Results 1 to 2 of 2

Thread: IPv6 forwarding OpenVZ

  1. #1
    Join Date
    Jan 2013
    Posts
    1

    Default IPv6 forwarding OpenVZ

    Hi Folks,

    After 3 days solid on this I am at the end of the line as to what I can take.

    I have a number of servers up and running OpenVZ on CentOS without any issues, I am trying out proxmox for the better veth support however I simply cannot get IPv6 to route outside of the vmbr device

    Is anyone able to add any suggestions, tips, help to this before I throw the towel in.

    The server has a public IP and the Containers are using a local private range 10.0.0.0/24

    IPv4 connectivity is not a problem:

    auto vmbr0
    iface vmbr0 inet static
    address 10.0.0.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0



    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o eth0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o eth0 -j MASQUERADE

    The containers can connect to the outside world over IPv4 using a veth interface or even venet.

    ----

    I have also set up a vmbr6 for ipv6 it has an IPv6 address, it can see the outside world over ipv6

    The container has a veth device eth1 with an ipv6 address, it can ping the vmbr6 device on the host node but not beyond it.

    I have tried setting up the default routes on the container using the vmbr6, vmbr0 and the actual ipv6 gateway, none of this makes any difference at all.


    sysctl.conf

    net.ipv4.ip_forward = 1
    net.ipv6.conf.all.forwarding = 1
    net.ipv4.conf.default.proxy_arp = 1
    net.ipv4.conf.all.rp_filter = 1
    kernel.sysrq = 1
    net.ipv4.conf.default.send_redirects = 1
    net.ipv4.conf.all.send_redirects = 0
    net.ipv6.conf.all.forwarding= 1
    net.ipv6.conf.all.proxy_ndp = 1


    So can anyone offer up any advice at all, and can anyone give an indication on when proxmox will implement full IPv6 support?

    I have noted a few errors regarding proxy_ndp and fprwarding for IPv6 during boot but it seems to load anyway, for good measure I have

    echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
    echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp


    in rc.local and sysctl -p returns no errors.

    cheers.

    Ant.



    P/S I posted this once but it never seemed to post sorry if it double posts.

  2. #2
    Join Date
    Oct 2011
    Location
    Germany (D2xxxx)
    Posts
    321

    Default Re: IPv6 forwarding OpenVZ

    first of all a general reminder (you probably know this): NEVER EVER change the network configuration via the webinterface because it will just delete all the IPV6 relevant parts from /etc/network/interfaces

    What you need to do is tell the CT0 (host) that it needs to proxy the containers addresses. you do this on the CT0/host with:

    ip -6 neigh add proxy (container IPv6 address) dev eth0

    you should also generally disable ipv6 autoconf: echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf (on both host and containers)

    since you will want to have all of this reboot-proof, youll end up with an /etc/network/interfaces on the host like this:

    Code:
    iface eth0 inet6 static
     address (CT0 address)
     netmask 64
     gateway (gateway - depending on network setup may very well be fe80::1)
    
    
     pre-up modprobe ipv6
     pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf   #change interface name if necessary
    
     post-up ip -6 neigh add proxy (containers ipv6 address) dev eth0 #again: interface name
     #^-- repeat for all containers


    NOTE: You can add addresses to be proxied, but you cannot view the list of addresses you added. the kernel simply does not export this information (thats why no userspace tool can show this to you). as proxmox is using the 2.6 kernel branch, thats a (rather unimportant) limitation youll have to live with.
    Last edited by mo_; 01-24-2013 at 09:49 PM. Reason: added the note

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •