No assigned IPv6 address for Docker containers (Nomad + Consul Connect)

Hi,

I’m having issues communicating with remote IPv6 services inside Docker containers scheduled by Nomad.

IPv6 support for Docker is already pretty poor, but I managed to get it to work in the end using the following dockerd (daemon) configuration:

cat /etc/docker/daemon.json

{
    "experimental": true,
    "userland-proxy": false,
    "ipv6": true,
    "fixed-cidr-v6": "fd00:dead:beef::/48",
    "ip6tables": true
}

Unfortunately, this configuration does not seem to apply to Nomad jobs that use Consul Connect to communicate. I was able to verify this by comparing the difference in output of docker inspect <container> on the containers started by Nomad and the one I manually started. A Nomad job that does not rely on Consul Connect does get the predefined IPv6 configuration as you would expect.

My guess is that this happens because of the CNI plugin that is used when enabling Connect. I’m not very familiar with CNI, but it looks like this can be configured. Does anyone know how I can tune it to match the Docker daemon configuration I gave earlier?

Any help would be greatly appreciated as all this networking stuff never fails to confuse me. Thanks! :slight_smile:

Appears to be related: Consul Connect doesn't work with IPv6 · Issue #7905 · hashicorp/nomad · GitHub