docs: cni: add ipv6 bridge example (#26456) (#26470)

hc-github-team-nomad-core · gulducat · web-flow · commit d664416130c0 · 2025-08-07T16:48:47.000-04:00
Co-authored-by: Daniel Bennett &lt;dbennett@hashicorp.com&gt;
diff --git a/website/content/docs/networking/cni.mdx b/website/content/docs/networking/cni.mdx
@@ -70,9 +70,12 @@ the external [configuration
 format](https://www.cni.dev/docs/spec/#example-configuration) for a complete
 explanation of the fields.
 
-You can use this template as a basis for your own CNI-based bridge network
-configuration in cases where you need access to an unsupported option in the
-default configuration, like hairpin mode.
+You can use the following template as a basis for your own CNI-based bridge
+network configuration in cases where you need access to an unsupported option
+in the default configuration.
+
+<Tabs>
+  <Tab heading="Default">
 
 This example uses two default values from Nomad client configuration.
 
@@ -87,7 +90,7 @@ The `NOMAD-ADMIN` internal constant provides the value for
 `iptablesAdminChainName`. In your own configuration, ensure that you change the
 `iptablesAdminChainName` to a unique value.
 
-<CodeBlockConfig highlight="10,20,32">
+<CodeBlockConfig highlight="10,18,29">
 
 ```json
 {
@@ -107,15 +110,12 @@ The `NOMAD-ADMIN` internal constant provides the value for
       "ipam": {
         "type": "host-local",
         "ranges": [
-          [
-            {
-              "subnet": "172.26.64.0/20"
-            }
-          ]
+          [{"subnet": "172.26.64.0/20"}]
         ],
         "routes": [
-          { "dst": "0.0.0.0/0" }
-        ]
+          {"dst": "0.0.0.0/0"}
+        ],
+        "dataDir": "/var/run/cni"
       }
     },
     {
@@ -134,6 +134,61 @@ The `NOMAD-ADMIN` internal constant provides the value for
 
 </CodeBlockConfig>
 
+  </Tab>
+  <Tab heading="IPv6">
+
+If you [configure IPv6][] to use the example range of `2001:db8::/112`,
+Nomad adds two more lines to the configuration.
+
+<CodeBlockConfig highlight="19,23">
+
+```json
+{
+  "cniVersion": "1.0.0",
+  "name": "nomad",
+  "plugins": [
+    {
+      "type": "loopback"
+    },
+    {
+      "type": "bridge",
+      "bridge": "nomad",
+      "ipMasq": true,
+      "isGateway": true,
+      "forceAddress": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "ranges": [
+          [{"subnet": "172.26.64.0/20"}],
+          [{"subnet": "2001:db8::/112"}]
+        ],
+        "routes": [
+          {"dst": "0.0.0.0/0"},
+          {"dst": "::/0"}
+        ],
+        "dataDir": "/var/run/cni"
+      }
+    },
+    {
+      "type": "firewall",
+      "backend": "iptables",
+      "iptablesAdminChainName": "NOMAD-ADMIN"
+    },
+    {
+      "type": "portmap",
+      "capabilities": {"portMappings": true},
+      "snat": true
+    }
+  ]
+}
+```
+
+</CodeBlockConfig>
+
+  </Tab>
+</Tabs>
+
 This configuration uses the following CNI reference plugins:
 
 - loopback: The loopback plugin sets the default local interface, lo0, created
@@ -263,3 +318,4 @@ apply a defensive policy or simply error out.
 [bridge]: https://www.cni.dev/plugins/current/main/bridge/
 [firewall]: https://www.cni.dev/plugins/current/meta/firewall/
 [portmap]: https://www.cni.dev/plugins/current/meta/portmap/
+[configure IPv6]: /nomad/docs/configuration/client#bridge_network_subnet_ipv6
