Routing 仅IPv6主机上的Docker 1.5
我在仅IPv6主机上路由来自Docker(1.5.0版)容器的流量时遇到问题<代码>nc-w 10 2a00:1450:4010:c07::71 80输出<代码>nc:连接到2a00:1450:4010:c07::71端口80(tcp)超时:操作正在进行 遵循Routing 仅IPv6主机上的Docker 1.5,routing,docker,ipv6,Routing,Docker,Ipv6,我在仅IPv6主机上路由来自Docker(1.5.0版)容器的流量时遇到问题nc-w 10 2a00:1450:4010:c07::71 80输出nc:连接到2a00:1450:4010:c07::71端口80(tcp)超时:操作正在进行 遵循ifconfig eth0;ifconfig-docker0;ip-6路线显示显示: eth0 Link encap:Ethernet HWaddr fa:16:3e:74:4a:b9 inet6 addr: fe80::f
ifconfig eth0;ifconfig-docker0;ip-6路线显示eth0 Link encap:Ethernet HWaddr fa:16:3e:74:4a:b9
inet6 addr: fe80::f816:3eff:fe74:4ab9/64 Scope:Link
inet6 addr: 2a02:6b8:0:1a71::2329/64 Scope:Global
inet6 addr: 2a02:6b8:0:1a71:f816:3eff:fe74:4ab9/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:78994 errors:0 dropped:0 overruns:0 frame:0
TX packets:20269 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:55503363 (55.5 MB) TX bytes:1945660 (1.9 MB)
docker0 Link encap:Ethernet HWaddr 56:84:7a:fe:97:99
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
inet6 addr: fe80::1/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6528 (6.5 KB) TX bytes:2840 (2.8 KB)
2001:db8:0:2::/64 dev docker0 metric 1024
2a02:6b8:0:1a71::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev docker0 proto kernel metric 256
default via 2a02:6b8:0:1a71::1 dev eth0 metric 2048 mtu 1450 advmss 1390
default via fe80::1 dev eth0 metric 2049 mtu 1450 advmss 1390
ifconfig eth0;ip-6集装箱内路线显示eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:09
inet addr:172.17.0.9 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:9/64 Scope:Link
inet6 addr: 2001:db8:0:2:0:242:ac11:9/64 Scope:Global
UP BROADCAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:110 (110.0 B) TX bytes:90 (90.0 B)
2001:db8:0:2::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
default via fe80::1 dev eth0 metric 1024
cat/proc/sys/net/IPv6/conf/default/forwarding1cat/proc/sys/net/IPv6/conf/all/forwarding1docker0eth0请停下来 以下是NAT的解决方案:
ip6tables -t nat -A POSTROUTING -s 2001:db8:0:2::/64 ! -o docker0 -j MASQUERADE
这将启用从docker子网到全球的路由。不建议在IPv6环境中执行任何类型的NAT,这会破坏IPv6的用途 您可以使用管道通过IPv6完成对容器的访问。 管道系统允许更灵活的网络配置:
sudo docker run -t -i --name myimage <image id from `sudo docker images`> /bin/bash
sudo pipework br4 -i eth1 <container id from `sudo docker ps`> 2001:db8:44::1/24@2001:db8:44::ff
sudo ip a a 2001:db8:44::FF/64 dev br4
root@a0b5f4937c42:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
494: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:49 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.73/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:49/64 scope link
valid_lft forever preferred_lft forever
root@a0b5f4937c42:/#
root@9c8372c70ddc:/# ping6 2001:db8:44::ff
PING 2001:db8:44::ff(2001:db8:44::ff) 56 data bytes
64 bytes from 2001:db8:44::ff: icmp_seq=1 ttl=64 time=0.134 ms
64 bytes from 2001:db8:44::ff: icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from 2001:db8:44::ff: icmp_seq=3 ttl=64 time=0.061 ms
^C
--- 2001:db8:44::ff ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.061/0.085/0.134/0.035 ms
root@9c8372c70ddc:/#
ping6 2001:db8:44::1
PING 2001:db8:44::1(2001:db8:44::1) 56 data bytes
64 bytes from 2001:db8:44::1: icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from 2001:db8:44::1: icmp_seq=2 ttl=64 time=0.072 ms
64 bytes from 2001:db8:44::1: icmp_seq=3 ttl=64 time=0.074 ms
64 bytes from 2001:db8:44::1: icmp_seq=4 ttl=64 time=0.075 ms
^C
--- 2001:db8:44::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.072/0.078/0.092/0.010 ms
ajn:~/docker/dockergit$
@Sandersteffan yep,将其更改为解决方案。你现在知道没有它怎么工作了吗?对不起,没有。我还没有和docker打交道的经验。使用虚拟机,您可以将IPv6前缀路由到机箱并使用它路由到不同的虚拟机,或者将LAN桥接到虚拟机。不知道docker是怎么想的。@Sandersteffan我有一种强烈的感觉,没有路由IPv6段(比如我的例子
2001:db8ping6 2001:db8:44::1
PING 2001:db8:44::1(2001:db8:44::1) 56 data bytes
64 bytes from 2001:db8:44::1: icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from 2001:db8:44::1: icmp_seq=2 ttl=64 time=0.072 ms
64 bytes from 2001:db8:44::1: icmp_seq=3 ttl=64 time=0.074 ms
64 bytes from 2001:db8:44::1: icmp_seq=4 ttl=64 time=0.075 ms
^C
--- 2001:db8:44::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.072/0.078/0.092/0.010 ms
ajn:~/docker/dockergit$