[SOLVED] Enable IPv6 OVH

[Jim O]

I'm evaluating Proxmox 4 currently on an OVH server. I've created one VM (FreeBSD 10.2) which is working fine with several IPv4 addresses assigned to one virtual mac and successfully added to the VM. I tried adding an IPv6 address to vtnet0. I can ping6 the host from the VM and I can ping6 the VM from the host but I discovered that the host cannot ping6 externally nor can it be pinged. All host networking settings are as set by the OVH installer.

Host:

# ifconfig
eth0 Link encap:Ethernet HWaddr 0c:c4:7a:6c:d5:1e

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:11996 errors:1 dropped:0 overruns:0 frame:1

TX packets:4934 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:1938134 (1.8 MiB) TX bytes:2852234 (2.7 MiB)

Memory:fb120000-fb13ffff


lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:2273 errors:0 dropped:0 overruns:0 frame:0

TX packets:2273 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:2133018 (2.0 MiB) TX bytes:2133018 (2.0 MiB)


tap100i0 Link encap:Ethernet HWaddr 62:0c:e1:10:3a:5e

inet6 addr: fe80::600c:e1ff:fe10:3a5e/64 Scope:Link

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

RX packets:686 errors:0 dropped:0 overruns:0 frame:0

TX packets:7255 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:500

RX bytes:42528 (41.5 KiB) TX bytes:486405 (475.0 KiB)


vmbr0 Link encap:Ethernet HWaddr 0c:c4:7a:6c:d5:1e

inet addr:158.69.225.146 Bcast:158.69.225.255 Mask:255.255.255.0

inet6 addr: fe80::ec4:7aff:fe6c:d51e/64 Scope:Link

inet6 addr: 2607:5300:60:9692::/64 Scope:Global

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:10951 errors:0 dropped:0 overruns:0 frame:0

TX packets:3710 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:1709936 (1.6 MiB) TX bytes:2775158 (2.6 MiB)


vmbr1 Link encap:Ethernet HWaddr 82:90:2a:a8:3c:64

inet6 addr: fe80::8090:2aff:fea8:3c64/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:11 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:1138 (1.1 KiB)


# cat /etc/network/interfaces

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).


# The loopback network interface

auto lo

iface lo inet loopback


# for Routing

auto vmbr1

iface vmbr1 inet manual

post-up /etc/pve/kvm-networking.sh

bridge_ports dummy0

bridge_stp off

bridge_fd 0



# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.

auto vmbr0

iface vmbr0 inet static

address 158.69.225.146

netmask 255.255.255.0

network 158.69.225.0

broadcast 158.69.225.255

gateway 158.69.225.254

bridge_ports eth0

bridge_stp off

bridge_fd 0


iface vmbr0 inet6 static

address 2607:5300:60:9692::

netmask 64

post-up /sbin/ip -f inet6 route add 2607:5300:60:96ff:ff:ff:ff:ff dev vmbr0

post-up /sbin/ip -f inet6 route add default via 2607:5300:60:96ff:ff:ff:ff:ff

pre-down /sbin/ip -f inet6 route del default via 2607:5300:60:96ff:ff:ff:ff:ff

pre-down /sbin/ip -f inet6 route del 2607:5300:60:96ff:ff:ff:ff:ff dev vmbr0

# route -6

Kernel IPv6 routing table

Destination Next Hop Flag Met Ref Use If

::1/128 :: U 256 0 0 lo

2607:5300:60:9692::/64 :: U 256 3 16 vmbr0

fe80::/64 :: U 256 0 0 vmbr1

fe80::/64 :: U 256 0 0 vmbr0

fe80::/64 :: U 256 0 0 tap100i0

::/0 :: !n -1 1 480 lo

::1/128 :: Un 0 4 5 lo

2607:5300:60:9692::/128 :: Un 0 6 47 lo

fe80::ec4:7aff:fe6c:d51e/128 :: Un 0 5 36 lo

fe80::600c:e1ff:fe10:3a5e/128 :: Un 0 1 0 lo

fe80::8090:2aff:fea8:3c64/128 :: Un 0 1 0 lo

ff00::/8 :: U 256 0 0 vmbr1

ff00::/8 :: U 256 7 1148 vmbr0

ff00::/8 :: U 256 0 0 tap100i0

::/0 :: !n -1 1 480 lo


# ping6 ipv6.google.com

connect: Network is unreachable

############
## Ping the VM from the host
############

# ping6 -c 4 2607:5300:60:9692::34af:107e

PING 2607:5300:60:9692::34af:107e(2607:5300:60:9692::34af:107e) 56 data bytes

64 bytes from 2607:5300:60:9692::34af:107e: icmp_seq=1 ttl=64 time=0.101 ms

64 bytes from 2607:5300:60:9692::34af:107e: icmp_seq=2 ttl=64 time=0.105 ms

64 bytes from 2607:5300:60:9692::34af:107e: icmp_seq=3 ttl=64 time=0.137 ms

64 bytes from 2607:5300:60:9692::34af:107e: icmp_seq=4 ttl=64 time=0.138 ms


--- 2607:5300:60:9692::34af:107e ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 2997ms

rtt min/avg/max/mdev = 0.101/0.120/0.138/0.018 ms

Similar results from within the VM. The problem seems to be the host not connecting to the outside.

Admittedly I'm much more familiar with FreeBSD than with Linux. Any help with system settings would be appreciated.

 

[tom]

See also:

http://pve.proxmox.com/wiki/OVH

 

[Jim O]

Thanks, tom. I've read that. Several times in fact. That article seems to deal with configuring a VM, not the HOST. It doesn't address the fact that the HOST is not able to ping an external IPv6 and is not ping6-able from outside. The problem doesn't appear to be with the VM configuration as the VM can ping6 the host and the host can ping6 the VM. Neither can reach the outside and neither is reachable from outside.

 

[Jim O]

FWIW, I used the instructions at http://docs.ovh.ca/en/guides-network-ipv6.html#freebsd-10 to configure the VM. As I said, it seems to be correctly configured in the guest.

 

[Jim O]

Anyone?

 

[whyitsderp]

can you actually resolve ipv6.google.com on the host? make sure you can actually resolve ipv6.google.com first. if not, openDNS has some public IPv6 DNS servers.

another thing i notice is your routes look a little wonky. specifically your default route :/0) on your vmbr0 interface, which should be the LL address of your router.. but maybe that's some OVH thing..

in the doc on IPv6 from OVH you mention is "If you want to use more than one IPv6 configured on your server (or want to use it on a VM) you will need to have a failover IP configured with a vMAC. Otherwise, the IPv6 won’t be routed by our routers/switches.".. i guess you've done that ?

 

[Jim O]

Thanks for the response!

can you actually resolve ipv6.google.com on the host? make sure you can actually resolve ipv6.google.com first. if not, openDNS has some public IPv6 DNS servers.

Yes, Ive always been able to do that.

another thing i notice is your routes look a little wonky. specifically your default route :/0) on your vmbr0 interface, which should be the LL address of your router.. but maybe that's some OVH thing..

Yes, it's an OVH thing. Haha

in the doc on IPv6 from OVH you mention is "If you want to use more than one IPv6 configured on your server (or want to use it on a VM) you will need to have a failover IP configured with a vMAC. Otherwise, the IPv6 won’t be routed by our routers/switches.".. i guess you've done that ?

Yup, I have three IPv4 addresses on one vMAC and all three work in that VM as expected.


Actually, after a great deal of trial and error, I solved the problem of the host not connecting externally. It seems that the two "post-up" lines in /etc/network/interfaces were either not being executed, or were being executed too soon:

post-up /sbin/ip -f inet6 route add 2607:5300:60:96ff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2607:5300:60:96ff:ff:ff:ff:ff

Executing the above from the command line enabled IPv6 communication between the host and the internet. I now have them in a shell script executed at boot after a 20 second "sleep".

That led to the next problem. Now when I would try to ping6 from the VM I'd get "ping6: sendmsg: Operation not permitted". After several hours searching I came upon a lengthy thread from 2013 on the freebsd-net mailing list involving IPv6 routing at OVH. This led me to change the prefix from /64 to /48 in the VM settings. /56 also works but /64 does not, despite that being in the documentation in http://docs.ovh.ca/en/guides-network-ipv6.html#freebsd-10.