Assign static IPv6 to container

networking

#1

Hi everyone,

I’m relatively new to Linux containers and having troubles. I’m running LXD on a Hetzner VPS and I’m trying to get a static IPv6 address assigned to my containers. How can I do this best? The standard lxdbr0 (setup during lxd init) doesn’t give an ipv6 address from my ip range assigned by Hetzner. Is their a guide somewhere how to setup the bridge correctly so the containers gets an ip from the public ip range? Thanks in advance!


#2

Welcome!

To assign static IPv6 addresses to the containers, you need to enable stateful DHCP mode, as in

lxc network set lxdbr0 ipv6.dhcp.stateful true

Otherwise, have a look at SLAAC documentation on Hetzner.


#3

Thank you for your help. I’ve enabled stateful DHCP mode. I’ve also changed the ipv6.address: to the ipv6 address of the server (2a01:4f8:xxxx:xxxx::1/64). In the container I’ve enabled dhcp6 in the netplan config.
The containers do get addresses from this range now but I’m not able to ping the container from the outside or ping an ipv6 domain from in the container. What could be wrong?
I’m reading the Hetzner website also for the documentation on SLAAC. Thanks!


#4

Or you can use DNAT and SNAT for the container.
On my hetzner setup I assign a ipv6 ula address range to the entire container bridge (every bridge get its own /64 ula prefix) and use the created ipv6 interface address from container in the subnet for the SNAT and DNAT iptables rules.
I know NAT is not designed to use with ipv6.
I tried to split up the public /64 range into smaller pieces, but the hist won’t tell a container specified ipv6 via dhcp to the bridge.

Another way was to add the specified ipv6 address in the container itself. This was not my target


How do I configure IPv6 /64 subnet?
#5

Thanks for your option. That would unfortunately not work since the container needs to see the ipv6 address on the network interface. What I would like is a ipv6 address from my ipv6 range specified to a container and that I can see this address in the container. I’ve been searching all day for a solution for this but can’t really find anything. I’m new to all this and networking. Thanks for all your help.


(Phil Howard) #6

if you were doing this with 2 (or N) hardware machines on a LAN, how would you do it in that cases? i would think there would be a container equivalent.


#7

Hi everyone, I got it all working.
This I did to get it working:

  • Set the lxc network set lxdbr0 ipv6.dhcp.stateful true
  • Changed the ipv6 addres from the ula fdxx address to my own and only used a /112 (ipv6.address 2a01:4f8:xxxx:xxxx:1:1:1:1/112). This way the containers get ipv6 from my ipv6 block, I can ping them from the ouside.

Before this I had servers running at home connected to an edgerouter that had an IPv6 tunnel via HE. I had the machines configured with macvlan and it worked perfect. All containers got ip addresses and had no problems.


(Tolgahan) #8

hey there,

does this allow connections to the containers from outside? like ssh into container itself?


#9

It’s doable, I use a similar configuration. One thing to keep in mind is that the address prefix needs to be routed to the host, i.e. you can’t use parts of a /64 assigned to another interface of the host.