Enable IPv6 support
Before you can use IPv6 in Docker containers, you need to enable IPv6 support in the Docker daemon. Afterward, you can choose to use either IPv4 or IPv6 (or both) with any container or network.
IPv6 is only supported on Docker daemons running on Linux hosts.
Note
When using IPv6, we recommend that you enable the experimental
ip6tables
parameter in the daemon configuration.
Create an IPv6 network
The following steps show you how to create a Docker network that uses IPv6.
Edit the Docker daemon configuration file, located at
/etc/docker/daemon.json
. Configure the following parameters:{ "experimental": true, "ip6tables": true }
ip6tables
enables additional IPv6 packet filter rules, providing network isolation and port mapping. This parameter requiresexperimental
to be set totrue
.Save the configuration file.
Restart the Docker daemon for your changes to take effect.
$ sudo systemctl restart docker
Create a new IPv6 network.
Using
docker network create
:$ docker network create --ipv6 --subnet 2001:0DB8::/112 ip6net
Using a Docker Compose file:
networks: ip6net: enable_ipv6: true ipam: config: - subnet: 2001:0DB8::/112
You can now run containers that attach to the ip6net
network.
$ docker run --rm --network ip6net -p 80:80 traefik/whoami
This publishes port 80 on both IPv6 and IPv4. You can verify the IPv6 connection by running curl, connecting to port 80 on the IPv6 loopback address:
$ curl http://[::1]:80
Hostname: ea1cfde18196
IP: 127.0.0.1
IP: ::1
IP: 172.17.0.2
IP: fe80::42:acff:fe11:2
RemoteAddr: [fe80::42:acff:fe11:2]:54890
GET / HTTP/1.1
Host: [::1]
User-Agent: curl/8.1.2
Accept: */*
Use IPv6 for the default bridge network
The following steps show you how to use IPv6 on the default bridge network.
Edit the Docker daemon configuration file, located at
/etc/docker/daemon.json
. Configure the following parameters:{ "ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true }
ipv6
enables IPv6 networking on the default network.fixed-cidr-v6
assigns a subnet to the default bridge network, enabling dynamic IPv6 address allocation.ip6tables
enables additional IPv6 packet filter rules, providing network isolation and port mapping. This parameter requiresexperimental
to be set totrue
.
Save the configuration file.
Restart the Docker daemon for your changes to take effect.
$ sudo systemctl restart docker
You can now run containers on the default bridge network.
$ docker run --rm -p 80:80 traefik/whoami
This publishes port 80 on both IPv6 and IPv4. You can verify the IPv6 connection by making a request to port 80 on the IPv6 loopback address:
$ curl http://[::1]:80
Hostname: ea1cfde18196
IP: 127.0.0.1
IP: ::1
IP: 172.17.0.2
IP: fe80::42:acff:fe11:2
RemoteAddr: [fe80::42:acff:fe11:2]:54890
GET / HTTP/1.1
Host: [::1]
User-Agent: curl/8.1.2
Accept: */*
Dynamic IPv6 subnet allocation
If you don't explicitly configure subnets for user-defined networks,
using docker network create --subnet=<your-subnet>
,
those networks use the default address pools of the daemon as a fallback.
The default address pools are all IPv4 pools.
This also applies to networks created from a Docker Compose file,
with enable_ipv6
set to true
.
To enable dynamic subnet allocation for user-defined IPv6 networks, you must manually configure address pools of the daemon to include:
- The default IPv4 address pools
- One or more IPv6 pools of your own
The default address pool configuration is:
{
"default-address-pools": [
{ "base": "172.17.0.0/16", "size": 16 },
{ "base": "172.18.0.0/16", "size": 16 },
{ "base": "172.19.0.0/16", "size": 16 },
{ "base": "172.20.0.0/14", "size": 16 },
{ "base": "172.24.0.0/14", "size": 16 },
{ "base": "172.28.0.0/14", "size": 16 },
{ "base": "192.168.0.0/16", "size": 20 }
]
}
The following example shows a valid configuration with the default values and
an IPv6 pool. The IPv6 pool in the example provides up to 256 IPv6 subnets of
size /112
, from an IPv6 pool of prefix length /104
. Each /112
-sized
subnet supports 65 536 IPv6 addresses.
Note
Be aware that the following known limitations exist for IPv6 pools:
- The
base
value for IPv6 needs a minimum prefix length of/64
. This is due to an integer overflow in the Docker daemon. See moby/moby#42801open_in_new.- The difference between the pool length and the pool size can't be larger than 24. Defining an excessive number of subnets causes the daemon to consume all available memory. See moby/moby#40275open_in_new.
{
"default-address-pools": [
{ "base": "172.17.0.0/16", "size": 16 },
{ "base": "172.18.0.0/16", "size": 16 },
{ "base": "172.19.0.0/16", "size": 16 },
{ "base": "172.20.0.0/14", "size": 16 },
{ "base": "172.24.0.0/14", "size": 16 },
{ "base": "172.28.0.0/14", "size": 16 },
{ "base": "192.168.0.0/16", "size": 20 },
{ "base": "2001:db8::/104", "size": 112 }
]
}
Note
The address
2001:db8
in this example is reserved for use in documentationopen_in_new. Replace it with a valid IPv6 network. The default IPv4 pools are from the private address range, the IPv6 equivalent would be ULA networksopen_in_new.