[Users] IPv6 Support in VE's

Michael H. Warfield mhw at WittsEnd.com
Thu Nov 26 21:14:50 EST 2009 

Hey hey...

On Wed, 2009-11-25 at 14:25 -1000, Antonio Querubin wrote: 
> Care to share your IPv6 configs for the VEs with the rest of us?  The 
> wiki's IPv6 examples don't seem to work for us here.

Sure.  Not problem.  They're small enough I'll just do them in-line
here.  I gave up on the IPv6 stuff in the wiki ages ago as simply going
way off in the wrong direction.  Too much fixation on the vnet device.
I think this topic came up years ago on the list and all I heard back
was excuses about why it didn't support MAC addresses and how we didn't
need MAC addresses and all kinds of IPv4 think wrt IPv6.  Whadeva...
Dump the vnet cruft and forget about it.

On the host (a CentOS 5.4 machine called Y2 [from a cave in the old game
Adventure, from which my domain name, WittsEnd.com is derived]):

/etc/vz/conf/1007.conf
== 
  :
HOSTNAME="platform.wittsend.com"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/$VEID"
OSTEMPLATE="centos-5-i386-default"
ORIGIN_SAMPLE="vps.basic"
NAMESERVER="130.205.32.4 130.205.38.61"
SEARCHDOMAIN="wittsend.com"
NETIF="ifname=eth0,mac=00:04:08:01:01:07,host_ifname=veth1007.0,host_mac=0E:04:08:01:00:07"
NAME="platform"
== 

/etc/sysconfig/network
== 
NETWORKING=yes
HOSTNAME=y2.wittsend.com
NETWORKING_IPV6=yes
IPV6FORWARDING=no
== 

/etc/sysconfig/network-scripts/ifcfg.eth0:
== 
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
BRIDGE=veth0
== 

/etc/sysconfig/network-scripts/ifcfg.veth0:
== 
DEVICE=veth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Bridge
DHCP_HOSTNAME=y2.wittsend.com
== 

/etc/sysconfig/network-scripts/ifcfg.veth1007.0:
== 
DEVICE=veth1007.0
ONBOOT=no
BRIDGE=veth0
== 

On VE 1007 (a CentOS 5.4 machine called Platform [from another cave in
the Adventure]):

/etc/sysconfig/network-scripts/ifcfg.eth0:
== 
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=130.205.38.7
NETMASK=255.255.255.0
BROADCAST=130.205.38.255
GATEWAY=130.205.38.1
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6TO4INIT=no
== 

Hotplug scripts manage the interfaces when they come up on the host
(which is why ONBOOT=no for THOSE interfaces).

Note 1: Platform could have been an IPv4 dhcp address as well and Y2
could have been a static IPv4.  Both are autoconf'ed IPv6.  Both could
have equally been static config'ed IPv6, and I have some of that in
production, where I have multiple IPv6 addresses, as well on some Fedora
10 hosts and VE's.

Note 2:  Because it's bridged and not routed, in /etc/sysctl.conf, I
have "net.ipv6.conf.all.forwarding = 0".  You must have that or autoconf
will fail on all interfaces on the host and in the VE's, and your
default IPv6 routes will not work.  Static addresses will still work but
you have to use a route 2000::/3 pointing at your router as a substitute
default route (a deliberate Linux peculiarity when IPv6 routing is
enabled).

Note 3: Best to specify your host_mac MAC address for the VE's and make
sure the "locally managed" bits are set (that initial 0E in the
host_mac=).  Seems that Linux has this really PECULIAR policy that it
will use the numerically lowest MAC address on the bridge as the address
for the bridge MAC.  This insures that your VE's won't cause the MAC
address of the bridge to differ from the MAC address of the host eth*
MAC and wander all over hell's half acre as VE's come up causing havoc
with IPv6 autoconf and IPv4 DHCP on the host.

Note 4: Sometimes I notice some delay in router solicitation and router
advertisement response such that the VE doesn't autoconf his address
right away.  It will autoconf after the appropriate router advertisement
cycle or if I restart radvd/zebra on the router so I believe it has
something to do with the VE sending out the router solicitation query
but I've never sat down to debug that.

That's about all there is to it.  If you're on Debian / Ubuntu, I'm not
going to be much help, I'm afraid, but maybe these will help as a clue.
Enjoy...

Regards,
Mike

> Antonio Querubin
> 808-545-5282 x3003
> e-mail/xmpp:  tony at lava.net
> AH6BW
> On Wed, 2009-11-18 at 23:17 +0000, Matt Richards wrote:
> > Hello,
> > I have OpenVZ setup and running with ipv4 without any issues.
> > I would like to get ipv6 address to the ve's
> > My network currently has ipv6 and the hardware nodes have ipv6 addresses
> > assigned to them.
> > I currently have ipv6 built into the kernel and also enabled
> > /etc/vz/vz.conf 
> > If I add an ipv6 address to a VE when i try to start it i get the 
> > following ... 
> > virt1 linux # vzctl start 46 
> > Starting VE ... 
> > VE is mounted 
> > Adding IP address(es): 192.168.4.46 2001:470:9002:2::46 
> > RTNETLINK answers: No such device 
> > vps-net_add ERROR: Unable to add route /sbin/ip route add 
> > 2001:470:9002:2::46 dev venet0 
> > VE start failed 
> > Stopping VE ... 
> > VE was stopped 
> > VE is unmounted 
> > Does anybody know why I might be getting this and what else I can check. 
> > The next thing I would try is running ipv6 as a kernel module but it 
> > would be nice if this wasn't necessary. 
> 
> I run IPv6 extensively and I'm personally a member of the North America v6 Task Force (NAv6TF). 
> I have no problem running IPv6 in a VE but you have to use the veth device (I know people are 
> going to jump up right now proclaiming that's not true - BUT IT IS). AFAICT, the vnet devices 
> are NOT IPv6 compliant. They do not properly support MAC addresses and, consequently, link 
> local addresses and can not play nice with neighbor discovery or router advertisements, router 
> discovery, or auto-conf. For the same reason, I seriously DOUBT they play nice with the
> mandatory multicast addresses (all nodes, routers, etc, etc). I gave up totally on vnet ages 
> ago for that very exact reason. I've never tested it but I seriously doubt the vnet device 
> driver would pass any of the compliance test suites for that very reason. Avoid it like the 
> plague as switch to veth with bridging and you'll be fine. 

> > my vzctl version is ... 
> > 
> > vzctl version 3.0.22 
> > 
> > Cheers, 
> > 
> > Matt. 
> 
> Regards, 
> Mike

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://openvz.org/pipermail/users/attachments/20091126/b1d53deb/attachment.bin

More information about the Users mailing list