IPv6 veth unreachable from outside network

  • Thread starter Thread starter Atoomkern
  • Start date Start date
A

Atoomkern

Guest
I am trying to assign IPv6 adresses to the OpenVZ containers using veth.

In the container the /etc/network/interfaces looks like:
auto eth0
iface eth0 inet6 static
address [ipv6 address]
netmask 64
gateway [ipv6 gateway]

auto eth0:0
iface eth0:0 inet static
address [ipv4 address]
netmask 255.255.255.0
gateway [ipv4 gateway]

Both the IPv4 and IPv6 addresses are reachable from within the Proxmox cluster but only the IPv4 addresses are reachable from the outside. Can anyone help me with this problem?
 
Some extra information:
-IPv6 in KVM works without a problem.
-I tried all kinds of settings but the host system seems to block all the IPv6 traffic.

Can anyone who has a working IPv6 veth setup post his configuration? That would help me a lot!
 
Sorry for kicking this topic but does no one here have experience with OpenVZ with IPv6 veth?
 
Thank you for your reply. The container was only pingable from its host. Any other server within or outside the network is unable to ping the IPv6 of the container.
 
I am still working on the problem. I found this link (https://azuma.kaizo.org/simonb/openvz+ipv6.php) and added the IPv6 addresses inside the container with the commands mentioned:
# ip -6 addr add [IPv6 address]/64 dev eth0
# ip -6 route add [IPv6 gatewayaddress] dev eth0
# ip -6 route add default via [IPv6 gatewayaddress] dev eth0

After that the IPv6 address works and is reachable from the internet! But when I add it to the /etc/network/interfaces like:

iface eth0 inet6 static
address [IPv6 address]
netmask 64
gateway [IPv6 gateway address]

It is unreachable again after a reboot.
 
I figured something out wehn net.ipv6.conf.all.forwarding is disabled (0) in /etc/sysctl.conf on the host, the container gets its default routes. The IPv6 is now pingable from the outside but there seems to be something wrong since pinging ipv6.google.com gives Destination unreachable: No route
 
Last edited by a moderator:
Can you print the routing table on the host using the command
ip -6 route show

thnx,

Roy
 
Thank you again for your quick reply Roy. Here is the output and configuration of host and container:

ip -6 route show on host:
Code: 
2001:1af8:****:b050::/64 dev eth2  proto kernel  metric 256  expires 2592092sec mtu 1500 advmss 1440 hoplimit 0
2001:1af8:****:b050::/64 dev eth0  proto kernel  metric 256  expires 2592091sec mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
default via fe80::2d0:2bff:fee6:a500 dev eth0  proto kernel  metric 1024  expires 1729sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::202:17ff:fe72:9400 dev eth0  proto kernel  metric 1024  expires 1729sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::2d0:2bff:fee6:a500 dev eth2  proto kernel  metric 1024  expires 1730sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::202:17ff:fe72:9400 dev eth2  proto kernel  metric 1024  expires 1730sec mtu 1500 advmss 1440 hoplimit 64
ip -6 route on container:
Code: 
 2001:1af8:****:b050::/64 dev eth2  proto kernel  metric 256  expires 2592092sec mtu 1500 advmss 1440 hoplimit 0
2001:1af8:****:b050::/64 dev eth0  proto kernel  metric 256  expires 2592091sec mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
default via fe80::2d0:2bff:fee6:a500 dev eth0  proto kernel  metric 1024  expires 1729sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::202:17ff:fe72:9400 dev eth0  proto kernel  metric 1024  expires 1729sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::2d0:2bff:fee6:a500 dev eth2  proto kernel  metric 1024  expires 1730sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::202:17ff:fe72:9400 dev eth2  proto kernel  metric 1024  expires 1730sec mtu 1500 advmss 1440 hoplimit 64
/etc/network/interfaces host:
Code: 
iface eth0 inet manual

iface eth0 inet6 manual

auto vmbr0
iface vmbr0 inet static
        address  [ipv4]
        netmask  255.255.255.0
        gateway  [ipv4 gateway]
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

iface vmbr0 inet6 static
        address 2001:1AF8:****:B050::A016
        netmask 64
        gateway 2001:1AF8:****:B050::1

auto vmbr1
iface vmbr1 inet static
        address  [ipv4]
        netmask  255.255.255.0
        bridge_ports eth0.2
        bridge_stp off
        bridge_fd 0
/etc/network/interfaces container:
Code: 
auto eth0
iface eth0 inet static
        address [ipv4]
        netmask 255.255.255.0
        gateway [ipv4 gateway]

auto eth2
iface eth2 inet6 static
        address 2001:1AF8:****:B050::A006
        netmask 64
        gateway 2001:1AF8:****:B050::1

auto eth1
iface eth1 inet static
        address [ipv4]
        netmask 255.255.255.0
 
I think you either made a paste error in showing the output or your problem seems to ly in the fact that you route ipv6 traffic on the host through non existing interfaces.
You defined ipv6 on the host on vmbr0, however you route it over eth0 and eth2

On the container you have a bit simmilar issue... eth2 has an ipv6 config, however eth0 doesnt. therefore there is no need to have that in your routing table.

Best Regards,
Roy
 
Thank you Roy. I indeed made a paste error. I also changed the eth2 to eth0 on the container.

Now the output of the host with an inactive container shows the following default via:
default via 2001:1af8:****:b050::1 dev vmbr0 metric 1 mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::202:17ff:fe72:9400 dev vmbr0 proto kernel metric 1024 expires 1780sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::2d0:2bff:fee6:a500 dev vmbr0 proto kernel metric 1024 expires 1780sec mtu 1500 advmss 1440 hoplimit 64

And the container only has the last two lines that will not work because the first line has the right route.

Any idear? When I run the following command on the container everything works but that is an ugly fix to run everytime eth0 gets up:
[SIZE=-1] ip -6 route add default via 2001:1AF8:****:B050::1 dev eth0

Update: When I romove the IPv6 from /etc/network/interfaces on the host the ouput still shows
[/SIZE]default via fe80::202:17ff:fe72:9400 dev vmbr0 proto kernel metric 1024 expires 1780sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::2d0:2bff:fee6:a500 dev vmbr0 proto kernel metric 1024 expires 1780sec mtu 1500 advmss 1440 hoplimit 64
 
Last edited by a moderator:
You must log in or register to reply here.
Top Bottom