OVH IPv6 only KVM

[Vengance]

Hello!

I have a dedicated server running with Proxmox 5.0 at ovh (soyoustart).
There are aleady running some KVMs with an IPv4 and an IPv6 address, which works fine.

Due to the limited amount of IPv4s I want to setup some KVM VMs with only an IPv6 address.
I did some testing and found out, that IPv6 connections only work, if you enter the vMAC of an unused IPv4 Failover to the NIC of the VM.


But I also found out, that the usage of a ndppd proxy should solve this problem.
I set up my system according to the following manual.

Now if I create a VM with only an IPv6 and random MAC (not a vMAC of an IPv4), the IPv6 connection doesn´t work.

If I enter the following command (which is normaly the job of the proxy) after the creation of the VM, the IPv6 only VM can ping ipv6 addresses.

ip -6 neigh add proxy 2001:xxxx:2:8054::603 dev vmbr0

But if I restart the VM, the IPv6 connection is lost and no matter how often I enter the command, I can´t bring it up again. So It only works for newly created VMs until they are being rebooted.




Manual: https://gist.github.com/panperla/77c169b1a8a1b745277d67f0979c86fd



IPv6 network config hostsystem:

iface vmbr0 inet6 static

        address 2001:xxxx:0002:8054::
        netmask 64
        post-up /sbin/ip -f inet6 route add 2001:xxxx:0002:80ff:ff:ff:ff:ff dev vmbr0
        post-up /sbin/ip -f inet6 route add default via 2001:xxxx:0002:80ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del default via 2001:xxxx:0002:80ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del 2001:xxxx:0002:80ff:ff:ff:ff:ff dev vmbr0

/etc/ndppd.conf hostsystem:

proxy vmbr0 {

          rule 2001:xxxx:2:8054::/64 {
  }
}

/etc/sysctl.conf hostsystem:

# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1

###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0
# Disable IPv6 autoconf
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.vmbr0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.vmbr0.accept_ra = 0
net.ipv6.conf.vmbr0.accept_ra = 0
net.ipv6.conf.vmbr0.autoconf = 0
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.accept_ra_defrtr = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.vmbr0.accept_ra_defrtr = 0
net.ipv6.conf.all.accept_ra_pinfo = 0
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.vmbr0.accept_ra_pinfo = 0


net.ipv6.conf.all.router_solicitations = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1
net.ipv4.ip_forward = 1

Network config of an IPv6 only VM:

 

[Vengance]

Any suggestions?
I just want to get some IPv6 only VMs running.

 

[MrPowerGamerBR]

Sorry for the necro but @Vengence did you end up figuring out what was the issue? I have exactly the same issue as you and I just can't figure out *why* restarting the VM/LXC container breaks the IPv6 network.

Changing the IPv6 IP to a new one ends up fixing it but, you know, that's not a good solution.

 

[Vengance]

No, IPv6 at OVH is a huge pain in the ass and horrible integrated.

I moved to hetzner, everything works just fine there