Daryll Swer
@daryllswer.com
ISP Network Consultant | Work Featured on APNIC Blog, IPv6 Buzz & The Hedge Podcast | Researcher — AS149794
Posts/Comments are personal & my own.
#IPv6 #Networking #NetworkEngineering #Routing #NetEng #Networks #BGP #ISP #DC
daryllswer.com
Posts/Comments are personal & my own.
#IPv6 #Networking #NetworkEngineering #Routing #NetEng #Networks #BGP #ISP #DC
daryllswer.com
is-is is the superior IGP, watch this from the start to the end:
www.youtube.com/watch?v=jWdD...
www.youtube.com/watch?v=jWdD...
IS-IS Basics For Humans
YouTube video by Learn with Cisco
www.youtube.com
November 19, 2025 at 9:03 PM
is-is is the superior IGP, watch this from the start to the end:
www.youtube.com/watch?v=jWdD...
www.youtube.com/watch?v=jWdD...
Ha, I didn't know this information was archived online. Funnily enough it says the object disappeared into the "Lum (meaning mountain or hill) Swer" forest, didn't know that detail. I've been to that forest before, it's named after my clan's surname.
I think there was probably 3-5 more sightings.
I think there was probably 3-5 more sightings.
November 3, 2025 at 6:13 AM
Ha, I didn't know this information was archived online. Funnily enough it says the object disappeared into the "Lum (meaning mountain or hill) Swer" forest, didn't know that detail. I've been to that forest before, it's named after my clan's surname.
I think there was probably 3-5 more sightings.
I think there was probably 3-5 more sightings.
In K8s I believe a custom CNI that permits seperate subnets per-Pod should in theory do the trick.
October 28, 2025 at 5:47 AM
In K8s I believe a custom CNI that permits seperate subnets per-Pod should in theory do the trick.
I am not K8s pro, but in Docker this is easily achieved: Use different subnets for Anycast/unicast, container is exposed to WAN on both subnets natively, no reverse proxy. As long as container app talks SIP/Other protocols, it should work. BGP handles routing with the leave switches.
October 28, 2025 at 5:46 AM
I am not K8s pro, but in Docker this is easily achieved: Use different subnets for Anycast/unicast, container is exposed to WAN on both subnets natively, no reverse proxy. As long as container app talks SIP/Other protocols, it should work. BGP handles routing with the leave switches.
Quick research suggests TPROXY is ossified and limited only to TCP/UDP. This leaves out all other standardised layer 3/4 protocols (including native IPSec in IPv6 without UDP encap hack).
October 28, 2025 at 5:39 AM
Quick research suggests TPROXY is ossified and limited only to TCP/UDP. This leaves out all other standardised layer 3/4 protocols (including native IPSec in IPv6 without UDP encap hack).
Ideally there exists an implementation that allows stable Anycast addresses for end user access (seperate ephemeral unicast for Pod-to-pod and intra-cluster traffic).
October 28, 2025 at 5:31 AM
Ideally there exists an implementation that allows stable Anycast addresses for end user access (seperate ephemeral unicast for Pod-to-pod and intra-cluster traffic).
What if my application is SIP server using native SIP (no UDP) or native SCTP? Ideally I'd like to avoid reverse proxy of any kind.
October 28, 2025 at 5:29 AM
What if my application is SIP server using native SIP (no UDP) or native SCTP? Ideally I'd like to avoid reverse proxy of any kind.
That's just just unicast, right? Or Anycast for global ingress + seperate unicast for pod-to-pod comms or pod-to-WAN comms.
October 28, 2025 at 5:21 AM
That's just just unicast, right? Or Anycast for global ingress + seperate unicast for pod-to-pod comms or pod-to-WAN comms.
Also cover BGP ECMP/Anycast of pods + seperate GUA addressing for unique unicast per node to eliminate the need for GENEVE or other host-to-host tunnelling. Would love to see a single blog post or blog post that covers this end-to-end.
October 27, 2025 at 10:47 PM
Also cover BGP ECMP/Anycast of pods + seperate GUA addressing for unique unicast per node to eliminate the need for GENEVE or other host-to-host tunnelling. Would love to see a single blog post or blog post that covers this end-to-end.
Can you shoot me a text on Telegram? I think there's a way to solve it by NOT using popular CNIs, rather a custom implementation straight out of network engineering textbooks.
Let's discuss further in DMs. I'm not a K8s guy, but I'm keen to have truly NAT-less IPv6 everywhere.
Let's discuss further in DMs. I'm not a K8s guy, but I'm keen to have truly NAT-less IPv6 everywhere.
September 16, 2025 at 3:17 AM
Can you shoot me a text on Telegram? I think there's a way to solve it by NOT using popular CNIs, rather a custom implementation straight out of network engineering textbooks.
Let's discuss further in DMs. I'm not a K8s guy, but I'm keen to have truly NAT-less IPv6 everywhere.
Let's discuss further in DMs. I'm not a K8s guy, but I'm keen to have truly NAT-less IPv6 everywhere.
Is it truly NAT-less IPv6 or there's DNAT66 happening on ingress? Or it's true BGP anycast + ECMP LB across the network infrastructure.
September 16, 2025 at 3:05 AM
Is it truly NAT-less IPv6 or there's DNAT66 happening on ingress? Or it's true BGP anycast + ECMP LB across the network infrastructure.
BGP-to-the-host is an industry standard design. And it's free to do it at zero cost with FRR and BGP unnumbered combined with correctly done IPv6 Architecture of underlay and overlay (VXLAN/EVPN may come into play depending on your situation).
If you're talking about macOS/Windows then ia_pd.
If you're talking about macOS/Windows then ia_pd.
September 16, 2025 at 3:02 AM
BGP-to-the-host is an industry standard design. And it's free to do it at zero cost with FRR and BGP unnumbered combined with correctly done IPv6 Architecture of underlay and overlay (VXLAN/EVPN may come into play depending on your situation).
If you're talking about macOS/Windows then ia_pd.
If you're talking about macOS/Windows then ia_pd.
daemon.json isn't the modern way of using ROUTED mode in Docker:
docs.docker.com/engine/relea...
Docker Compose follows declarative config management and I would recommend it.
docs.docker.com/engine/relea...
Docker Compose follows declarative config management and I would recommend it.
Engine v27
Learn about the new features, bug fixes, and breaking changes for Docker Engine
docs.docker.com
September 16, 2025 at 2:56 AM
daemon.json isn't the modern way of using ROUTED mode in Docker:
docs.docker.com/engine/relea...
Docker Compose follows declarative config management and I would recommend it.
docs.docker.com/engine/relea...
Docker Compose follows declarative config management and I would recommend it.
Sharing the container's namespace/veth broadcast domain with underlay layer 3 router isn't routing, that's basically bridging.
Routing implies no Layer 2 bs, pure layer 3 with routing protocols. If you want to build scalable networks with BGP/ECMP/Anycast, routing is the way.
Routing implies no Layer 2 bs, pure layer 3 with routing protocols. If you want to build scalable networks with BGP/ECMP/Anycast, routing is the way.
September 16, 2025 at 2:52 AM
Sharing the container's namespace/veth broadcast domain with underlay layer 3 router isn't routing, that's basically bridging.
Routing implies no Layer 2 bs, pure layer 3 with routing protocols. If you want to build scalable networks with BGP/ECMP/Anycast, routing is the way.
Routing implies no Layer 2 bs, pure layer 3 with routing protocols. If you want to build scalable networks with BGP/ECMP/Anycast, routing is the way.
Docker has not required the daemon.json params for a whole year now.
www.daryllswer.com/how-to-confi...
github.com/docker/docs/...
www.daryllswer.com/how-to-confi...
github.com/docker/docs/...
How to configure routed IPv6 in Docker – Daryll Swer
How to set up native IPv6 routing in Docker with routed mode.
www.daryllswer.com
September 15, 2025 at 9:50 PM
Docker has not required the daemon.json params for a whole year now.
www.daryllswer.com/how-to-confi...
github.com/docker/docs/...
www.daryllswer.com/how-to-confi...
github.com/docker/docs/...
1. Stop using RAs/SLAAC in a production environment, use unnumbered eBGP-to-the-host design in your clos fabric.
2. Enable Routed IPv6 mode in Docker Compose.
3. The rest is history.
www.daryllswer.com/how-to-confi...
2. Enable Routed IPv6 mode in Docker Compose.
3. The rest is history.
www.daryllswer.com/how-to-confi...
How to configure routed IPv6 in Docker – Daryll Swer
How to set up native IPv6 routing in Docker with routed mode.
www.daryllswer.com
September 15, 2025 at 9:45 PM
1. Stop using RAs/SLAAC in a production environment, use unnumbered eBGP-to-the-host design in your clos fabric.
2. Enable Routed IPv6 mode in Docker Compose.
3. The rest is history.
www.daryllswer.com/how-to-confi...
2. Enable Routed IPv6 mode in Docker Compose.
3. The rest is history.
www.daryllswer.com/how-to-confi...
It's definitely better than legacy phpBB. If only their network code also had such a massive upgrade and came with SR-MPLS IPv6!
June 28, 2025 at 8:15 AM
It's definitely better than legacy phpBB. If only their network code also had such a massive upgrade and came with SR-MPLS IPv6!
You don't need scripts and you shouldn't be messing with that "enable_ipv6" flag at all on latest Docker versions.
I published a blog post to address this, later I'll link it on the open GitHub issue I created on Docker repo as well:
bsky.app/profile/dary...
I published a blog post to address this, later I'll link it on the open GitHub issue I created on Docker repo as well:
bsky.app/profile/dary...
Think native IPv6 in Docker is rocket science? 🚀 It’s not.
Set up routed IPv6 with Docker Compose—no NAT66, no bridging, just pure Layer 3 connectivity via routing.
Blog post up now👇
www.daryllswer.com/how-to-confi...
#IPv6 #Docker #Networking #Routing #Containers #DevOps #NetEng #BGP
Set up routed IPv6 with Docker Compose—no NAT66, no bridging, just pure Layer 3 connectivity via routing.
Blog post up now👇
www.daryllswer.com/how-to-confi...
#IPv6 #Docker #Networking #Routing #Containers #DevOps #NetEng #BGP
How to configure routed IPv6 in Docker – Daryll Swer
How to set up native IPv6 routing in Docker with routed mode.
www.daryllswer.com
May 19, 2025 at 5:45 AM
You don't need scripts and you shouldn't be messing with that "enable_ipv6" flag at all on latest Docker versions.
I published a blog post to address this, later I'll link it on the open GitHub issue I created on Docker repo as well:
bsky.app/profile/dary...
I published a blog post to address this, later I'll link it on the open GitHub issue I created on Docker repo as well:
bsky.app/profile/dary...
That isn't the correct way to do routed IPv6 in Docker. Some references here:
github.com/docker/docs/...
daemon.json should be empty.
github.com/docker/docs/...
daemon.json should be empty.
April 26, 2025 at 8:33 AM
That isn't the correct way to do routed IPv6 in Docker. Some references here:
github.com/docker/docs/...
daemon.json should be empty.
github.com/docker/docs/...
daemon.json should be empty.