moby: Daemon won't start when ipv6 is set
Description Docker daemon won’t start when daemon.json contains ipv6: true. The error is:
Error starting daemon: Error initializing network controller: Error creating default “bridge” network: failed to parse pool request for address space “LocalDefault” pool " subpool ": could not find an available, non-overlapping IPv6 address pool among the defaults to assign to the network
It was working just fine before the today’s apt-get update.
Steps to reproduce the issue:
- Add daemon.json to /etc/docker/ with { “ipv6”: true }
- Restart docker deamon.
Describe the results you received: Daemon starting fails with error
Error starting daemon: Error initializing network controller: Error creating default “bridge” network: failed to parse pool request for address space “LocalDefault” pool " subpool ": could not find an available, non-overlapping IPv6 address pool among the defaults to assign to the network
Describe the results you expected: Daemon should start just fine.
Additional information you deem important (e.g. issue happens only occasionally): It worked before the latest update with a bunch of containers running.
Output of docker version:
Client:
Version: 1.12.4
API version: 1.24
Go version: go1.6.4
Git commit: 1564f02
Built: Tue Dec 13 00:08:34 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.4
API version: 1.24
Go version: go1.6.4
Git commit: 1564f02
Built: Tue Dec 13 00:08:34 2016
OS/Arch: linux/amd64
Output of docker info:
Containers: 15
Running: 3
Paused: 0
Stopped: 12
Images: 22
Server Version: 1.12.4
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 150
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: overlay bridge null host
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor seccomp
Kernel Version: 4.4.0-53-generic
Operating System: Ubuntu 16.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 983.8 MiB
Name: kauchuk
ID: ROJ7:X3EK:6OVR:LI3P:TMVE:W44H:DLHN:SIGT:M6TN:O2OJ:3NQC:5FUG
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Insecure Registries:
127.0.0.0/8
Additional environment details (AWS, VirtualBox, physical, etc.): Docker is running on Ubuntu 16.04. Nothing else is installed.
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Reactions: 5
- Comments: 15 (8 by maintainers)
As this was never really clarified and the “problem” people were having was never solved, here is the solution:
Docker IPv6 is working perfectly, it’s just the documentation that doesn’t tell people what to do in order to set it up correctly.
Docker will not do SLAAC (Stateless Address Autoconfiguration), nor will it use DHCPv6. As it also won’t do NATv6 (thank god!), you will have to assign ipv6 prefixes to your networks manually. The default bridge network has to be assigned a network, you can do this by adding the following to daemon.json:
For any other network you might have, you can decide wether or not it will be ipv6 capable. To create an IPv6 capable network, do the following:
docker network create --ipv6 --subnet "2001:db8:1::/64" testnetAlso remember, that this is not NATv6 (thank god!). Therefor you will have to have a route from your router to your docker host!
what a headache
@aboch This hit me again, because I read on the IPv6 with Docker page that:
Which makes it sound like
--ipv6enables IPv6 with link-local addresses only, and that you can use--fixed-cidr-v6or--subnetif you want to make them globally routable.Since your comment indicates that you must specify a subnet with
--ipv6, does that mean that it’s not / no longer possible to have IPv6 link-local addresses only?Context: I’m simply trying to enable IPv6 in my containers to work around a
EADDRNOTAVAILerror in Redis (it just fails when IPv6 is disabled), but I don’t want these addresses to be globally routable. Is there something like a “local-only IPv6 subnet”?@aboch I too want link local IPv6 same as @jankeromnes. Is this still possible?
@MihaMarkic
@thaJeztah was in fact suggesting me we should mention it in the release note. We’ll take care of it. I am now thinking something on this line:
Docker 1.12.4 no longer allows user to start the daemon with
--ipv6option for the defaultbridgenetwork, unless user also specifies the IPv6 subnet for the defaultbridgenetwork via--fixed-cidr-v6. Otherwise daemon start would fail with the following message:Similarly, network creation will fail if
--ipv6is passed but no IPv6--subnetis specified and the default IPAM driver is used. Failure message will be:Above command will instead succeed if an external IPAM driver which supports auto allocation of IPv6 address pool is used.
Before, even though
--ipv6was accepted, it was effectively a no-op.@MihaMarkic
Before the fix for the issue @thaJeztah referenced, user was allowed to create a network , or start the daemon, without specifying the an IPv6
--subnet, or--fixed-cidr-v6respectively, even when using the default builtin IPAM driver, which does not support auto allocation of IPv6 pools.In other words that was an incorrect configurations, which had no effects on ipv6 stuff. It was a no-op.
The fix, cleared that so that docker will now correctly consult with the IPAM driver to acquire an IPv6 subnet for the bridge network, when user did not supply one.
If the IPAM driver in use is not able to provide one, network creation would fail (in this case the default
bridgenetwork).So what you see now is the expected behavior. You need to remove the
--ipv6flag when you start the daemon, unless you pass a--fixed-cidr-v6pool. We should probably clarify this somewhere.@aboch Is there a driver which supports that, found nothing while asking Google?