docker-net-dhcp icon indicating copy to clipboard operation
docker-net-dhcp copied to clipboard

Published 20 hours ago verified publisher icon devplayer0

Not working with existing br0 interface

Open hemna opened this issue 2 years ago • 2 comments 

docker network create -d ghcr.io/devplayer0/docker-net-dhcp:release-linux-amd64 --ipam-driver null -o bridge=br0 -o ipv6=true --subnet 2602:fe43:f00:fc91:xxxx:xxxx:xxxx:xxxx/64 external_ipv6

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.5  netmask 255.255.0.0  broadcast 192.168.255.255
        inet6 fe80::3e4a:92ff:fef5:bc08  prefixlen 64  scopeid 0x20<link>
        inet6 2602:fe43:f00:fc91:xxxx:xxxx:xxxx:xxxx  prefixlen 64  scopeid 0x0<global>
        ether 3c:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 7215935  bytes 9902612238 (9.9 GB)
        RX errors 0  dropped 75  overruns 0  frame 0
        TX packets 3777284  bytes 1131167161 (1.1 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

└─> docker run --rm -ti --network external_ipv6 alpine
docker: Error response from daemon: failed to create endpoint confident_gould on network external_ipv6: NetworkDriver.CreateEndpoint: failed to get initial IP address via DHCP: context deadline exceeded.

my bridge interface works fine, as it has a dhcp6 address from my /64 subnet.

└─> ping6 ipv6.google.com
PING ipv6.google.com(iad30s43-in-x0e.1e100.net (2607:f8b0:4004:82f::200e)) 56 data bytes
64 bytes from iad30s43-in-x0e.1e100.net (2607:f8b0:4004:82f::200e): icmp_seq=1 ttl=118 time=17.6 ms
64 bytes from iad30s43-in-x0e.1e100.net (2607:f8b0:4004:82f::200e): icmp_seq=2 ttl=118 time=17.4 ms
64 bytes from iad30s43-in-x0e.1e100.net (2607:f8b0:4004:82f::200e): icmp_seq=3 ttl=118 time=18.5 ms
64 bytes from iad30s43-in-x0e.1e100.net (2607:f8b0:4004:82f::200e): icmp_seq=4 ttl=118 time=18.1 ms

hemna avatar Feb 18 '22 22:02 hemna

Same as yours..

Kissycat avatar Apr 28 '22 09:04 Kissycat

-o ipv6 will use DHCPv6 to obtain ipv6 address. However, for router it is often the case that ipv6 address is obtained through SLAAC, and is configured by kernel itself instead of docker-net-dhcp's udhcpc6.

When router is configured to be Stateless DHCPv6, DHCPv6 is just used to fetch information like DNS servers, but not IPv6 address, thus will result in the error failed to get initial IP address via DHCP.

To obtain an ipv6 address, either to use Stateful DHCPv6 with configured IPv6 address pool (then use -o ipv6=true to use udhcpc6), or use linux kernel's automatic SLAAC configuration (with -o ipv6=false or not set).

However, for docker container's SLAAC to work, you need to modify some sysctl options, because automatic SLAAC is disabled for docker's deault sysctl setting (see https://github.com/docker/for-linux/issues/1373). There are two ways to fix it:

  • --sysctl net.ipv6.conf.all.forwarding=0: the easiest way. And
  • --sysctl net.ipv6.conf.{main interface in container}.accept_ra=2: the proper way if you want ipv6 forwarding. Note all CANNOT be used here because of a linux kernel bug: see here and here

Vigilans avatar Aug 29 '22 14:08 Vigilans