Skip to content

IPv4 only container are resolved with an IPv6 address on an IPv6 enabled network #47055

Closed
#47406
Closed
IPv4 only container are resolved with an IPv6 address on an IPv6 enabled network#47055
#47406
Assignees
robmry
Labels
area/networkingNetworkingarea/networking/ipv6Networkingkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.kind/questionstatus/0-triageversion/24.0
@tomav

Description

@tomav
tomav
opened on Jan 10, 2024

Description

Hi there, there's something I don't fully understand about docker networking and ipv6.

I have a dual-stack network where some containers are v4+v6 and some are v4 only.
I can see that when a dual-stack container revolves an ipv4-only, it gets ans ipv4 AND an ipv6 address from the resolver.
Looking at the interface in the ipv4-only container, I don't see any ipv6 address, so I don't understand how the resolver can get an ipv6 address for it, especially if specified as ipv6-disabled.

Please find below the reproduction steps.

I'm probably missing something...

Thanks.

Reproduce

# create dual stack network
docker network create \
    --subnet 192.168.123.0/24 --gateway 192.168.123.1 --ip-range 192.168.123.128/26 \
    --subnet="fde0:725c:19d8:9704::/64" --gateway="fde0:725c:19d8:9704::1" --ipv6 \
    test-dual-stack-network

# start and ipv4-only and a dual-stack container
docker run -d --network test-dual-stack-network --name dual-stack node:19-alpine tail -f /dev/null 
docker run -d --network test-dual-stack-network --name ipv4-only --sysctl net.ipv6.conf.all.disable_ipv6=1 node:19-alpine tail -f /dev/null 

# check that dual-stack container has ipv4 + ipv6
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
136: eth0@if137: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 state UP
    inet6 fde0:725c:19d8:9704::2/64 scope global flags 02
       valid_lft forever preferred_lft forever
    inet6 fe80::42:c0ff:fea8:7b80/64 scope link
       valid_lft forever preferred_lft forever

# check that ipv4-only container has no ipv6
$ docker exec -ti ipv4-only ip -6 addr
(no output)

# resolve ipv4-only from dual-stack
$ docker exec -ti dual-stack nslookup ipv4-only
Server:		127.0.0.11
Address:	127.0.0.11:53

Non-authoritative answer:
Name:	ipv4-only
Address: 192.168.123.129

Non-authoritative answer:
Name:	ipv4-only
Address: fde0:725c:19d8:9704::3

Expected behavior

docker exec -ti dual-stack nslookup ipv4-only to return only ipv4.

docker version

Client:
 Cloud integration: v1.0.35-desktop+001
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:32:30 2023
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.22.0 (117440)
 Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.6
  Git commit:       a61e2b4
  Built:            Fri Jul 21 20:35:38 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    24.0.5
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2-desktop.1
    Path:     /Users/tomav/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2-desktop.1
    Path:     /Users/tomav/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/tomav/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/tomav/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/tomav/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/tomav/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/tomav/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.20.0
    Path:     /Users/tomav/.docker/cli-plugins/docker-scout

Server:
 Containers: 67
  Running: 4
  Paused: 0
  Stopped: 63
 Images: 28
 Server Version: 24.0.5
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 7.668GiB
 Name: docker-desktop
 ID: 7fbae3e1-bac7-4317-85cb-9e58ca837f7f
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile

Additional Info

$ docker inspect ipv4-only
[
    {
        "Id": "24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5",
        "Created": "2024-01-10T15:06:21.784037625Z",
        "Path": "docker-entrypoint.sh",
        "Args": [
            "tail",
            "-f",
            "/dev/null"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 34415,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2024-01-10T15:06:21.972918417Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:309fc9aaf0d7d138831483c33eae396be3e1b5bd83ac1e57e1b124f9300df1fc",
        "ResolvConfPath": "/var/lib/docker/containers/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5/hostname",
        "HostsPath": "/var/lib/docker/containers/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5/hosts",
        "LogPath": "/var/lib/docker/containers/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5/24ce3d7b171d825dc3d01cb8eee5370a3bedef539249cf476b98154fd052abb5-json.log",
        "Name": "/ipv4-only",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "test-dual-stack-network",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "ConsoleSize": [
                46,
                187
            ],
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "private",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Sysctls": {
                "net.ipv6.conf.all.disable_ipv6": "1"
            },
            "Runtime": "runc",
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": [],
            "BlkioDeviceWriteBps": [],
            "BlkioDeviceReadIOps": [],
            "BlkioDeviceWriteIOps": [],
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": null,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/3cb2228c038a0ce0f19f1bd7a25c207fbac3e4e210a8feb4c6c1b97e14c2fc69-init/diff:/var/lib/docker/overlay2/551179578b1a8cc7cb5ef2d33912fbea4835946b83b14ef41d2bda84142ef175/diff:/var/lib/docker/overlay2/10a77529225f16c055942f8f3b7ad886e78d609f863db0adb7c0f2401d53b060/diff:/var/lib/docker/overlay2/3576624d09a3c441806ddb645291a31f9369d89815ffecde48d08dc1ba74d0ec/diff:/var/lib/docker/overlay2/382768c536559fb944f7131debd4748554762e32ac25fb6eebde1ae775dade8e/diff",
                "MergedDir": "/var/lib/docker/overlay2/3cb2228c038a0ce0f19f1bd7a25c207fbac3e4e210a8feb4c6c1b97e14c2fc69/merged",
                "UpperDir": "/var/lib/docker/overlay2/3cb2228c038a0ce0f19f1bd7a25c207fbac3e4e210a8feb4c6c1b97e14c2fc69/diff",
                "WorkDir": "/var/lib/docker/overlay2/3cb2228c038a0ce0f19f1bd7a25c207fbac3e4e210a8feb4c6c1b97e14c2fc69/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "24ce3d7b171d",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NODE_VERSION=19.7.0",
                "YARN_VERSION=1.22.19"
            ],
            "Cmd": [
                "tail",
                "-f",
                "/dev/null"
            ],
            "Image": "node:19-alpine",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {}
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "bbd1bed273e5a723dbd70bfc00de376bb5d2a5c1ed32993b2a8376eb89f38cec",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/bbd1bed273e5",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "test-dual-stack-network": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "24ce3d7b171d"
                    ],
                    "NetworkID": "3529611cf1da65a490712c4866cee7ec16058e39362d2a1fcfe0320d7e7f10fc",
                    "EndpointID": "8865c25be193ce7e06e27284fa1f145afc798152add0f6817bf19d13259ccd3d",
                    "Gateway": "192.168.123.1",
                    "IPAddress": "192.168.123.129",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "fde0:725c:19d8:9704::1",
                    "GlobalIPv6Address": "fde0:725c:19d8:9704::3",
                    "GlobalIPv6PrefixLen": 64,
                    "MacAddress": "02:42:c0:a8:7b:81",
                    "DriverOpts": null
                }
            }
        }
    }
]

Metadata

Metadata

Assignees

Labels

area/networkingNetworkingarea/networking/ipv6Networkingkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.kind/questionstatus/0-triageversion/24.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions