IPv6 not working in simple setup

A

Andi

Member
Proxmox Subscriber
May 31, 2015
19
0
21
Hello!

I have a quite simple setup with three nodes. All of them have two network interfaces which are all connected to the same switch.
Moreover I have a /28-IPv4 and a /64-IPv6 subnet.

All network-configuration were done via proxmox webinterface - I didn't change anything in a file.

The `/etc/network/interfaces` of one of the hosts (look all equal, just other IPs of the subnets):

Code: 
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage part of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet manual
    slaves eth0 eth1
    bond_miimon 100
    bond_mode balance-rr

auto vmbr0
iface vmbr0 inet static
    address  one-IPv4-of-subnet
    netmask  255.255.255.240
    gateway  first-IPv4-as-gateway
    bridge_ports bond0
    bridge_stp off
    bridge_fd 0

iface vmbr0 inet6 static
    address  one-IPv6-of-subnet
    netmask  64
    gateway  first-IPv6-as-gateway

One the hosts everything works fine. IPv4 and IPv6.

Now I create a minimal Debian 8 LXC on the webinterface and give it a IPv4 and IPv6 address, which ends up in this /etc/network/interfaces:

Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address another-IPv4-from-subnet
    netmask 255.255.255.240
    gateway first-IPv4-as-gateway

iface eth0 inet6 static
    address another-IPv6-from-subnet
    netmask 64
    gateway first-IPv6-as-gateway

But on the container IPv6-pings always answer "Destination unreachable: Address unreachable". `ifconfig` and `route -6` look correct.

DNS settings are not modified on the container (so it uses the hosts ones) and firewall is disabled.

Where is my mistake?
 
Looks OK for me. But you remove all relevant address from your post, so it is hard to detect mistakes.
 
Please sorry, here are the unedited versions:

on host:
Code: 
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage part of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet manual
    slaves eth0 eth1
    bond_miimon 100
    bond_mode balance-rr

auto vmbr0
iface vmbr0 inet static
    address  109.230.233.53
    netmask  255.255.255.240
    gateway  109.230.233.49
    bridge_ports bond0
    bridge_stp off
    bridge_fd 0

iface vmbr0 inet6 static
    address  2a05:bec0:2:6:1:815:1305:18
    netmask  64
    gateway  2a05:bec0:2:6::1

on the container:

Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 109.230.233.56
    netmask 255.255.255.240
    gateway 109.230.233.49

iface eth0 inet6 static
    address 2a05:bec0:2:6:2::9999
    netmask 64
    gateway 2a05:bec0:2:6::1

These are the information I got from my hoster:
Code: 
109.230.233.48/28
Gateway: 109.230.233.49
Netmask: 255.255.255.240

2a05:bec0:2:6::/64
GW 2a05:bec0:2:6::1/64
 
still looks OK to me. Please try to use tcpdump to debug. Maybe you hoster has some kind of MAC address restrictions?
 
Okay, that's quite interesting: the IPv6 neighbor packages are receiving the container:

from a external device:
Code: 
# ping6 2a05:bec0:2:6:2::9999
PING 2a05:bec0:2:6:2::9999(2a05:bec0:2:6:2::9999) 56 data bytes
From 2001:7f8::3:1cf:0:1 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:7f8::3:1cf:0:1 icmp_seq=15 Destination unreachable: Address unreachable
From 2001:7f8::3:1cf:0:1 icmp_seq=19 Destination unreachable: Address unreachable
From 2001:7f8::3:1cf:0:1 icmp_seq=23 Destination unreachable: Address unreachable
^C
--- 2a05:bec0:2:6:2::9999 ping statistics ---
25 packets transmitted, 0 received, +4 errors, 100% packet loss, time 24158ms

on the host:
Code: 
# tcpdump ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:06:25.028934 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:25.459208 IP6 2a05:bec0:2:6:1:815:1305:18.35347 > 2001:1608:10:25::1c04:b12f.domain: 3498+ PTR? 9.9.9.9.0.0.f.f.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
13:06:25.459945 IP6 2001:1608:10:25::1c04:b12f.domain > 2a05:bec0:2:6:1:815:1305:18.35347: 3498 NXDomain 0/1/0 (160)
13:06:26.028804 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:26.468697 IP6 2a05:bec0:2:6:1:815:1305:18.47409 > 2001:1608:10:25::1c04:b12f.domain: 14559+ PTR? 8.1.0.0.5.0.3.1.5.1.8.0.1.0.0.0.6.0.0.0.2.0.0.0.0.c.e.b.5.0.a.2.ip6.arpa. (90)
13:06:27.028444 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:30.469887 IP6 fe80::9a4b:e1ff:fe7f:127a > 2a05:bec0:2:6::1: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6::1, length 32
13:06:31.469138 IP6 2a05:bec0:2:6:1:815:1305:18.33870 > 2001:1608:10:25::1c04:b12f.domain: 45872+ PTR? a.7.2.1.f.7.e.f.f.f.1.e.b.4.a.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
13:06:31.470033 IP6 2001:1608:10:25::1c04:b12f.domain > 2a05:bec0:2:6:1:815:1305:18.33870: 45872 NXDomain* 0/1/0 (149)
13:06:39.025992 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:40.025855 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:41.025645 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:43.025218 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:44.024980 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:45.024786 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:47.024355 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:48.026737 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
13:06:49.023962 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32

on the container:
Code: 
# tcpdump ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:06:05.033147 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:05.033149 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:07.032676 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:07.032678 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:08.032551 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:08.032553 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:09.032262 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:09.032269 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:25.028944 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:25.028941 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:26.028813 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:26.028814 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:27.028430 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:27.028455 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32
12:06:39.026005 IP6 fe80::222:8300:bd0e:7c0 > ff02::1:ff00:9999: ICMP6, neighbor solicitation, who has 2a05:bec0:2:6:2::9999, length 32

When I try a outgoing ping from the container nothing appears in tcpdump - either on the container or the host.

I don't believe in a MAC address filter because there server and the switch are owned by me and just in a colocation space. and I don't member telling my hoster int MAC addresses of the servers.
 
Okay, I found some interesting on the container:
`ip -6 neigh` shows "FAILED" on eth0.

I looked at this:
Code: 
root@network-test:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 32:31:65:37:32:35 brd ff:ff:ff:ff:ff:ff
    inet 109.230.233.56/28 brd 109.230.233.63 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a05:bec0:2:6:2::9999/64 scope global tentative dadfailed
       valid_lft forever preferred_lft forever
    inet6 fe80::3031:65ff:fe37:3235/64 scope link tentative dadfailed
       valid_lft forever preferred_lft forever
Have a look at "dadfailed" after the IPv6 addresses. I tried to disable duplicate address detection and `ip addr` looks good now, but `ip -6 neigh` still shows "FAILED". Of course I rebooted everything.

So, now more questions than answers:
1. Is the duplicate address allocation a problem with Proxmox? If yes, is it known?
2. What could there be for other reasons why IPv6 does still not work?

Could it be a problem, that I own the subnet not very long yet (for about two weeks)?
 
Maybe you have the same address several times? The dadfailed on the link local address is weird - since it's generated from the MAC address: do you have the same mac address on multiple interfaces on the same link maybe?
 
Not sure, but since I have the bond configured, eht0 and eth1 have the same MAC:
Code: 
bond0     Link encap:Ethernet  HWaddr 98:4b:e1:7f:12:7a
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:144473409 errors:0 dropped:114002 overruns:0 frame:0
          TX packets:114031555 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:65787012992 (61.2 GiB)  TX bytes:29636585114 (27.6 GiB)

eth0      Link encap:Ethernet  HWaddr 98:4b:e1:7f:12:7a
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:72323033 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57016506 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32993525624 (30.7 GiB)  TX bytes:14818612079 (13.8 GiB)
          Interrupt:16

eth1      Link encap:Ethernet  HWaddr 98:4b:e1:7f:12:7a
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:72150376 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57015049 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32793487368 (30.5 GiB)  TX bytes:14817973035 (13.8 GiB)
          Interrupt:17

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4986494 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4986494 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7791495409 (7.2 GiB)  TX bytes:7791495409 (7.2 GiB)

veth100i0 Link encap:Ethernet  HWaddr fe:9d:a9:e1:53:5f
          inet6 addr: fe80::fc9d:a9ff:fee1:535f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:83485 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8619336 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:14449487 (13.7 MiB)  TX bytes:4196422998 (3.9 GiB)

veth9999i0 Link encap:Ethernet  HWaddr fe:f3:99:4b:00:23
          inet6 addr: fe80::fcf3:99ff:fe4b:23/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:64416 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6439756 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10458639 (9.9 MiB)  TX bytes:3135086178 (2.9 GiB)

vmbr0     Link encap:Ethernet  HWaddr 98:4b:e1:7f:12:7a
          inet addr:109.230.233.53  Bcast:109.230.233.63  Mask:255.255.255.240
          inet6 addr: fe80::9a4b:e1ff:fe7f:127a/64 Scope:Link
          inet6 addr: 2a05:bec0:2:6:1:815:1305:18/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:140261573 errors:0 dropped:0 overruns:0 frame:0
          TX packets:109442755 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:62908369390 (58.5 GiB)  TX bytes:28860883799 (26.8 GiB)

I already noticed this, when I was labeling the ports in the switch interface (the servers are connected to a managed switch). Before I configured the bond, eth1 had 7b at the end of the MAC.
Could this really be the problem? If yes, how to fix it? Remember: I configured the bond via Proxmox GUI...
 
Maybe your switch is looping back the DAD packet over the second connection. Is the switch aware of the bonds?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back