IPv6 forwarding OpenVZ

inhost

New Member
Jan 22, 2013
1
0
1
Hi Folks,

After 3 days solid on this I am at the end of the line as to what I can take.

I have a number of servers up and running OpenVZ on CentOS without any issues, I am trying out proxmox for the better veth support however I simply cannot get IPv6 to route outside of the vmbr device

Is anyone able to add any suggestions, tips, help to this before I throw the towel in.

The server has a public IP and the Containers are using a local private range 10.0.0.0/24

IPv4 connectivity is not a problem:

auto vmbr0
iface vmbr0 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0



post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o eth0 -j MASQUERADE

The containers can connect to the outside world over IPv4 using a veth interface or even venet.

----

I have also set up a vmbr6 for ipv6 it has an IPv6 address, it can see the outside world over ipv6

The container has a veth device eth1 with an ipv6 address, it can ping the vmbr6 device on the host node but not beyond it.

I have tried setting up the default routes on the container using the vmbr6, vmbr0 and the actual ipv6 gateway, none of this makes any difference at all.


sysctl.conf

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv6.conf.all.forwarding= 1
net.ipv6.conf.all.proxy_ndp = 1


So can anyone offer up any advice at all, and can anyone give an indication on when proxmox will implement full IPv6 support?

I have noted a few errors regarding proxy_ndp and fprwarding for IPv6 during boot but it seems to load anyway, for good measure I have

echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp


in rc.local and sysctl -p returns no errors.

cheers.

Ant.



P/S I posted this once but it never seemed to post sorry if it double posts.
 

mo_

Active Member
Oct 27, 2011
401
4
38
Germany
first of all a general reminder (you probably know this): NEVER EVER change the network configuration via the webinterface because it will just delete all the IPV6 relevant parts from /etc/network/interfaces

What you need to do is tell the CT0 (host) that it needs to proxy the containers addresses. you do this on the CT0/host with:

ip -6 neigh add proxy (container IPv6 address) dev eth0

you should also generally disable ipv6 autoconf: echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf (on both host and containers)

since you will want to have all of this reboot-proof, youll end up with an /etc/network/interfaces on the host like this:

Code:
iface eth0 inet6 static
 address (CT0 address)
 netmask 64
 gateway (gateway - depending on network setup may very well be fe80::1)


 pre-up modprobe ipv6
 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf   #change interface name if necessary

 post-up ip -6 neigh add proxy (containers ipv6 address) dev eth0 #again: interface name
 #^-- repeat for all containers



NOTE: You can add addresses to be proxied, but you cannot view the list of addresses you added. the kernel simply does not export this information (thats why no userspace tool can show this to you). as proxmox is using the 2.6 kernel branch, thats a (rather unimportant) limitation youll have to live with.
 
Last edited:

vikozo

Well-Known Member
May 4, 2014
733
26
48
suisse
www.wombat.ch
Hello mo_
thanks for your reply, i have got a same problem i wish to have a webserver responding at ipv6 because i don't have ipv4 to use.
ip -6 neigh add proxy (container IPv6 address) dev eth0
what do you mean with (container IPv6 address)?

and
... with an /etc/network/interfaces on the host like this:
the /etc/network/interfaces do i have to do this inside the container or on the host?

and i would like to do the comunication over vmbr1 not eth0 or eth1 is there a problem or did i miss something?

have a nice day
vincent
 

mo_

Active Member
Oct 27, 2011
401
4
38
Germany
Hello mo_
thanks for your reply, i have got a same problem i wish to have a webserver responding at ipv6 because i don't have ipv4 to use.

what do you mean with (container IPv6 address)?
That means you have to put the containers IPv6 address there. Like 2001:abcd::42 or whatever it may be.
and

the /etc/network/interfaces do i have to do this inside the container or on the host?
On the host, like my text specifies.
and i would like to do the comunication over vmbr1 not eth0 or eth1 is there a problem or did i miss something?
no, that should work the same way.
 

vikozo

Well-Known Member
May 4, 2014
733
26
48
suisse
www.wombat.ch
hello mo_

thanks for you fast replay.
just to make sure - because english is not my mother tongue -

ip -6 neigh add proxy (container IPv6 address) dev eth0
this would be ipv6 adresse of my container with at the end vmbr1 to us.
having more the a openvz server would mean i could add this more, for each Virtuell Server?!

will try it tonight

the Host itself in my case will not need a ipv6 i will manage them only localy.

have a nice day
vinc
 

mo_

Active Member
Oct 27, 2011
401
4
38
Germany
That is what I meant, yes. However I just realized that you may not need to do this when using vmbr at all. It's been a long while since I have messed with this
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!