/ipv6lanrouter

Assigning IPv6 to LANs that cannot be assigned IPv6

Primary LanguageShellApache License 2.0Apache-2.0

IPv6 LAN Router

Version Docker Pulls Docker Size License

Assign IPv6 addresses to networks that can't get IPv6 addresses, redistribute IPv6 addresses on the LAN, and be transparent to higher-level routing.

Features

  • Easy to deploy and out-of-the-box
  • Docker Deploy
  • Supports automatic multi-LAN assignment
  • Supports automatic recognition of WAN interfaces
  • Supports recognizing dynamic prefix of WAN port and modifying LAN prefix automatically.
  • Stateless only
  • No PD server required, inter-subnet routing
  • LAN interface IPv6 prefix matches IPv4 and MAC address assignment rules for Docker
  • Global IPv6 addresses can be assigned to containers under a Docker bridged network

Getting Started

Via docker-compose.yml

services:
  ipv6lanrouter:
    image: lutinglt/ipv6lanrouter:latest
    container_name: ipv6lanrouter
    hostname: ipv6lanrouter
    restart: on-failure
    networks:
#  macvlan is WAN(Interfaces capable of obtaining IPv6 global addresses)
      macvlan:
#  bridge is LAN(Interfaces that cannot obtain IPv6 global addresses)
      bridge1:
      bridge2:
      bridge3:
   environment:
      - TZ=Asia/Shanghai
#      - CHECK=3
#      - LAN_MODE=docker
#      - PREFIXLEN=60
#      - MTU=0
#      - RDNSS=*:*:*:*;*:*:*:*;
#      - EXCLUDE_SUB=00;01;02;03;...;
#      - EXCLUDE_NUM1=0;1;2;3;...;
#      - EXCLUDE_NUM2=0;1;2;3;...;
    cap_add:
      - NET_ADMIN
    sysctls:
      - "net.ipv6.conf.all.forwarding=1"
      - "net.ipv6.conf.all.proxy_ndp=1"
      - "net.ipv6.conf.all.accept_ra=2"
      - "net.ipv6.conf.default.forwarding=1"
      - "net.ipv6.conf.default.proxy_ndp=1"
      - "net.ipv6.conf.default.accept_ra=2"

networks:
  macvlan:
    external: true
    name: macvlan
  bridge1:
    external: true
    name: bridge1
  bridge2:
    external: true
    name: bridge2
  bridge3:
    external: true
    name: bridge3

Configuration

Variable Description Default
CHECK WAN port dynamic prefix detection interval (Unit: Seconds) 3
LAN_MODE LAN network type docker
PREFIXLEN IPv6-assigned prefix length for higher-level routes (WAN) 60
MTU MTU value for broadcasting when assigning IPv6 to LANs 0
RDNSS Ditto, broadcast recursive DNS servers (Split each address with ";")

PREFIXLEN && LAN_MODE

  • Only prefix lengths 56 58 60 62 64 are supported.

  • If the PREFIXLEN is not 64, the WAN port address will be excluded from the subnet address pool and then the LAN port address will be assigned.

  • If the PREFIXLEN is 64, the default LAN ports are all Docker bridge networks, and the IPv6 subnet address and prefix length are calculated based on the MAC address assigned to the IPv4 prefix length of the bridge network in Docker. (Linux stateless IPv6 addresses are calculated by default using EUI64).

If the IPv6 address is not EUI64-generated, linux can use EUI64 to calculate the IPv6 address by setting the kernel parameter net.ipv6.conf.all.addr_gen_mode=0 net.ipv6.conf.default.addr_gen_mode=0.

  • If the PREFIXLEN is 64, and LAN_MODE is set to net or any other value, only one LAN is supported and there is no communication between LAN port LAN and WAN port LAN.
PREFIXLEN WANIP (Example) Subnet Address Pool
56 2000:2000:2000:20xx::/64 00-ff
58 2000:2000:2000:20xx::/64 00-7f / 80-ff
60 2000:2000:2000:200x::/64 0-f
62 2000:2000:2000:200x::/64 0-7 / 8-f

EXCLUDE_SUB

Addresses to exclude when assigning subnets (Supports two digits or one digit in hexadecimal only) (Split each address with ";")

PREFIXLEN Value
56 00-ff
58 00-7f / 80-ff
60 0-f
62 0-7 / 8-f

EXCLUDE_NUM1 && EXCLUDE_NUM2

Facilitates exclusion of unassigned prefixes (Supports one digit in hexadecimal only) (Split each address with ";")

No conflict with EXCLUDE_SUB, can be repeated.

EXCLUDE_NUM1 EXCLUDE_NUM2 Value (EXCLUDE_SUB)
0 0;1;2;3 00;01;02;03
0;1 0;1;2;3 00;01;02;03;10;11;12;13