1
0
mirror of https://github.com/home-assistant/supervisor.git synced 2026-07-02 03:15:42 +01:00
Files
Stefan Agner cfefef9e2a Enable IPv6 via SLAAC on isolated app network endpoints
The isolated endpoint is a real L2 presence on the physical network, so
the container kernel can autoconfigure IPv6 from the local network's
router advertisements without any address management on our side. This
serves the IPv6 use cases from home-assistant/architecture#1034 (Thread
border routers, Matter) that the NAT-ed internal network cannot.

Enable IPv6 on external networks without specifying a subnet: Docker
allocates a unique local address prefix to satisfy the macvlan driver,
while real addressing comes from SLAAC. Existing IPv4-only external
networks are recreated through the regular drift handling.

Two kernel defaults inside the container network namespace would break
the flagship use cases, so the endpoint sets per-interface sysctls via
the endpoint configuration (Docker API 1.47, covered by the existing
Docker 28 requirement): accept_ra=2 keeps accepting router
advertisements when the app enables IP forwarding (Thread border
routers), and accept_ra_rt_info_max_plen=64 enables RFC 4191 route
information option processing (off by default), which routes announced
by border routers need to reach the container at all.

Together with the pinned MAC address the SLAAC and link-local addresses
are stable across restarts (EUI-64 derivation from a stable MAC).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-12 16:54:40 +02:00
..