IPv6 Neighbor Discovery doesn't work between hosts in overlay

[srcman]

IPv6 connectivity doesn’t seem to work between containers on different hosts in an overlay network. (I.e., currently in Docker 1.11.1 it seems to work only between containers on the same host, while IPv4 connectivity works also across hosts.)

Apparently the problem is that neighbor entries (within an overlay's namespace in each host) to containers on other hosts are created only for IPv4 addresses, but not for IPv6 addresses. Thus ARP works and returns addresses of containers on other hosts, but Neighbor Discovery doesn't.

Here's a simple example, where pinging a container on "host1" from another container on "host2" over IPv6 in a Swarm cluster fails, but works between containers within "host1" (DOCKER_HOST has been set to point to a Swarm manager in this example):

$ docker --version
Docker version 1.11.1, build 5604cbe

$ docker run -it --rm swarm --version
swarm version 1.2.2 (34e3da3)

$ docker network create -d overlay --ipv6 --subnet=fd55:1e00:1634::/48 testipv6
e9ce61af8639f59af0919c1e5d85fad02036139d8d870d616e5a007a61d9c177

$ docker run -d --net=testipv6 --ip6="fd55:1e00:1634::11" -e "constraint:node==host1" alpine tail -f /dev/null
12cd2b1cb1afee6dd7cea7cb1ecd4609188d5fcd4aa64c09bdbfa7a67236d637

$ docker run -it --rm --net=testipv6 -e "constraint:node==host2" alpine ping6 fd55:1e00:1634::11
PING fd55:1e00:1634::11 (fd55:1e00:1634::11): 56 data bytes
^C
--- fd55:1e00:1634::11 ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss

$ docker run -it --rm --net=testipv6 -e "constraint:node==host1" alpine ping6 fd55:1e00:1634::11
PING fd55:1e00:1634::11 (fd55:1e00:1634::11): 56 data bytes
64 bytes from fd55:1e00:1634::11: seq=0 ttl=64 time=0.166 ms
64 bytes from fd55:1e00:1634::11: seq=1 ttl=64 time=0.095 ms
^C
--- fd55:1e00:1634::11 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.095/0.130/0.166 ms

If the IPv6 addresses and corresponding MAC addresses of containers in other hosts are added as neighbors into the overlay’s namespace in each host, neighbor discovery and IPv6 connectivity across hosts start working. Example of a manual workaround: sudo sh -c 'mkdir -p /var/run/netns; ln -s /var/run/docker/netns/1-e9ce61af86 /var/run/netns/; sudo ip netns exec 1-e9ce61af86 ip neigh add fd55:1e00:1634::2 lladdr 02:42:0a:00:02:03 nud permanent dev vxlan1'.

[sanimej]

@srcman Currently we don't support IPv6 over vxlan. The control plane exchange between the nodes doesn't carry IPv6 address. Hence the neighbor entry doesn't get populated.

[takaomag]

Is there any plan to support IPv6 connectivity over vxlan overlay network ?

[jonathan-kosgei]

Hi @sanimej has there been progress towards supporting ipv6 vxlan in docker 1.13?

[GordonTheTurtle]

@srcman It has been detected that this issue has not received any activity in over 6 months. Can you please let us know if it is still relevant:

• For a bug: do you still experience the issue with the latest version?
• For a feature request: was your request appropriately answered in a later version?

Thank you! This issue will be automatically closed in 1 week unless it is commented on. For more information please refer to https://github.com/docker/libnetwork/issues/1926

[choppsv1]

This is a pretty basic thing right? Did anyone working on docker make ipv6 work in swarm? Is there any reason to assume it's fixed?

[srcman]

I still see exactly the same behavior as before with Docker 17.06.1-ce (and Swarm standalone 1.2.8). I.e., IPv6 doesn't work between hosts in an overlay network. I'd consider that a bug, and it seems that it hasn't been fixed yet.

[Karimerto]

A year and a half later and the situation still persists. IPv6-connectivity ought to be standard these days, but alas no such luck. And this is not the only IPv6 issue that docker has.