Wido, thank's a lot! I just had to look into the db. The correctly calculated SLAAC is already there.
Sorry for the noise! Stephan Am Freitag, den 26.03.2021, 20:28 +0100 schrieb Wido den Hollander: > > On 26/03/2021 20:23, Stephan Seitz wrote: > > Hi! > > > > I've recently deployed 4.15.0 Advanced Zone with CentOS 8 kvm hosts > > and > > classic linux bridges. I do know that CentOS 7 is preferred, but > > with > > some initial tweaks here and there, i'ld say it's working quite > > well. > > > > VLAN or VXLAN? small scale, so VLAN fits very well (just for the record) > > > Currently, I'm trying to use IPv6 on shared networks. I'd learned > > that > > IPv6 only does not work, so I switched to IPv6 plus RFC 1918 IPv4 > > natted at the outer gateway. IPv4 is not a requirement, but if it's > > necessary to add, it doesn't harm. > > > > Yes. IPv4 is still needed and RFC1918 is just fine. Cloud-init works > over IPv4. It's a lot of work to get rid of IPv4 in CloudStack. > > I'm a big IPv6 fan (wrote a lot of the code in CS), but I didn't > bother > getting rid of IPv4. Not a real use-case for v6-only just yet. > > > The IPv4 addresses of the deployed hosts are provided by the > > virtual > > router as expected. > > > > My problem is: I don't get any dhcp6 lease out of the VR. I dug > > with > > tcpdump on the host and VR. I see the solicit message arriving, but > > no > > answering advertise message. I've tried almost everything at the > > host: > > accepting RA, Autoconf, selectively disabling these. Also modifying > > the > > dhcpv6 duid as seen on some 4.11 docs didn't change anything. > > > > IPv6 does not work with DHCPv6. You should see that when the IPv6 > CIDR > is set properly for the shared network in the database that > CloudStack > calculates/generates the IPv6 address the Instance should obtain > through > SLAAC (without privacy addresses!) > > When that works you have security grouping also working. It then > filters > on source addresses from VMs and such. > > We have thousands of VMs connected with IPv6 this way. > > Wido > > > Best case is, that I'm stuck with hosts correctly configured by the > > router advertisement, but ACS doesn't know about it. So > > subsequently i > > can't add records to the respective DNS Zones. > > > > Alternatively, I could skip ACS and add the provable eui-64 > > addresses > > to the zone, but I'ld like to avoid that. > > > > After a few uneducated peeks into the VR's dnsmasq configuration, I > > cannot spot any setting for providing dhcp6 leases. > > > > Initially I've deployed the 4.15.0 systemvmtemplate downloaded from > > http://download.cloudstack.org/systemvm/4.15/ > > Right now, I've switched to the 4.15.1 from the same location, but > > that > > didn't change anything. > > > > I've also tried switching the Zone from internal DNS to external > > DNS > > and vice versa (these are identical, except the internal DNS is > > also > > equipped with the respective IPv6 addresses, which obviously cannot > > be > > added to the external DNS). That didn't change anything either. > > > > So, I'ld like to ask for any advise. > > > > Thanks in advance! > > > > Stephan > > > >
