network: "--ip6tables" is now the default

Also, daemon.json "ipv6":true only enables IPv6 for the default bridge, it's not required for a user-defined bridge. Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-05-13 15:39:21 +01:00 · 2024-05-13 15:39:21 +01:00 · abef550be1
parent a743d20673
commit abef550be1
2 changed files with 42 additions and 65 deletions
--- a/content/config/daemon/ipv6.md
+++ b/content/config/daemon/ipv6.md
@ -6,61 +6,26 @@ aliases:
 - /engine/userguide/networking/default_network/ipv6/
 ---

-Before you can use IPv6 in Docker containers, you need to
-enable IPv6 support in the Docker daemon. Afterward, you can choose to use
-either IPv4 or IPv6 (or both) with any container or network.
-
 IPv6 is only supported on Docker daemons running on Linux hosts.

-> **Note**
->
-> When using IPv6, we recommend that you enable the
-> [experimental](../../release-lifecycle.md#experimental)
-> `ip6tables` parameter in the daemon configuration.
-
 ## Create an IPv6 network

-The following steps show you how to create a Docker network that uses IPv6.
+- Using `docker network create`:

-1. Edit the Docker daemon configuration file,
-   located at `/etc/docker/daemon.json`. Configure the following parameters:
+  ```console
+  $ docker network create --ipv6 --subnet 2001:db8::/64 ip6net
+  ```

-   ```json
-   {
-     "experimental": true,
-     "ip6tables": true
-   }
-   ```
+- Using a Docker Compose file:

-   `ip6tables` enables additional IPv6 packet filter rules, providing network
-   isolation and port mapping. This parameter requires `experimental` to be
-   set to `true`.
-
-2. Save the configuration file.
-3. Restart the Docker daemon for your changes to take effect.
-
-   ```console
-   $ sudo systemctl restart docker
-   ```
-
-4. Create a new IPv6 network.
-
-   - Using `docker network create`:
-
-     ```console
-     $ docker network create --ipv6 --subnet 2001:0DB8::/112 ip6net
-     ```
-
-   - Using a Docker Compose file:
-
-     ```yaml
-      networks:
-        ip6net:
-          enable_ipv6: true
-          ipam:
-            config:
-              - subnet: 2001:0DB8::/112
-     ```
+  ```yaml
+   networks:
+     ip6net:
+       enable_ipv6: true
+       ipam:
+         config:
+           - subnet: 2001:db8::/64
+  ```

 You can now run containers that attach to the `ip6net` network.

@ -96,9 +61,7 @@ The following steps show you how to use IPv6 on the default bridge network.
   ```json
   {
     "ipv6": true,
-     "fixed-cidr-v6": "2001:db8:1::/64",
-     "experimental": true,
-     "ip6tables": true
+     "fixed-cidr-v6": "2001:db8:1::/64"
   }
   ```

@ -106,8 +69,7 @@ The following steps show you how to use IPv6 on the default bridge network.
   - `fixed-cidr-v6` assigns a subnet to the default bridge network,
     enabling dynamic IPv6 address allocation.
   - `ip6tables` enables additional IPv6 packet filter rules, providing network
-     isolation and port mapping. This parameter requires `experimental` to be
-     set to `true`.
+     isolation and port mapping. It is enabled by-default, but can be disabled.

 2. Save the configuration file.
 3. Restart the Docker daemon for your changes to take effect.
--- a/content/network/drivers/bridge.md
+++ b/content/network/drivers/bridge.md
@ -198,15 +198,13 @@ the `my-nginx` container from the `my-net` network.
 $ docker network disconnect my-net my-nginx
 ```

-## Use IPv6
+## Use IPv6 in a user-defined bridge network

-If you need IPv6 support for Docker containers, you need to
-[enable the option](../../config/daemon/ipv6.md) on the Docker daemon and reload its
-configuration, before creating any IPv6 networks or assigning containers IPv6
-addresses.
+When you create your network, you can specify the `--ipv6` flag to enable IPv6.

-When you create your network, you can specify the `--ipv6` flag to enable
-IPv6. You can't selectively disable IPv6 support on the default `bridge` network.
+```console
+$ docker network create --ipv6 --subnet 2001:db8:1234::/64 my-net
+```

 ## Use the default bridge network

@ -232,10 +230,8 @@ the settings you need to customize.
 {
  "bip": "192.168.1.1/24",
  "fixed-cidr": "192.168.1.0/25",
-  "fixed-cidr-v6": "2001:db8::/64",
  "mtu": 1500,
  "default-gateway": "192.168.1.254",
-  "default-gateway-v6": "2001:db8:abcd::89",
  "dns": ["10.20.1.2","10.20.1.3"]
 }
 ```
@ -244,9 +240,28 @@ Restart Docker for the changes to take effect.

 ### Use IPv6 with the default bridge network

-If you configure Docker for IPv6 support (see [Use IPv6](#use-ipv6)), the
-default bridge network is also configured for IPv6 automatically. Unlike
-user-defined bridges, you can't selectively disable IPv6 on the default bridge.
+IPv6 can be enabled for the default bridge using the following options in
+`daemon.json`, or their command line equivalents.
+
+These three options only affect the default bridge, they are not used by
+user-defined networks. The addresses in below are examples from the
+IPv6 documentation range.
+
+- Option `ipv6` is required
+- Option `fixed-cidr-v6` is required, it specifies the network prefix to be used.
+  - The prefix should normally be `/64` or shorter.
+  - For experimentation on a local network, it is better to use a Unique Local
+    prefix (matching `fd00::/8`) than a Link Local prefix (matching `fe80::/10`).
+- Option `default-gateway-v6` is optional. If unspecified, the default is the first
+  address in the `fixed-cidr-v6` subnet.
+
+```json
+{
+  "ipv6": true,
+  "fixed-cidr-v6": "2001:db8::/64",
+  "default-gateway-v6": "2001:db8:abcd::89"
+}
+```

 ## Connection limit for bridge networks