On 28/03/2021 21:27, Stephan Seitz wrote:
Am Sonntag, den 28.03.2021, 20:33 +0200 schrieb Wido den Hollander:
On 26/03/2021 20:56, Stephan Seitz wrote:
Wido, thank's a lot!
I just had to look into the db. The correctly calculated SLAAC is
already there.
Double-check: The API and UI do show an IPv6 address for the NIC?
It's then up to you to make sure the Routers in the (shared)
network
send out the proper Router Advertisements.
Also check on the hypervisor with 'ip6tables-save' and ipset to see
if
all the IPs have been programmed properly into the security groups.
Should just work. We have been using this code for years now.
Wido
I was a little puzzled due to the new UI. Indeed, it is shown in the
UI. I didn't check UI and API at first because of the outdated 4.11
docs which mentioned dhcp6. My fault and poor media literacy :)
To summarize: Your code works well and everything is configured (and
shown) as it should, I just tried the wrong approach with dhcp and
didn't look out of the box.
Anyway, thanks for pointing me to SLAAC!
You're welcome!
Keep in mind that you should disable IPv6 privacy extensions or any
other form that generates a different IPv6 address for the VM other then
EUI-64/SLAAC.
Windows for example needs to be modified as well as by default it
doesn't use the MAC of the NIC to generate an IPv6 address.
Wido
Stephan
Sorry for the noise!
Stephan
Am Freitag, den 26.03.2021, 20:28 +0100 schrieb Wido den Hollander:
On 26/03/2021 20:23, Stephan Seitz wrote:
Hi!
I've recently deployed 4.15.0 Advanced Zone with CentOS 8 kvm
hosts
and
classic linux bridges. I do know that CentOS 7 is preferred,
but
with
some initial tweaks here and there, i'ld say it's working quite
well.
VLAN or VXLAN?
small scale, so VLAN fits very well (just for the record)
Currently, I'm trying to use IPv6 on shared networks. I'd
learned
that
IPv6 only does not work, so I switched to IPv6 plus RFC 1918
IPv4
natted at the outer gateway. IPv4 is not a requirement, but if
it's
necessary to add, it doesn't harm.
Yes. IPv4 is still needed and RFC1918 is just fine. Cloud-init
works
over IPv4. It's a lot of work to get rid of IPv4 in CloudStack.
I'm a big IPv6 fan (wrote a lot of the code in CS), but I didn't
bother
getting rid of IPv4. Not a real use-case for v6-only just yet.
The IPv4 addresses of the deployed hosts are provided by the
virtual
router as expected.
My problem is: I don't get any dhcp6 lease out of the VR. I dug
with
tcpdump on the host and VR. I see the solicit message arriving,
but
no
answering advertise message. I've tried almost everything at
the
host:
accepting RA, Autoconf, selectively disabling these. Also
modifying
the
dhcpv6 duid as seen on some 4.11 docs didn't change anything.
IPv6 does not work with DHCPv6. You should see that when the IPv6
CIDR
is set properly for the shared network in the database that
CloudStack
calculates/generates the IPv6 address the Instance should obtain
through
SLAAC (without privacy addresses!)
When that works you have security grouping also working. It then
filters
on source addresses from VMs and such.
We have thousands of VMs connected with IPv6 this way.
Wido
Best case is, that I'm stuck with hosts correctly configured by
the
router advertisement, but ACS doesn't know about it. So
subsequently i
can't add records to the respective DNS Zones.
Alternatively, I could skip ACS and add the provable eui-64
addresses
to the zone, but I'ld like to avoid that.
After a few uneducated peeks into the VR's dnsmasq
configuration, I
cannot spot any setting for providing dhcp6 leases.
Initially I've deployed the 4.15.0 systemvmtemplate downloaded
from
http://download.cloudstack.org/systemvm/4.15/
Right now, I've switched to the 4.15.1 from the same location,
but
that
didn't change anything.
I've also tried switching the Zone from internal DNS to
external
DNS
and vice versa (these are identical, except the internal DNS is
also
equipped with the respective IPv6 addresses, which obviously
cannot
be
added to the external DNS). That didn't change anything either.
So, I'ld like to ask for any advise.
Thanks in advance!
Stephan
