IPv6 - First-time configuration

judahnator

New Member
Jun 16, 2022
6
0
1
Hello! I am trying to troubleshoot an issue.

The setup:
One host, two guests. The host has a bridge configured with ::1 in a local /48. I am assigning each guest a /56 from this network. See the screenshots-

Host:
1655408285846.png

Guest:
1655408379757.png

The problem:
The guests have no real network access over this interface. If I set the IPv6 gateway to the host address I can ping the host, but each guest cannot ping the other.

The solution:
Is hopefully in this thread.
Where do I even start troubleshooting this?
 
shrdlicka

shrdlicka

Active Member
Staff member
May 2, 2022
440
50
28
Hi,
lets start with the simplest question: Is the firewall enabled on the node/cluster?
 
shrdlicka

shrdlicka

Active Member
Staff member
May 2, 2022
440
50
28
I'm not 100% on my IPv6 knowledge, but are those two VMs in the same "subnet"? Also are both on the same 'vmbr2' bridge?
 
shrdlicka

shrdlicka

Active Member
Staff member
May 2, 2022
440
50
28
Can you post the /etc/network/interfaces config as well as the conainter configs pct config <container id>?
 

judahnator

New Member
Jun 16, 2022
6
0
1
Here you go!

/etc/network/interfaces

Code: 
auto lo
iface lo inet loopback

iface enp3s0 inet manual

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.199/24
        gateway 192.168.1.1
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.0.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#Internal Network

auto vmbr2
iface vmbr2 inet6 static
        address fd5a:bfc9:4b96::1/48
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#internal ipv6

And for the guests:

Code: 
root@pve:~# pct config 108
arch: amd64
cores: 1
hostname: ipv6-t1
memory: 512
net0: name=eth0,bridge=vmbr2,firewall=1,gw6=fd5a:bfc9:4b96::1,hwaddr=B2:99:A8:CF:79:CA,ip6=fd5a:bfc9:4b96:0800::1/56,type=veth
ostype: debian
rootfs: local-lvm:vm-108-disk-0,size=8G
swap: 512
unprivileged: 1

and:

Code: 
root@pve:~# pct config 110
arch: amd64
cores: 1
hostname: ipv6-t2
memory: 512
net0: name=eth0,bridge=vmbr2,firewall=1,gw6=fd5a:bfc9:4b96::1,hwaddr=2A:1F:ED:C5:96:6E,ip6=fd5a:bfc9:4b96:1000::1/56,type=veth
ostype: debian
rootfs: local-lvm:vm-110-disk-0,size=8G
swap: 512
unprivileged: 1
 

spirit

Famous Member
Apr 2, 2010
5,696
642
133
www.odiso.com
you can't access from a /56 network to a /48 ip.

if you want ot use differents /56 network for each subnet/vm, you need multiple /56 ip on your host as gateway too.

here en example, subnetting a /48 (which could be on your main vmbr0 to route upstream), with 2 /56.

Code: 
auto vmbr0
iface vmbr0 inet static
        address fd65a:bfc9:4b96::/48
        gateway6 ....


auto vmbr2
iface vmbr2 inet6 static
        address fd5a:bfc9:4b96:0800::/56
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr3
iface vmbr3 inet6 static
        address fd5a:bfc9:4b96:1000::/56
        bridge-ports none
        bridge-stp off
        bridge-fd 0
[CODE]

(Note that first avaiable ip in a ipv6 subnet is 0 or ::  at the end of the ip )



vm 108:
net0: name=eth0,bridge=vmbr2,firewall=1,gw6=fd5a:bfc9:4b96:0800::,hwaddr=B2:99:A8:CF:79:CA,ip6=fd5a:bfc9:4b96:0800::1/56,type=veth

vm 110
net0: name=eth0,bridge=vmbr3,firewall=1,gw6=fd5a:bfc9:4b96:1000::,hwaddr=2A:1F:ED:C5:96:6E,ip6=fd5a:bfc9:4b96:1000::1/56,type=veth



and enable ipv6 forwarding on host

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 
  • Like
Reactions: shrdlicka and judahnator

judahnator

New Member
Jun 16, 2022
6
0
1
That makes sense. I plugged that setup in and things are working now.

I'm wondering if it's possible to accomplish this without adding an interface to the host for each guest? Perhaps with a VM instead of a container?
I could set up the /56 networks to be directly routed instead of the /48, the network side of things is flexible.
 

judahnator

New Member
Jun 16, 2022
6
0
1
Following up on my own post-

spirit said:
you can't access from a /56 network to a /48 ip. ... you need multiple ... ip on your host as gateway too
Click to expand...

This was the key point here. I misunderstood how the routing was working.

My solution: Use the host bits. This way I don't need a new interface for each VM.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!
Community platform by XenForo® © 2010-2022 XenForo Ltd.
Top Bottom