> This sounds like multicast packets aren't getting through the bridge. > Check the values of /sys/class/net/$IFACE/bridge/multicast_querier and > /sys/class/net/$IFACE/bridge/multicast_snooping
On the host, I get: cat /sys/class/net/virbr2/bridge/multicast_querier 0 cat /sys/class/net/virbr2/bridge/multicast_snooping 1 Searching based on your comment seems to show that it could be the other way round for my use case: https://unix.stackexchange.com/questions/391672/what-is-multicast-snooping-and-why-does-it-break-upnp-dlna https://bugzilla.redhat.com/show_bug.cgi?id=880035 and even more precisely: https://bugzilla.redhat.com/show_bug.cgi?id=902922 https://access.redhat.com/solutions/784373 I tested: echo 1 > /sys/class/net/virbr2/bridge/multicast_querier echo 0 > /sys/class/net/virbr2/bridge/multicast_snooping (see detailed test procedure below) but the result was the same: - no sollicitations observed, except when the guest is started - the ULA address is dropped at the end of its lifetime (3600s) Interestingly, a restart of the libvirt virtual network resets these flags to their original value for the related bridge. Is there maybe something I could also test at the Debian guest level? (The CentOS/RHEL guests don't have this problem, but they seem to use Network Manager for this, not the default mechanism) Thank you for your help, Mathieu ## Test procedure # After a fresh reboot of the host, as root ip address show dev virbr2 8: virbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:54:00:fa:ba:58 brd ff:ff:ff:ff:ff:ff inet6 fd34:fe56:7891:6::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fefa:ba58/64 scope link valid_lft forever preferred_lft forever cat /sys/class/net/virbr2/bridge/multicast_querier 0 cat /sys/class/net/virbr2/bridge/multicast_snooping 1 # Change both flags echo 1 > /sys/class/net/virbr2/bridge/multicast_querier echo 0 > /sys/class/net/virbr2/bridge/multicast_snooping # Shutdown all guests on this host # Restart the routed libvirt virtual network using virbr2 !! The flags have been reset to their previous values cat /sys/class/net/virbr2/bridge/multicast_snooping 1 cat /sys/class/net/virbr2/bridge/multicast_querier 0 # Set again the flags echo 1 > /sys/class/net/virbr2/bridge/multicast_querier echo 0 > /sys/class/net/virbr2/bridge/multicast_snooping # Monitor icmp6 tcpdump -n -i virbr2 icmp6 # Start only the Debian guest VM brctl show virbr2 bridge name bridge id STP enabled interfaces virbr2 8000.525400faba58 yes virbr2-nic vnet1 Link address of the bridge (virbr2): fe80::5054:ff:fefa:ba58/64 Link address guest (vnet1 from the host perspective, enp2s0 from the guets perspective): fe80::fc54:ff:fe47:812f/64 On the host, during the VM startup, tcpdump shows: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on virbr2, link-type EN10MB (Ethernet), capture size 262144 bytes 06:18:56.187251 IP6 :: > ff02::1:ff47:812f: ICMP6, neighbor solicitation, who has fe80::5054:ff:fe47:812f, length 32 06:18:57.211370 IP6 fe80::5054:ff:fe47:812f > ff02::2: ICMP6, router solicitation, length 16 06:18:57.211698 IP6 fe80::5054:ff:fefa:ba58 > fe80::5054:ff:fe47:812f: ICMP6, router advertisement, length 88 06:18:57.415428 IP6 :: > ff02::1:ff47:812f: ICMP6, neighbor solicitation, who has fd34:fe56:7891:6:5054:ff:fe47:812f, length 32 06:19:02.320961 IP6 fe80::5054:ff:fefa:ba58 > fe80::5054:ff:fe47:812f: ICMP6, neighbor solicitation, who has fe80::5054:ff:fe47:812f, length 32 06:19:02.321166 IP6 fe80::5054:ff:fe47:812f > fe80::5054:ff:fefa:ba58: ICMP6, neighbor advertisement, tgt is fe80::5054:ff:fe47:812f, length 24 06:19:07.358070 IP6 fe80::5054:ff:fe47:812f > fe80::5054:ff:fefa:ba58: ICMP6, neighbor solicitation, who has fe80::5054:ff:fefa:ba58, length 32 06:19:07.358136 IP6 fe80::5054:ff:fefa:ba58 > fe80::5054:ff:fe47:812f: ICMP6, neighbor advertisement, tgt is fe80::5054:ff:fefa:ba58, length 24 # Log in to the guest via the public interface and monitor icmp6 on the guest sudo tcpdump -n -i enp2s0 icmp6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes # RESULT - no additional exchanges observed, neither on the host nor on the guest - ULA address dropped after 3600s, as before - host router seems STALE, as seen from the guest ip -6 neigh ... fe80::5054:ff:fefa:ba58 dev enp2s0 lladdr 52:54:00:fa:ba:58 router STALE ...
