1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Update IPv6 docs with modern ip command use + sysctl

Fixes: #10701

Updates the IPv6 documentation and images to reflect the more modern
`ip -6` command set versus `route` and `ifconfig`.  Also removes the
use of the special 2002: address range as that is reserved for 6to4
addressing, as well as use of any public address range and re-works the
switched routing example to use 3 subnets of the documentation IPv6
prefix range.

Also conformed all use of addresses to the same doc range per @MalteJ's
commit.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Signed-off-by: Malte Janduda <mail@janduda.net>
This commit is contained in:
Phil Estes 2015-02-12 17:00:30 -05:00
parent df7a04f9a6
commit 95668ed128
9 changed files with 51 additions and 60 deletions

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 30 KiB

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 80 KiB

After

Width:  |  Height:  |  Size: 173 KiB

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 30 KiB

After

Width:  |  Height:  |  Size: 74 KiB

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 72 KiB

After

Width:  |  Height:  |  Size: 175 KiB

View file

@ -433,7 +433,7 @@ To assign globally routable IPv6 addresses to your containers you have to
specify an IPv6 subnet to pick the addresses from. Set the IPv6 subnet via the
`--fixed-cidr-v6` parameter when starting Docker daemon:
docker -d --ipv6 --fixed-cidr-v6="2001:db8:0:2::/64"
docker -d --ipv6 --fixed-cidr-v6="2001:db8:1::/64"
The subnet for Docker containers should at least have a size of `/80`. This way
an IPv6 address can end with the container's MAC address and you prevent NDP
@ -443,11 +443,11 @@ With the `--fixed-cidr-v6` parameter set Docker will add a new route to the
routing table. Further IPv6 routing will be enabled (you may prevent this by
starting Docker daemon with `--ip-forward=false`):
$ route -A inet6 add 2001:db8:0:2::/64 dev docker0
$ echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
$ echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
$ ip -6 route add 2001:db8:1::/64 dev docker0
$ sysctl net.ipv6.conf.default.forwarding=1
$ sysctl net.ipv6.conf.all.forwarding=1
All traffic to the subnet `2001:db8:0:2::/64` will now be routed
All traffic to the subnet `2001:db8:1::/64` will now be routed
via the `docker0` interface.
Be aware that IPv6 forwarding may interfere with your existing IPv6
@ -457,7 +457,7 @@ enabled forwarding will result in rejecting Router Advertisements. E.g., if you
want to configure `eth0` via Router Advertisements you should set:
```
$ echo 2 > /proc/sys/net/ipv6/conf/eth0/accept_ra
$ sysctl net.ipv6.conf.eth0.accept_ra=2
```
![](/article-img/ipv6_basic_host_config.svg)
@ -465,45 +465,36 @@ want to configure `eth0` via Router Advertisements you should set:
Every new container will get an IPv6 address from the defined subnet. Further
a default route will be added via the gateway `fe80::1` on `eth0`:
docker run -it ubuntu bash -c "ifconfig eth0; route -A inet6"
docker run -it ubuntu bash -c "ip -6 addr show dev eth0; ip -6 route show"
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: 2001:db8:0:2::1/64 Scope:Global
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
UP BROADCAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:110 (110.0 B) TX bytes:110 (110.0 B)
15: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500
inet6 2001:db8:1:0:0:242:ac11:3/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3/64 scope link
valid_lft forever preferred_lft forever
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:db8:0:2::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 fe80::1 UG 1024 0 0 eth0
::/0 :: !n -1 1 1 lo
::1/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 1 0 eth0
::/0 :: !n -1 1 1 lo
2001:db8:1::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
default via fe80::1 dev eth0 metric 1024
In this example the Docker container is assigned a link-local address with the
network suffix `/64` (here: `fe80::42:acff:fe11:2/64`) and a globally routable
IPv6 address (here: `2001:db8:0:2::1/64`). The container will create connections
to addresses outside of the `2001:db8:0:2::/64` network via the link-local
gateway at `fe80::1` on `eth0`.
network suffix `/64` (here: `fe80::42:acff:fe11:3/64`) and a globally routable
IPv6 address (here: `2001:db8:1:0:0:242:ac11:3/64`). The container will create
connections to addresses outside of the `2001:db8:1::/64` network via the
link-local gateway at `fe80::1` on `eth0`.
Often servers or virtual machines get a `/64` IPv6 subnet assigned. In this case
you can split it up further and provide Docker a `/80` subnet while using a
separate `/80` subnet for other applications on the host:
Often servers or virtual machines get a `/64` IPv6 subnet assigned (e.g.
`2001:db8:23:42::/64`). In this case you can split it up further and provide
Docker a `/80` subnet while using a separate `/80` subnet for other
applications on the host:
![](/article-img/ipv6_slash64_subnet_config.svg)
In this setup the subnet `2001:db8::/80` with a range from `2001:db8::0:0:0:0`
to `2001:db8::0:ffff:ffff:ffff` is attached to `eth0`, with the host listening
at `2001:db8::1`. The subnet `2001:db8:0:0:0:1::/80` with an address range from
`2001:db8::1:0:0:0` to `2001:db8::1:ffff:ffff:ffff` is attached to `docker0` and
will be used by containers.
In this setup the subnet `2001:db8:23:42::/80` with a range from `2001:db8:23:42:0:0:0:0`
to `2001:db8:23:42:0:ffff:ffff:ffff` is attached to `eth0`, with the host listening
at `2001:db8:23:42::1`. The subnet `2001:db8:23:42:1::/80` with an address range from
`2001:db8:23:42:1:0:0:0` to `2001:db8:23:42:1:ffff:ffff:ffff` is attached to
`docker0` and will be used by containers.
### Docker IPv6 Cluster
@ -514,29 +505,29 @@ example:
![](/article-img/ipv6_switched_network_example.svg)
The Docker hosts are in the `2000::/64` subnet. Host1 is configured
to provide addresses from the `2001::/64` subnet to its containers. It has three
routes configured:
The Docker hosts are in the `2001:db8:0::/64` subnet. Host1 is configured
to provide addresses from the `2001:db8:1::/64` subnet to its containers. It
has three routes configured:
- Route all traffic to `2000::/64` via `eth0`
- Route all traffic to `2001::/64` via `docker0`
- Route all traffic to `2002::/64` via Host2 with IP `2000::2`
- Route all traffic to `2001:db8:0::/64` via `eth0`
- Route all traffic to `2001:db8:1::/64` via `docker0`
- Route all traffic to `2001:db8:2::/64` via Host2 with IP `2001:db8::2`
Host1 also acts as a router on OSI layer 3. When one of the network clients
tries to contact a target that is specified in Host1's routing table Host1 will
forward the traffic accordingly. It acts as a router for all networks it knows:
`2000:/64`, `2001:/64` and `2002::/64`.
`2001:db8::/64`, `2001:db8:1::/64` and `2001:db8:2::/64`.
On Host2 we have nearly the same configuration. Host2's containers will get IPv6
addresses from `2002::/64`. Host2 has three routes configured:
On Host2 we have nearly the same configuration. Host2's containers will get
IPv6 addresses from `2001:db8:2::/64`. Host2 has three routes configured:
- Route all traffic to `2000::/64` via `eth0`
- Route all traffic to `2002::/64` via `docker0`
- Route all traffic to `2001::/64` via Host1 with IP `2000::1`
- Route all traffic to `2001:db8:0::/64` via `eth0`
- Route all traffic to `2001:db8:2::/64` via `docker0`
- Route all traffic to `2001:db8:1::/64` via Host1 with IP `2001:db8:0::1`
The difference to Host1 is that the network `2002::/64` is directly attached to
the host via its `docker0` interface whereas it reaches `2001::/64` via Host1's
IPv6 address `2000::1`.
The difference to Host1 is that the network `2001:db8:2::/64` is directly
attached to the host via its `docker0` interface whereas it reaches
`2001:db8:1::/64` via Host1's IPv6 address `2001:db8::1`.
This way every container is able to contact every other container. The
containers `Container1-*` share the same subnet and contact each other directly.