IPv6 Neighbor Discovery Responder for KVM VPS
I Want IPv6 for Docker
I'm playing with Docker these days, and I want IPv6 in my Docker containers. The best guide for enabling IPv6 in Docker is how to enable IPv6 for Docker containers on Ubuntu 18.04. The first method in that article assigns private IPv6 addresses to containers, and uses IPv6 NAT similar to how Docker handles IPv4 NAT. I quickly got it working, but I noticed an undesirable behavior: Network Address Translation (NAT) changes the source port number of outgoing UDP datagrams, even if there's a port forwarding rule for inbound traffic; consequently, a UDP flow with the same source and destination ports is being recognized as two separate flows.
$ docker exec nfd nfdc face show 262
faceid=262
remote=udp6://[2001:db8:f440:2:eb26:f0a9:4dc3:1]:6363
local=udp6://[fd00:2001:db8:4d55:0:242:ac11:4]:6363
congestion={base-marking-interval=100ms default-threshold=65536B}
mtu=1337
counters={in={25i 4603d 2n 1179907B} out={11921i 14d 0n 1506905B}}
flags={non-local permanent point-to-point congestion-marking}
$ docker exec nfd nfdc face show 270
faceid=270
remote=udp6://[2001:db8:f440:2:eb26:f0a9:4dc3:1]:1024
local=udp6://[fd00:2001:db8:4d55:0:242:ac11:4]:6363
expires=0s
congestion={base-marking-interval=100ms default-threshold=65536B}
mtu=1337
counters={in={11880i 0d 0n 1498032B} out={0i 4594d 0n 1175786B}}
flags={non-local on-demand point-to-point congestion-marking}
The second method in that article allows every container to have a public IPv6 address. It avoids NAT and the problems that come with it, but requires the host to have a routed IPv6 subnet. However, routed IPv6 is hard to come by on KVM servers, because virtualization platform such as Virtualizor does not support routed IPv6 subnets, but can only provide on-link IPv6.