From abef550be181e7d06722258eb51587c3650a6c73 Mon Sep 17 00:00:00 2001 From: Rob Murray Date: Mon, 13 May 2024 15:39:21 +0100 Subject: [PATCH] network: "--ip6tables" is now the default Also, daemon.json "ipv6":true only enables IPv6 for the default bridge, it's not required for a user-defined bridge. Signed-off-by: Rob Murray --- content/config/daemon/ipv6.md | 68 +++++++------------------------ content/network/drivers/bridge.md | 39 ++++++++++++------ 2 files changed, 42 insertions(+), 65 deletions(-) diff --git a/content/config/daemon/ipv6.md b/content/config/daemon/ipv6.md index 891dfd643c..530435bc09 100644 --- a/content/config/daemon/ipv6.md +++ b/content/config/daemon/ipv6.md @@ -6,61 +6,26 @@ aliases: - /engine/userguide/networking/default_network/ipv6/ --- -Before you can use IPv6 in Docker containers, you need to -enable IPv6 support in the Docker daemon. Afterward, you can choose to use -either IPv4 or IPv6 (or both) with any container or network. - IPv6 is only supported on Docker daemons running on Linux hosts. -> **Note** -> -> When using IPv6, we recommend that you enable the -> [experimental](../../release-lifecycle.md#experimental) -> `ip6tables` parameter in the daemon configuration. - ## Create an IPv6 network -The following steps show you how to create a Docker network that uses IPv6. +- Using `docker network create`: -1. Edit the Docker daemon configuration file, - located at `/etc/docker/daemon.json`. Configure the following parameters: + ```console + $ docker network create --ipv6 --subnet 2001:db8::/64 ip6net + ``` - ```json - { - "experimental": true, - "ip6tables": true - } - ``` +- Using a Docker Compose file: - `ip6tables` enables additional IPv6 packet filter rules, providing network - isolation and port mapping. This parameter requires `experimental` to be - set to `true`. - -2. Save the configuration file. -3. Restart the Docker daemon for your changes to take effect. - - ```console - $ sudo systemctl restart docker - ``` - -4. Create a new IPv6 network. - - - Using `docker network create`: - - ```console - $ docker network create --ipv6 --subnet 2001:0DB8::/112 ip6net - ``` - - - Using a Docker Compose file: - - ```yaml - networks: - ip6net: - enable_ipv6: true - ipam: - config: - - subnet: 2001:0DB8::/112 - ``` + ```yaml + networks: + ip6net: + enable_ipv6: true + ipam: + config: + - subnet: 2001:db8::/64 + ``` You can now run containers that attach to the `ip6net` network. @@ -96,9 +61,7 @@ The following steps show you how to use IPv6 on the default bridge network. ```json { "ipv6": true, - "fixed-cidr-v6": "2001:db8:1::/64", - "experimental": true, - "ip6tables": true + "fixed-cidr-v6": "2001:db8:1::/64" } ``` @@ -106,8 +69,7 @@ The following steps show you how to use IPv6 on the default bridge network. - `fixed-cidr-v6` assigns a subnet to the default bridge network, enabling dynamic IPv6 address allocation. - `ip6tables` enables additional IPv6 packet filter rules, providing network - isolation and port mapping. This parameter requires `experimental` to be - set to `true`. + isolation and port mapping. It is enabled by-default, but can be disabled. 2. Save the configuration file. 3. Restart the Docker daemon for your changes to take effect. diff --git a/content/network/drivers/bridge.md b/content/network/drivers/bridge.md index c8f27c48d5..2884d80636 100644 --- a/content/network/drivers/bridge.md +++ b/content/network/drivers/bridge.md @@ -198,15 +198,13 @@ the `my-nginx` container from the `my-net` network. $ docker network disconnect my-net my-nginx ``` -## Use IPv6 +## Use IPv6 in a user-defined bridge network -If you need IPv6 support for Docker containers, you need to -[enable the option](../../config/daemon/ipv6.md) on the Docker daemon and reload its -configuration, before creating any IPv6 networks or assigning containers IPv6 -addresses. +When you create your network, you can specify the `--ipv6` flag to enable IPv6. -When you create your network, you can specify the `--ipv6` flag to enable -IPv6. You can't selectively disable IPv6 support on the default `bridge` network. +```console +$ docker network create --ipv6 --subnet 2001:db8:1234::/64 my-net +``` ## Use the default bridge network @@ -232,10 +230,8 @@ the settings you need to customize. { "bip": "192.168.1.1/24", "fixed-cidr": "192.168.1.0/25", - "fixed-cidr-v6": "2001:db8::/64", "mtu": 1500, "default-gateway": "192.168.1.254", - "default-gateway-v6": "2001:db8:abcd::89", "dns": ["10.20.1.2","10.20.1.3"] } ``` @@ -244,9 +240,28 @@ Restart Docker for the changes to take effect. ### Use IPv6 with the default bridge network -If you configure Docker for IPv6 support (see [Use IPv6](#use-ipv6)), the -default bridge network is also configured for IPv6 automatically. Unlike -user-defined bridges, you can't selectively disable IPv6 on the default bridge. +IPv6 can be enabled for the default bridge using the following options in +`daemon.json`, or their command line equivalents. + +These three options only affect the default bridge, they are not used by +user-defined networks. The addresses in below are examples from the +IPv6 documentation range. + +- Option `ipv6` is required +- Option `fixed-cidr-v6` is required, it specifies the network prefix to be used. + - The prefix should normally be `/64` or shorter. + - For experimentation on a local network, it is better to use a Unique Local + prefix (matching `fd00::/8`) than a Link Local prefix (matching `fe80::/10`). +- Option `default-gateway-v6` is optional. If unspecified, the default is the first + address in the `fixed-cidr-v6` subnet. + +```json +{ + "ipv6": true, + "fixed-cidr-v6": "2001:db8::/64", + "default-gateway-v6": "2001:db8:abcd::89" +} +``` ## Connection limit for bridge networks