@@ -988,30 +988,12 @@ func initBridgeDriver(controller *libnetwork.Controller, cfg config.BridgeConfig

 		return err

 	}

-	var deferIPv6Alloc bool

 	var ipamV6Conf []*libnetwork.IpamConf

 	if cfg.EnableIPv6 {

 		ipamV6Conf, err = getDefaultBridgeIPAMConf(bridgeName, userManagedBridge, defBrOptsV6{cfg})

 		if err != nil {

 			return err

 		}

-		// If the subnet has at least 48 host bits, preserve the legacy default bridge

-		// behaviour of constructing a MAC address from the IPv4 address, then

-		// constructing an IPv6 addresses based on that MAC address. Tell libnetwork to

-		// defer the IPv6 address allocation for endpoints on this network until after

-		// the driver has created the endpoint and proposed an IPv4 address. Libnetwork

-		// will then reserve this address with the ipam driver. If no preferred pool has

-		// been set the built-in ULA prefix will be used, assume it has at-least 48-bits.

-		if len(ipamV6Conf) == 0 || ipamV6Conf[0].PreferredPool == "" {

-			deferIPv6Alloc = true

-		} else {

-			_, ppNet, err := net.ParseCIDR(ipamV6Conf[0].PreferredPool)

-			if err != nil {

-				return err

-			}

-			ones, _ := ppNet.Mask.Size()

-			deferIPv6Alloc = ones <= 80

-		}

 	}

 	// Initialize default network on "bridge" with the same name

@@ -1020,7 +1002,7 @@ func initBridgeDriver(controller *libnetwork.Controller, cfg config.BridgeConfig

 		libnetwork.NetworkOptionEnableIPv6(cfg.EnableIPv6),

 		libnetwork.NetworkOptionDriverOpts(netOption),

 		libnetwork.NetworkOptionIpam("default", "", ipamV4Conf, ipamV6Conf, nil),

-		libnetwork.NetworkOptionDeferIPv6Alloc(deferIPv6Alloc))

+	)

 	if err != nil {

 		return fmt.Errorf(`error creating default %q network: %v`, network.NetworkBridge, err)

 	}

@@ -309,25 +309,6 @@ func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDR(c *testing.T) {

 	assert.Equal(c, strings.Trim(out, " \r\n'"), "2001:db8:2::100", "Container should have a global IPv6 gateway")

 }

-// TestDaemonIPv6FixedCIDRAndMac checks that when the daemon is started with ipv6 fixed CIDR

-// the running containers are given an IPv6 address derived from the MAC address and the ipv6 fixed CIDR

-func (s *DockerDaemonSuite) TestDaemonIPv6FixedCIDRAndMac(c *testing.T) {

-	// IPv6 setup is messing with local bridge address.

-	testRequires(c, testEnv.IsLocalDaemon)

-	// Delete the docker0 bridge if its left around from previous daemon. It has to be recreated with

-	// ipv6 enabled

-	deleteInterface(c, "docker0")

-

-	s.d.StartWithBusybox(testutil.GetContext(c), c, "--ipv6", "--fixed-cidr-v6=2001:db8:1::/64")

-

-	out, err := s.d.Cmd("run", "-d", "--name=ipv6test", "--mac-address", "AA:BB:CC:DD:EE:FF", "busybox", "top")

-	assert.NilError(c, err, out)

-

-	out, err = s.d.Cmd("inspect", "--format", "{{.NetworkSettings.Networks.bridge.GlobalIPv6Address}}", "ipv6test")

-	assert.NilError(c, err, out)

-	assert.Equal(c, strings.Trim(out, " \r\n'"), "2001:db8:1::aabb:ccdd:eeff")

-}

-

 // TestDaemonIPv6HostMode checks that when the running a container with

 // network=host the host ipv6 addresses are not removed

 func (s *DockerDaemonSuite) TestDaemonIPv6HostMode(c *testing.T) {

@@ -5,7 +5,6 @@ import (

 	"flag"

 	"fmt"

 	"net"

-	"net/netip"

 	"os/exec"

 	"regexp"

 	"strconv"

@@ -541,17 +540,6 @@ func TestDefaultBridgeIPv6(t *testing.T) {

 			inspect := container.Inspect(ctx, t, c, cID)

 			gIPv6 := inspect.NetworkSettings.Networks[networkName].GlobalIPv6Address

-			// The container's MAC and IPv6 addresses should be derived from the

-			// IPAM-allocated IPv4 address.

-			addr4, err := netip.ParseAddr(inspect.NetworkSettings.Networks[networkName].IPAddress)

-			assert.NilError(t, err)

-			mac, err := net.ParseMAC(inspect.NetworkSettings.Networks[networkName].MacAddress)

-			assert.NilError(t, err)

-			assert.Check(t, is.DeepEqual(addr4.AsSlice(), []byte(mac)[2:]))

-			addr6, err := netip.ParseAddr(gIPv6)

-			assert.NilError(t, err)

-			assert.Check(t, is.DeepEqual(addr4.AsSlice(), addr6.AsSlice()[12:]))

-

 			attachCtx, cancel := context.WithTimeout(ctx, 5*time.Second)

 			defer cancel()

 			res := container.RunAttach(attachCtx, t, c,

@@ -1230,17 +1230,8 @@ func (d *driver) CreateEndpoint(ctx context.Context, nid, eid string, ifInfo dri

 	endpoint.addr = ifInfo.Address()

 	endpoint.addrv6 = ifInfo.AddressIPv6()

-	// We assign a default MAC address derived from the IP address to make sure

-	// that if a container is disconnected and reconnected in a short timeframe,

-	// stale ARP entries will still point to the right container.

 	if endpoint.macAddress == nil {

-		if endpoint.addr != nil {

-			endpoint.macAddress = netutils.GenerateMACFromIP(endpoint.addr.IP)

-		} else {

-			// TODO(robmry) - generate unsolicited Neighbour Advertisement to

-			//  associate this MAC address with the IPv6 address.

-			endpoint.macAddress = netutils.GenerateRandomMAC()

-		}

+		endpoint.macAddress = netutils.GenerateRandomMAC()

 		if err := ifInfo.SetMacAddress(endpoint.macAddress); err != nil {

 			return err

 		}

@@ -1255,33 +1246,6 @@ func (d *driver) CreateEndpoint(ctx context.Context, nid, eid string, ifInfo dri

 		"ifi":        host.Attrs().Index,

 	}).Debug("bridge endpoint host link is up")

-	// Generate a MAC-address-based IPv6 address, which may be used by the default

-	// bridge network instead of an IPAM allocated address.

-	if endpoint.addrv6 == nil && config.EnableIPv6 {

-		var ip6 net.IP

-		network := n.bridge.bridgeIPv6

-		if config.AddressIPv6 != nil {

-			network = config.AddressIPv6

-		}

-		// If there are fewer than 48 host-bits in the network, it's not possible to

-		// generate an IPv6 address from the MAC address. The network size has already

-		// been checked, so we can safely assume this endpoint must not need a MAC-based

-		// IPv6 address.

-		ones, _ := network.Mask.Size()

-		if ones <= 80 {

-			ip6 = make(net.IP, len(network.IP))

-			copy(ip6, network.IP)

-			for i, h := range endpoint.macAddress {

-				ip6[i+10] = h

-			}

-

-			endpoint.addrv6 = &net.IPNet{IP: ip6, Mask: network.Mask}

-			if err = ifInfo.SetIPAddress(endpoint.addrv6); err != nil {

-				return err

-			}

-		}

-	}

-

 	if err = d.storeUpdate(ctx, endpoint); err != nil {

 		return fmt.Errorf("failed to save bridge endpoint %.7s to store: %v", endpoint.id, err)

 	}

@@ -403,21 +403,19 @@ func TestCreateFullOptionsLabels(t *testing.T) {

 		t.Fatalf("Unexpected: %v", nw.config.DefaultGatewayIPv6)

 	}

-	// In short here we are testing --fixed-cidr-v6 daemon option

-	// plus --mac-address run option

-	te := newTestEndpoint(ipdList[0].Pool, 20)

-	te.iface.mac = netutils.MustParseMAC("aa:bb:cc:dd:ee:ff")

-	err = d.CreateEndpoint(context.Background(), "dummy", "ep1", te.Interface(), map[string]interface{}{})

-	if err != nil {

-		t.Fatal(err)

-	}

+	// Check that a MAC address is generated if not already configured.

+	te1 := newTestEndpoint(ipdList[0].Pool, 20)

+	err = d.CreateEndpoint(context.Background(), "dummy", "ep1", te1.Interface(), map[string]interface{}{})

+	assert.NilError(t, err)

+	assert.Check(t, is.Len(te1.iface.mac, 6))

-	if !nwV6.Contains(te.Interface().AddressIPv6().IP) {

-		t.Fatalf("endpoint got assigned address outside of container network(%s): %s", nwV6.String(), te.Interface().AddressIPv6())

-	}

-	if te.Interface().AddressIPv6().IP.String() != "2001:db8:2600:2700:2800:aabb:ccdd:eeff" {

-		t.Fatalf("Unexpected endpoint IPv6 address: %v", te.Interface().AddressIPv6().IP)

-	}

+	// Check that a configured --mac-address isn't overwritten by a generated address.

+	te2 := newTestEndpoint(ipdList[0].Pool, 20)

+	const macAddr = "aa:bb:cc:dd:ee:ff"

+	te2.iface.mac = netutils.MustParseMAC(macAddr)

+	err = d.CreateEndpoint(context.Background(), "dummy", "ep2", te2.Interface(), map[string]interface{}{})

+	assert.NilError(t, err)

+	assert.Check(t, is.Equal(te2.iface.mac.String(), macAddr))

 }

 func TestCreate(t *testing.T) {

@@ -580,6 +578,20 @@ func newTestEndpoint(nw *net.IPNet, ordinal byte) *testEndpoint {

 	return &testEndpoint{iface: &testInterface{addr: addr}}

 }

+// newTestEndpoint46 is like newTestEndpoint, but assigns an IPv6 address as well as IPv4.

+func newTestEndpoint46(nw4, nw6 *net.IPNet, ordinal byte) *testEndpoint {

+	addr4 := types.GetIPNetCopy(nw4)

+	addr4.IP[len(addr4.IP)-1] = ordinal

+	addr6 := types.GetIPNetCopy(nw6)

+	addr6.IP[len(addr6.IP)-1] = ordinal

+	return &testEndpoint{

+		iface: &testInterface{

+			addr:   addr4,

+			addrv6: addr6,

+		},

+	}

+}

+

 func (te *testEndpoint) Interface() *testInterface {

 	return te.iface

 }

@@ -30,12 +30,12 @@ func TestLinkCreate(t *testing.T) {

 	}

 	ipdList := getIPv4Data(t)

-	err := d.CreateNetwork("dummy", option, nil, ipdList, getIPv6Data(t))

+	ipd6List := getIPv6Data(t)

+	err := d.CreateNetwork("dummy", option, nil, ipdList, ipd6List)

 	if err != nil {

 		t.Fatalf("Failed to create bridge: %v", err)

 	}

-

-	te := newTestEndpoint(ipdList[0].Pool, 10)

+	te := newTestEndpoint46(ipdList[0].Pool, ipd6List[0].Pool, 10)

 	err = d.CreateEndpoint(context.Background(), "dummy", "", te.Interface(), nil)

 	if err != nil {

 		if _, ok := err.(InvalidEndpointIDError); !ok {

@@ -141,12 +141,13 @@ func TestPortMappingV6Config(t *testing.T) {

 	netOptions[netlabel.GenericData] = netConfig

 	ipdList4 := getIPv4Data(t)

-	err := d.CreateNetwork("dummy", netOptions, nil, ipdList4, getIPv6Data(t))

+	ipdList6 := getIPv6Data(t)

+	err := d.CreateNetwork("dummy", netOptions, nil, ipdList4, ipdList6)

 	if err != nil {

 		t.Fatalf("Failed to create bridge: %v", err)

 	}

-	te := newTestEndpoint(ipdList4[0].Pool, 11)

+	te := newTestEndpoint46(ipdList4[0].Pool, ipdList6[0].Pool, 11)

 	err = d.CreateEndpoint(context.Background(), "dummy", "ep1", te.Interface(), nil)

 	if err != nil {

 		t.Fatalf("Failed to create the endpoint: %s", err.Error())

@@ -32,13 +32,7 @@ func (d *driver) CreateEndpoint(ctx context.Context, nid, eid string, ifInfo dri

 		mac:    ifInfo.MacAddress(),

 	}

 	if ep.mac == nil {

-		if ep.addr != nil {

-			ep.mac = netutils.GenerateMACFromIP(ep.addr.IP)

-		} else {

-			// TODO(robmry) - generate an unsolicited Neighbor Advertisement to

-			//  associate this MAC address with the IP.

-			ep.mac = netutils.GenerateRandomMAC()

-		}

+		ep.mac = netutils.GenerateRandomMAC()

 		if err := ifInfo.SetMacAddress(ep.mac); err != nil {

 			return err

 		}

@@ -1,7 +1,6 @@

 package libnetwork_test

 import (

-	"bytes"

 	"context"

 	"encoding/json"

 	"fmt"

@@ -1418,59 +1417,6 @@ func TestHost(t *testing.T) {

 	}

 }

-// Testing IPV6 from MAC address

-func TestBridgeIpv6FromMac(t *testing.T) {

-	defer netnsutils.SetupTestOSContext(t)()

-	controller := newController(t)

-

-	netOption := options.Generic{

-		netlabel.GenericData: map[string]string{

-			bridge.BridgeName:         "testipv6mac",

-			bridge.EnableICC:          "true",

-			bridge.EnableIPMasquerade: "true",

-		},

-	}

-	ipamV4ConfList := []*libnetwork.IpamConf{{PreferredPool: "192.168.100.0/24", Gateway: "192.168.100.1"}}

-	ipamV6ConfList := []*libnetwork.IpamConf{{PreferredPool: "fe90::/64", Gateway: "fe90::22"}}

-

-	network, err := controller.NewNetwork(bridgeNetType, "testipv6mac", "",

-		libnetwork.NetworkOptionGeneric(netOption),

-		libnetwork.NetworkOptionEnableIPv4(true),

-		libnetwork.NetworkOptionEnableIPv6(true),

-		libnetwork.NetworkOptionIpam(defaultipam.DriverName, "", ipamV4ConfList, ipamV6ConfList, nil),

-		libnetwork.NetworkOptionDeferIPv6Alloc(true))

-	if err != nil {

-		t.Fatal(err)

-	}

-

-	mac := net.HardwareAddr{0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}

-	epOption := options.Generic{netlabel.MacAddress: mac}

-

-	ep, err := network.CreateEndpoint(context.Background(), "testep", libnetwork.EndpointOptionGeneric(epOption))

-	if err != nil {

-		t.Fatal(err)

-	}

-

-	iface := ep.Info().Iface()

-	if !bytes.Equal(iface.MacAddress(), mac) {

-		t.Fatalf("Unexpected mac address: %v", iface.MacAddress())

-	}

-

-	ip, expIP, _ := net.ParseCIDR("fe90::aabb:ccdd:eeff/64")

-	expIP.IP = ip

-	if !types.CompareIPNet(expIP, iface.AddressIPv6()) {

-		t.Fatalf("Expected %v. Got: %v", expIP, iface.AddressIPv6())

-	}

-

-	if err := ep.Delete(context.Background(), false); err != nil {

-		t.Fatal(err)

-	}

-

-	if err := network.Delete(); err != nil {

-		t.Fatal(err)

-	}

-}

-

 func checkSandbox(t *testing.T, info libnetwork.EndpointInfo) {

 	key := info.Sandbox().Key()

 	sbNs, err := netns.GetFromPath(key)

@@ -1513,7 +1459,7 @@ func TestEndpointJoin(t *testing.T) {

 		libnetwork.NetworkOptionEnableIPv4(true),

 		libnetwork.NetworkOptionEnableIPv6(true),

 		libnetwork.NetworkOptionIpam(defaultipam.DriverName, "", nil, ipamV6ConfList, nil),

-		libnetwork.NetworkOptionDeferIPv6Alloc(true))

+	)

 	if err != nil {

 		t.Fatal(err)

 	}

@@ -189,7 +189,6 @@ type Network struct {

 	ipamV6Info       []*IpamInfo

 	enableIPv4       bool

 	enableIPv6       bool

-	postIPv6         bool

 	epCnt            *endpointCnt

 	generic          options.Generic

 	dbIndex          uint64

@@ -461,7 +460,6 @@ func (n *Network) CopyTo(o datastore.KVObject) error {

 	dstN.enableIPv4 = n.enableIPv4

 	dstN.enableIPv6 = n.enableIPv6

 	dstN.persist = n.persist

-	dstN.postIPv6 = n.postIPv6

 	dstN.dbIndex = n.dbIndex

 	dstN.dbExists = n.dbExists

 	dstN.drvOnce = n.drvOnce

@@ -585,7 +583,6 @@ func (n *Network) MarshalJSON() ([]byte, error) {

 		netMap["generic"] = n.generic

 	}

 	netMap["persist"] = n.persist

-	netMap["postIPv6"] = n.postIPv6

 	if len(n.ipamV4Config) > 0 {

 		ics, err := json.Marshal(n.ipamV4Config)

 		if err != nil {

@@ -688,9 +685,6 @@ func (n *Network) UnmarshalJSON(b []byte) (err error) {

 	if v, ok := netMap["persist"]; ok {

 		n.persist = v.(bool)

 	}

-	if v, ok := netMap["postIPv6"]; ok {

-		n.postIPv6 = v.(bool)

-	}

 	if v, ok := netMap["ipamType"]; ok {

 		n.ipamType = v.(string)

 	} else {

@@ -898,16 +892,6 @@ func NetworkOptionDynamic() NetworkOption {

 	}

 }

-// NetworkOptionDeferIPv6Alloc instructs the network to defer the IPV6 address allocation until after the endpoint has been created

-// It is being provided to support the specific docker daemon flags where user can deterministically assign an IPv6 address

-// to a container as combination of fixed-cidr-v6 + mac-address

-// TODO: Remove this option setter once we support endpoint ipam options

-func NetworkOptionDeferIPv6Alloc(enable bool) NetworkOption {

-	return func(n *Network) {

-		n.postIPv6 = enable

-	}

-}

-

 // NetworkOptionConfigOnly tells controller this network is

 // a configuration only network. It serves as a configuration

 // for other networks.

@@ -1256,7 +1240,7 @@ func (n *Network) createEndpoint(ctx context.Context, name string, options ...En

 	wantIPv6 := n.enableIPv6 && !ep.disableIPv6

-	if err = ep.assignAddress(ipam, n.enableIPv4, wantIPv6 && !n.postIPv6); err != nil {

+	if err = ep.assignAddress(ipam, n.enableIPv4, wantIPv6); err != nil {

 		return nil, err

 	}

 	defer func() {

@@ -1289,14 +1273,6 @@ func (n *Network) createEndpoint(ctx context.Context, name string, options ...En

 		}

 	}()

-	if wantIPv6 {

-		if err = ep.assignAddress(ipam, false, n.postIPv6); err != nil {

-			return nil, err

-		}

-	} else {

-		ep.iface.addrv6 = nil

-	}

-

 	if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {

 		n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)

 		defer func() {