. The "docker network create -d ipvlan[..]" subnet would be the /64 by the ISP, the gateway would be the ISP gateway. But whats "parent="? The public IP of my docker host? The thing I'd like to NAT my v6 traffic as my v4 is that in this way I see easier control of my firewall settings. In a Scenario where I rent a virtual server in the internet I'm often provided with a /64 network as well. But in most cases I don't have control over my vservers provider firewall which would result into leaving all ports open for my mircoservice exposed to the www. So I'd need to create a DMZ which would be more complicated. I think I'm going with a v6 docker natting router. Which I still think is a bad solution.
2.7.3 just came out and it officially supports IPv6 now! 🎉
3:30 systemctl restart docker Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
I had the same issue on my side. Ensure that the CIDR notation of the IPv6 subnet you have set in the json file doesn't have any typos or syntax errors.
Thank you for the absolute necessary explanation that we have to create this new file! The official Docker document is stupid, I know they want to use Occam's Razor but it's confusing for us.
Can I modify the previous one?
does anyone know how to use ipv6 in Docker if you only got three single IPV6 addresses from the provider? I got a VM in Proxmox from the provider. It was no problem to include a complete ipv6 network, but single addresses I did not succeed so far.
Thanks Joe. I do appreciate you are explaining NAT. But be honest setting up a static route doesn't fix the initail issue: Docker isn't natting ipv6. So from what I have learned so far from googling that I'd need to set up my docker container with mcvlan which would let expose the whole container to the public www. Which is a horrible solution. I think its kind of sad how bad docker is at ipv6 :/
Hi Mike, thanks for your comment. You're correct, docker isn't using NAT for IPv6 networks. You mention mcvlan, for my own setup I'm using another option, that is IPvlan, here the docker host's globally routable network is shared with the containers, and the host acts at L2 rather than as an L3 gateway. It follows that if the docker host's IPv6 address is exposed publicly, then all the containers on that network will be as well.
I write about this in the final section of this blog:
dev.to/joeneville_/build-a-docker-ipv6-network-dfj
At the heart of this discussion is the fundamental difference in approach to network design between IPv4 and IPv6. v4 uses NAT, v6 networkers advocate, on the whole, for no NAT but global end to end communication. The approach being, rather than use NAT, v6 nodes can be globally routable on the public internet, but firewalled to prevent access to those that should have such restrictions.
You'll see this in v6 home networking, my ISP provides a gateway that NATs v4 but my v6 network is exposed publicly and firewalled.
If you want the v6 equivalent of RFC1918 addressing you would use ULA.
Docker isn't good at v6 but the lack of v6 NAT is not docker specific, it is v6 in general.
@@null_zero Thank you for your reply! So based of your blog and the situation that your ISP provides you a /64 network. The "docker network create -d ipvlan[..]" subnet would be the /64 by the ISP, the gateway would be the ISP gateway. But whats "parent="? The public IP of my docker host?
The thing I'd like to NAT my v6 traffic as my v4 is that in this way I see easier control of my firewall settings. In a Scenario where I rent a virtual server in the internet I'm often provided with a /64 network as well. But in most cases I don't have control over my vservers provider firewall which would result into leaving all ports open for my mircoservice exposed to the www. So I'd need to create a DMZ which would be more complicated.
I think I'm going with a v6 docker natting router. Which I still think is a bad solution.