Hey hey... On Wed, 2009-11-25 at 14:25 -1000, Antonio Querubin wrote: > Care to share your IPv6 configs for the VEs with the rest of us? The > wiki's IPv6 examples don't seem to work for us here.
Sure. Not problem. They're small enough I'll just do them in-line here. I gave up on the IPv6 stuff in the wiki ages ago as simply going way off in the wrong direction. Too much fixation on the vnet device. I think this topic came up years ago on the list and all I heard back was excuses about why it didn't support MAC addresses and how we didn't need MAC addresses and all kinds of IPv4 think wrt IPv6. Whadeva... Dump the vnet cruft and forget about it. On the host (a CentOS 5.4 machine called Y2 [from a cave in the old game Adventure, from which my domain name, WittsEnd.com is derived]): /etc/vz/conf/1007.conf == : HOSTNAME="platform.wittsend.com" VE_ROOT="/vz/root/$VEID" VE_PRIVATE="/vz/private/$VEID" OSTEMPLATE="centos-5-i386-default" ORIGIN_SAMPLE="vps.basic" NAMESERVER="130.205.32.4 130.205.38.61" SEARCHDOMAIN="wittsend.com" NETIF="ifname=eth0,mac=00:04:08:01:01:07,host_ifname=veth1007.0,host_mac=0E:04:08:01:00:07" NAME="platform" == /etc/sysconfig/network == NETWORKING=yes HOSTNAME=y2.wittsend.com NETWORKING_IPV6=yes IPV6FORWARDING=no == /etc/sysconfig/network-scripts/ifcfg.eth0: == DEVICE=eth0 ONBOOT=yes BOOTPROTO=none BRIDGE=veth0 == /etc/sysconfig/network-scripts/ifcfg.veth0: == DEVICE=veth0 BOOTPROTO=dhcp ONBOOT=yes TYPE=Bridge DHCP_HOSTNAME=y2.wittsend.com == /etc/sysconfig/network-scripts/ifcfg.veth1007.0: == DEVICE=veth1007.0 ONBOOT=no BRIDGE=veth0 == On VE 1007 (a CentOS 5.4 machine called Platform [from another cave in the Adventure]): /etc/sysconfig/network-scripts/ifcfg.eth0: == DEVICE=eth0 BOOTPROTO=static ONBOOT=yes TYPE=Ethernet IPADDR=130.205.38.7 NETMASK=255.255.255.0 BROADCAST=130.205.38.255 GATEWAY=130.205.38.1 IPV6INIT=yes IPV6_AUTOCONF=yes IPV6TO4INIT=no == Hotplug scripts manage the interfaces when they come up on the host (which is why ONBOOT=no for THOSE interfaces). Note 1: Platform could have been an IPv4 dhcp address as well and Y2 could have been a static IPv4. Both are autoconf'ed IPv6. Both could have equally been static config'ed IPv6, and I have some of that in production, where I have multiple IPv6 addresses, as well on some Fedora 10 hosts and VE's. Note 2: Because it's bridged and not routed, in /etc/sysctl.conf, I have "net.ipv6.conf.all.forwarding = 0". You must have that or autoconf will fail on all interfaces on the host and in the VE's, and your default IPv6 routes will not work. Static addresses will still work but you have to use a route 2000::/3 pointing at your router as a substitute default route (a deliberate Linux peculiarity when IPv6 routing is enabled). Note 3: Best to specify your host_mac MAC address for the VE's and make sure the "locally managed" bits are set (that initial 0E in the host_mac=). Seems that Linux has this really PECULIAR policy that it will use the numerically lowest MAC address on the bridge as the address for the bridge MAC. This insures that your VE's won't cause the MAC address of the bridge to differ from the MAC address of the host eth* MAC and wander all over hell's half acre as VE's come up causing havoc with IPv6 autoconf and IPv4 DHCP on the host. Note 4: Sometimes I notice some delay in router solicitation and router advertisement response such that the VE doesn't autoconf his address right away. It will autoconf after the appropriate router advertisement cycle or if I restart radvd/zebra on the router so I believe it has something to do with the VE sending out the router solicitation query but I've never sat down to debug that. That's about all there is to it. If you're on Debian / Ubuntu, I'm not going to be much help, I'm afraid, but maybe these will help as a clue. Enjoy... Regards, Mike > Antonio Querubin > 808-545-5282 x3003 > e-mail/xmpp: [email protected] > AH6BW > On Wed, 2009-11-18 at 23:17 +0000, Matt Richards wrote: > > Hello, > > I have OpenVZ setup and running with ipv4 without any issues. > > I would like to get ipv6 address to the ve's > > My network currently has ipv6 and the hardware nodes have ipv6 addresses > > assigned to them. > > I currently have ipv6 built into the kernel and also enabled > > /etc/vz/vz.conf > > If I add an ipv6 address to a VE when i try to start it i get the > > following ... > > virt1 linux # vzctl start 46 > > Starting VE ... > > VE is mounted > > Adding IP address(es): 192.168.4.46 2001:470:9002:2::46 > > RTNETLINK answers: No such device > > vps-net_add ERROR: Unable to add route /sbin/ip route add > > 2001:470:9002:2::46 dev venet0 > > VE start failed > > Stopping VE ... > > VE was stopped > > VE is unmounted > > Does anybody know why I might be getting this and what else I can check. > > The next thing I would try is running ipv6 as a kernel module but it > > would be nice if this wasn't necessary. > > I run IPv6 extensively and I'm personally a member of the North America v6 > Task Force (NAv6TF). > I have no problem running IPv6 in a VE but you have to use the veth device (I > know people are > going to jump up right now proclaiming that's not true - BUT IT IS). AFAICT, > the vnet devices > are NOT IPv6 compliant. They do not properly support MAC addresses and, > consequently, link > local addresses and can not play nice with neighbor discovery or router > advertisements, router > discovery, or auto-conf. For the same reason, I seriously DOUBT they play > nice with the > mandatory multicast addresses (all nodes, routers, etc, etc). I gave up > totally on vnet ages > ago for that very exact reason. I've never tested it but I seriously doubt > the vnet device > driver would pass any of the compliance test suites for that very reason. > Avoid it like the > plague as switch to veth with bridging and you'll be fine. > > my vzctl version is ... > > > > vzctl version 3.0.22 > > > > Cheers, > > > > Matt. > > Regards, > Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | [email protected] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
