IPv6AcceptRA = False default in LXC for IPv6 DHCP

[b3nw]

IPv6AcceptRA seems to be auto-set to False when setting LXC containers to DHCP on network settings for IPv6. Is there a setting I can adjust to change this to True?

 

[Folke]

Hi,
router advertisements are part of SLAAC not DHCP, so you have to choose that instead.
If you have some special requirements, you can also completely disable proxmox control of the networking in the container by running touch /etc/systemd/network/.pve-ignore.eth0.network (in the container) and then edit /etc/network/interfaces.

 

[Madozu]

There are various threads about "IPv6AcceptRA" setting in (Ubuntu) LXCs defaulting to true for SLAAC and to false for DHCPv6. Let me emphasize that IPv6 router advertisements are neither part of SLAAC nor DHCPv6. RAs are the standard way for a client to get routes when joining a network, independent of the address configuration being static, SLAAC or DHCPv6.

For reference, the section Router Advertisements (Or: “Where is the DHCPv6 gateway option?”) in the pfSense documentation explains this quite well.

I agree that creating the /etc/systemd/network/.pve-ignore.eth0.network file stops PVE from changing the IPv6AcceptRA setting ... but it also blocks any change to the containers network configuration made from the PVE GUI (or trhough the API). It does that even without showing a warning if you attempt to change the container's network configuration through the PVE GUI.

Proposal: Could an upcoming PVE version contain an "Accept IPv6 RA" checkbox in the container network configuration? That would allow to control that important IPv6 setting without having to block the whole container network configuration from being managed through the GUI or the API.

 

[esi_y]

Let me emphasize that IPv6 router advertisements are neither part of SLAAC nor DHCPv6.

Nice catch, indeed, RA is part of Neighbour Dicovery [1], SLAAC is a separate RFC [2]

[1] https://datatracker.ietf.org/doc/html/rfc4861
[2] https://datatracker.ietf.org/doc/html/rfc4862

I agree that creating the /etc/systemd/network/.pve-ignore.eth0.network file stops PVE from changing the IPv6AcceptRA setting ... but it also blocks any change to the containers network configuration made from the PVE GUI (or trhough the API). It does that even without showing a warning if you attempt to change the container's network configuration through the PVE GUI.

Proposal: Could an upcoming PVE version contain an "Accept IPv6 RA" checkbox in the container network configuration? That would allow to control that important IPv6 setting without having to block the whole container network configuration from being managed through the GUI or the API.

I think, especially the staff member who was in this conversation is "retired" (what a funny term, makes you feel like everyone goes straight O.A.P. from Proxmox), you better post this into Bugzilla as a request / bug (your call):

https://bugzilla.proxmox.com/

 

[Madozu]

I think, especially the staff member who was in this conversation is "retired" (what a funny term, makes you feel like everyone goes straight O.A.P. from Proxmox), you better post this into Bugzilla as a request / bug (your call):

https://bugzilla.proxmox.com/

Thanks @esi_y for the bugzilla link! As I always try to be friendly, I will not declare it as a bug ... but as a feature request to make the IPv6AcceptRA property settable from the GUI / API.

As soon as I find time for it, I will raise a request and post a link here.