The future of Docker containers

It basically manually assembles a network out of multiple individual IPv6 addresses. This is doable, but not at all nice. I'm not sure a simple IPv6 NAT is worse than that.

The better way is to just use a CNI plugin to dynamically create ENI (Amazon's virtual network interfaces) and assign them to containers directly.

You also still need a stateful firewall because you do NOT want to expose all containers' ports automatically.