mirror of
https://github.com/home-assistant/supervisor.git
synced 2026-07-02 03:15:42 +01:00
cfefef9e2a
The isolated endpoint is a real L2 presence on the physical network, so the container kernel can autoconfigure IPv6 from the local network's router advertisements without any address management on our side. This serves the IPv6 use cases from home-assistant/architecture#1034 (Thread border routers, Matter) that the NAT-ed internal network cannot. Enable IPv6 on external networks without specifying a subnet: Docker allocates a unique local address prefix to satisfy the macvlan driver, while real addressing comes from SLAAC. Existing IPv4-only external networks are recreated through the regular drift handling. Two kernel defaults inside the container network namespace would break the flagship use cases, so the endpoint sets per-interface sysctls via the endpoint configuration (Docker API 1.47, covered by the existing Docker 28 requirement): accept_ra=2 keeps accepting router advertisements when the app enables IP forwarding (Thread border routers), and accept_ra_rt_info_max_plen=64 enables RFC 4191 route information option processing (off by default), which routes announced by border routers need to reach the container at all. Together with the pinned MAC address the SLAAC and link-local addresses are stable across restarts (EUI-64 derivation from a stable MAC). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>