8
让Docker分配主机的IPv6 Subnet
source link: https://www.taterli.com/7645/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
让Docker分配主机的IPv6 Subnet
一般来说,VPS能分配给你的IP块都会非常的大,/64是常见的,因为由于全球路由表的原因,/48以下的地址块不会经过BGP路由,更小的路由块需要更多的查找次数,由于IPv6目前来说容量实在太大了,所以可以给我们每根头发都编个IP地址.
举个例子,我在WebHosting24购买了一个VPS,并给我分配了一个/48,这其实是包含了48个network,即48个/64,可以用的地址有1,208,925,819,614,629,174,706,176个,即使是1个network,也有18,446,744,073,709,551,616个地址.
注意:IP现在可能已经不通,因为实例已被我释放,所以最好自己找个机开机测试.
从系统中可以看到,他给我分配的IP地址如下:
最重点关注这一句.
inet6 2a0c:8fc0:7612::1 prefixlen 48 scopeid 0x0<global>那我们可以愉快添加地址玩,比如.
ip addr add 2a0c:8fc0:7612:1234:abcd:1010:2020:0008/128 dev eth0然后用curl指定IP来访问.
curl --interface 2a0c:8fc0:7612:1234:abcd:1010:2020:0008 ip.sb效果如下图.
但是这样明显不能挥霍完我们的IP,我们可以给服务器每个docker占一个IPv6,很简单,编辑配置文件/etc/docker/daemon.json,如果没有就直接创建这个文件,比如如下配置,我分配我的/48块的第一个块到容器服务中.
{
"ipv6": true,
"fixed-cidr-v6": "2a0c:8fc0:7612:1::/64",
"experimental": true,
"ip6tables": true
}然后运行容器,比如nginx,然后通过inspect可以看到具体IP分配.
root@lg:~# docker run -d nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
75646c2fb410: Pull complete
6128033c842f: Pull complete
71a81b5270eb: Pull complete
b5fc821c48a1: Pull complete
da3f514a6428: Pull complete
3be359fed358: Pull complete
Digest: sha256:bae781e7f518e0fb02245140c97e6ddc9f5fcf6aecc043dd9d17e33aec81c832
Status: Downloaded newer image for nginx:latest
d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779
root@lg:~# docker inspect d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779
[
{
"Id": "d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779",
"Created": "2021-04-09T05:39:58.92627994Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 25384,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-04-09T05:39:59.52811886Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:7ce4f91ef623b9672ec12302c4a710629cd542617c1ebc616a48d06e2a84656a",
"ResolvConfPath": "/var/lib/docker/containers/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779/hostname",
"HostsPath": "/var/lib/docker/containers/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779/hosts",
"LogPath": "/var/lib/docker/containers/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779-json.log",
"Name": "/zealous_golick",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/77f6133d6c379337627a86765aea2332c4c7c7c80307f36f2d836c79c33e87b0-init/diff:/var/lib/docker/overlay2/0890dd657c62b1bd1fdef707fff73aeb0d24fba7161e0d0ccba661f3f11e8ada/diff:/var/lib/docker/overlay2/ae11c80d493122693b61ec90fd7de112411c8af53fb06752a3dcfe4dfa5d6de0/diff:/var/lib/docker/overlay2/a2ff5940d2c8348c1fde012cc7a3e5ddc6d71c572a59a9bc6af409ad5aa031ef/diff:/var/lib/docker/overlay2/0db572a353a0fc2ad6296edeef7a507015828631edb7980b6aac32107ca639ee/diff:/var/lib/docker/overlay2/a6a096d16a3dd4bf4b2bb07a0272f09bb0458bf9bd7b8b1d47c95f56af4023f0/diff:/var/lib/docker/overlay2/cfcd6feb92a81b05b61945d07c5513090f90502b9ad398057036080e9bc741fe/diff",
"MergedDir": "/var/lib/docker/overlay2/77f6133d6c379337627a86765aea2332c4c7c7c80307f36f2d836c79c33e87b0/merged",
"UpperDir": "/var/lib/docker/overlay2/77f6133d6c379337627a86765aea2332c4c7c7c80307f36f2d836c79c33e87b0/diff",
"WorkDir": "/var/lib/docker/overlay2/77f6133d6c379337627a86765aea2332c4c7c7c80307f36f2d836c79c33e87b0/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "d5b526c8feef",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.19.9",
"NJS_VERSION=0.5.3",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <[email protected]>"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "422a3eae73affc44dd6ca484584bc715c6d1b31b1e70575186c6bc5296ff2247",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/422a3eae73af",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "48fc5250f5d43f42e7bdf3a553e67b2655851fbd34e93c9c4648db15fd9f0ba6",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "2a0c:8fc0:7612:1:0:242:ac11:2",
"GlobalIPv6PrefixLen": 64,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "2a0c:8fc0:7612:1::1",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "6a283542ddb456a327818d1a228199d4b2a07a07e680c5a859717cf26acc95ae",
"EndpointID": "48fc5250f5d43f42e7bdf3a553e67b2655851fbd34e93c9c4648db15fd9f0ba6",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "2a0c:8fc0:7612:1::1",
"GlobalIPv6Address": "2a0c:8fc0:7612:1:0:242:ac11:2",
"GlobalIPv6PrefixLen": 64,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]现在容器拥有一个全球唯一的IPv6,地址是2a0c:8fc0:7612:1:0:242:ac11:2,但是这个地址是不固定的,可以通过启动命令固定,另外分配给Docker最小范围是/80,再小就不可以了,会导致NDP失效,不过即使是/80也有281,474,976,710,656个IP.
固定IP方法:
docker run -d --ip6='2a0c:8fc0:7612:1:0:242:ac11:2' nginx特别注意:容器的IPv6默认等于端口全开,另外需要注意IPv6时候开启了允许转发.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK