IPv6 forwarding OpenVZ

[inhost]

Hi Folks,

After 3 days solid on this I am at the end of the line as to what I can take.

I have a number of servers up and running OpenVZ on CentOS without any issues, I am trying out proxmox for the better veth support however I simply cannot get IPv6 to route outside of the vmbr device

Is anyone able to add any suggestions, tips, help to this before I throw the towel in.

The server has a public IP and the Containers are using a local private range 10.0.0.0/24

IPv4 connectivity is not a problem:

auto vmbr0
iface vmbr0 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0



post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o eth0 -j MASQUERADE

The containers can connect to the outside world over IPv4 using a veth interface or even venet.

----

I have also set up a vmbr6 for ipv6 it has an IPv6 address, it can see the outside world over ipv6

The container has a veth device eth1 with an ipv6 address, it can ping the vmbr6 device on the host node but not beyond it.

I have tried setting up the default routes on the container using the vmbr6, vmbr0 and the actual ipv6 gateway, none of this makes any difference at all.


sysctl.conf

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv6.conf.all.forwarding= 1
net.ipv6.conf.all.proxy_ndp = 1


So can anyone offer up any advice at all, and can anyone give an indication on when proxmox will implement full IPv6 support?

I have noted a few errors regarding proxy_ndp and fprwarding for IPv6 during boot but it seems to load anyway, for good measure I have

echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp


in rc.local and sysctl -p returns no errors.

cheers.

Ant.



P/S I posted this once but it never seemed to post sorry if it double posts.

 

[mo_]

first of all a general reminder (you probably know this): NEVER EVER change the network configuration via the webinterface because it will just delete all the IPV6 relevant parts from /etc/network/interfaces

What you need to do is tell the CT0 (host) that it needs to proxy the containers addresses. you do this on the CT0/host with:

ip -6 neigh add proxy (container IPv6 address) dev eth0

you should also generally disable ipv6 autoconf: echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf (on both host and containers)

since you will want to have all of this reboot-proof, youll end up with an /etc/network/interfaces on the host like this:

iface eth0 inet6 static
 address (CT0 address)
 netmask 64
 gateway (gateway - depending on network setup may very well be fe80::1)


 pre-up modprobe ipv6
 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf   #change interface name if necessary

 post-up ip -6 neigh add proxy (containers ipv6 address) dev eth0 #again: interface name
 #^-- repeat for all containers

NOTE: You can add addresses to be proxied, but you cannot view the list of addresses you added. the kernel simply does not export this information (thats why no userspace tool can show this to you). as proxmox is using the 2.6 kernel branch, thats a (rather unimportant) limitation youll have to live with.

 

[vikozo]

Hello mo_
thanks for your reply, i have got a same problem i wish to have a webserver responding at ipv6 because i don't have ipv4 to use.

ip -6 neigh add proxy (container IPv6 address) dev eth0

what do you mean with (container IPv6 address)?

and

... with an /etc/network/interfaces on the host like this:

the /etc/network/interfaces do i have to do this inside the container or on the host?

and i would like to do the comunication over vmbr1 not eth0 or eth1 is there a problem or did i miss something?

have a nice day
vincent

 

[mo_]

Hello mo_
thanks for your reply, i have got a same problem i wish to have a webserver responding at ipv6 because i don't have ipv4 to use.

what do you mean with (container IPv6 address)?

That means you have to put the containers IPv6 address there. Like 2001:abcd::42 or whatever it may be.

and

the /etc/network/interfaces do i have to do this inside the container or on the host?

On the host, like my text specifies.

and i would like to do the comunication over vmbr1 not eth0 or eth1 is there a problem or did i miss something?

no, that should work the same way.

 

[vikozo]

hello mo_

thanks for you fast replay.
just to make sure - because english is not my mother tongue -

ip -6 neigh add proxy (container IPv6 address) dev eth0

this would be ipv6 adresse of my container with at the end vmbr1 to us.
having more the a openvz server would mean i could add this more, for each Virtuell Server?!

will try it tonight

the Host itself in my case will not need a ipv6 i will manage them only localy.

have a nice day
vinc

 

[mo_]

That is what I meant, yes. However I just realized that you may not need to do this when using vmbr at all. It's been a long while since I have messed with this

 

[vikozo]

so now i am unsure what to do!
basicly i looks like that

but only the kvm or for now the openVZ container need a ipv6 adress

 

[vikozo]

any idea? would save my weekend!

 

[mo_]

not from me Im afraid, sorry. Ive never touched openvswitch

 

[vikozo]

Hello Mo_
so far thanks a lot for your help
maybe sombody else will have a idea and able to help
have a nice day
vinc