Outgoing IP address of two IPv6 Docker containers must be the same

Question

I got a /64 IPv6 subnet on a server. I configured docker to use a default /80 part of it and I have an application consisting of 2 dependent containers. Those two containers are inside a abcd:1::/80 network. There is potentially a 100 instances of this application running.

The problem is that both containers need to have the same IP. At least I need to trick the application into thinking that. They consist of app and monitor right now app exposes two ports. One of which will be called by monitor the other one by external sources. monitor communicates with external sources and needs to do so with the same ip as app

Right now its configured as follow: app uses abcd:1::2 and monitor uses abcd:1::3 what I need to do is that the network bridge that is created via docker network create routes all traffic through a common ip. This ip can be any of the subnet. I think that the easiest way would be to route abcd:1:3 to abcd:1:2. In the end calling

dig +short myip.opendns.com @resolver1.opendns.com

from the containers must return the same value. Can this be done somehow with ip tables modifying the bridge after it was created? The current host system is debian.

Answer 1

I doubt this is the best way to do this (maybe 'monitor' should instead proxy requests through 'app'), but most likely you can use regular ip6tables SNAT on the host, as in IPv4:

-A PREROUTING -s abcd:1::3 -j SNAT --to-source abcd:1::2

It might be possible to use use NETMAP to automate SNAT for all addresses:

-A PREROUTING -s abcd:1::/80 -j NETMAP --to ::2/::f