让Docker分配主机的IPv6 Subnet

一般来说,VPS能分配给你的IP块都会非常的大,/64是常见的,因为由于全球路由表的原因,/48以下的地址块不会经过BGP路由,更小的路由块需要更多的查找次数,由于IPv6目前来说容量实在太大了,所以可以给我们每根头发都编个IP地址.

举个例子,我在WebHosting24购买了一个VPS,并给我分配了一个/48,这其实是包含了48个network,即48个/64,可以用的地址有1,208,925,819,614,629,174,706,176个,即使是1个network,也有18,446,744,073,709,551,616个地址.

注意:IP现在可能已经不通,因为实例已被我释放,所以最好自己找个机开机测试.

从系统中可以看到,他给我分配的IP地址如下:

最重点关注这一句.

inet6 2a0c:8fc0:7612::1  prefixlen 48  scopeid 0x0<global>

那我们可以愉快添加地址玩,比如.

ip addr add 2a0c:8fc0:7612:1234:abcd:1010:2020:0008/128 dev eth0

然后用curl指定IP来访问.

curl --interface 2a0c:8fc0:7612:1234:abcd:1010:2020:0008 ip.sb

效果如下图.

但是这样明显不能挥霍完我们的IP,我们可以给服务器每个docker占一个IPv6,很简单,编辑配置文件/etc/docker/daemon.json,如果没有就直接创建这个文件,比如如下配置,我分配我的/48块的第一个块到容器服务中.

{
    "ipv6": true,
    "fixed-cidr-v6": "2a0c:8fc0:7612:1::/64",
    "experimental": true,
    "ip6tables": true
}

然后运行容器,比如nginx,然后通过inspect可以看到具体IP分配.

root@lg:~# docker run -d nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
75646c2fb410: Pull complete 
6128033c842f: Pull complete 
71a81b5270eb: Pull complete 
b5fc821c48a1: Pull complete 
da3f514a6428: Pull complete 
3be359fed358: Pull complete 
Digest: sha256:bae781e7f518e0fb02245140c97e6ddc9f5fcf6aecc043dd9d17e33aec81c832
Status: Downloaded newer image for nginx:latest
d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779
root@lg:~# docker inspect d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779

[
    {
        "Id": "d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779",
        "Created": "2021-04-09T05:39:58.92627994Z",
        "Path": "/docker-entrypoint.sh",
        "Args": [
            "nginx",
            "-g",
            "daemon off;"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 25384,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2021-04-09T05:39:59.52811886Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:7ce4f91ef623b9672ec12302c4a710629cd542617c1ebc616a48d06e2a84656a",
        "ResolvConfPath": "/var/lib/docker/containers/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779/hostname",
        "HostsPath": "/var/lib/docker/containers/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779/hosts",
        "LogPath": "/var/lib/docker/containers/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779/d5b526c8feef3260cd3b7e6b1e0a0a447dfca6582c2e706aea34e2d42e7ef779-json.log",
        "Name": "/zealous_golick",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "host",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/77f6133d6c379337627a86765aea2332c4c7c7c80307f36f2d836c79c33e87b0-init/diff:/var/lib/docker/overlay2/0890dd657c62b1bd1fdef707fff73aeb0d24fba7161e0d0ccba661f3f11e8ada/diff:/var/lib/docker/overlay2/ae11c80d493122693b61ec90fd7de112411c8af53fb06752a3dcfe4dfa5d6de0/diff:/var/lib/docker/overlay2/a2ff5940d2c8348c1fde012cc7a3e5ddc6d71c572a59a9bc6af409ad5aa031ef/diff:/var/lib/docker/overlay2/0db572a353a0fc2ad6296edeef7a507015828631edb7980b6aac32107ca639ee/diff:/var/lib/docker/overlay2/a6a096d16a3dd4bf4b2bb07a0272f09bb0458bf9bd7b8b1d47c95f56af4023f0/diff:/var/lib/docker/overlay2/cfcd6feb92a81b05b61945d07c5513090f90502b9ad398057036080e9bc741fe/diff",
                "MergedDir": "/var/lib/docker/overlay2/77f6133d6c379337627a86765aea2332c4c7c7c80307f36f2d836c79c33e87b0/merged",
                "UpperDir": "/var/lib/docker/overlay2/77f6133d6c379337627a86765aea2332c4c7c7c80307f36f2d836c79c33e87b0/diff",
                "WorkDir": "/var/lib/docker/overlay2/77f6133d6c379337627a86765aea2332c4c7c7c80307f36f2d836c79c33e87b0/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "d5b526c8feef",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.19.9",
                "NJS_VERSION=0.5.3",
                "PKG_RELEASE=1~buster"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "Image": "nginx",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
            },
            "StopSignal": "SIGQUIT"
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "422a3eae73affc44dd6ca484584bc715c6d1b31b1e70575186c6bc5296ff2247",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "80/tcp": null
            },
            "SandboxKey": "/var/run/docker/netns/422a3eae73af",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "48fc5250f5d43f42e7bdf3a553e67b2655851fbd34e93c9c4648db15fd9f0ba6",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "2a0c:8fc0:7612:1:0:242:ac11:2",
            "GlobalIPv6PrefixLen": 64,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "2a0c:8fc0:7612:1::1",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "6a283542ddb456a327818d1a228199d4b2a07a07e680c5a859717cf26acc95ae",
                    "EndpointID": "48fc5250f5d43f42e7bdf3a553e67b2655851fbd34e93c9c4648db15fd9f0ba6",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "2a0c:8fc0:7612:1::1",
                    "GlobalIPv6Address": "2a0c:8fc0:7612:1:0:242:ac11:2",
                    "GlobalIPv6PrefixLen": 64,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

现在容器拥有一个全球唯一的IPv6,地址是2a0c:8fc0:7612:1:0:242:ac11:2,但是这个地址是不固定的,可以通过启动命令固定,另外分配给Docker最小范围是/80,再小就不可以了,会导致NDP失效,不过即使是/80也有281,474,976,710,656个IP.

固定IP方法:

docker run -d --ip6='2a0c:8fc0:7612:1:0:242:ac11:2' nginx

特别注意:容器的IPv6默认等于端口全开,另外需要注意IPv6时候开启了允许转发.

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注