<div dir="ltr">Appreciate the response. I have since disabled ipv6 configuration on the hardware nodes to work around the issue. I am still able to use ipv6 through the bridged veth interfaces from inside the CTs without any issues; ipv4 on the hardware nodes and containers works without issue.<div>
<br></div><div>This particular issue looks maybe to be a kernel related and not an openvz related. When the interfaces are in this broken state, traffic never leaves the interface even though the kernel reports an active/available route for the traffic.</div>
<div><a href="https://lkml.org/lkml/2012/3/25/13">https://lkml.org/lkml/2012/3/25/13</a><br></div><div><br></div><div>Axton Grams</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 4, 2014 at 10:16 PM, Kir Kolyshkin <span dir="ltr"><<a href="mailto:kir@openvz.org" target="_blank">kir@openvz.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>In general, network related issues are
not among the easiest to reply to, because<br>
unless this is something very obvious, it requires some
considerable time to understand<br>
the specifics of the setup, and no one has that time. Me included.<br>
<br>
As much as I wish to help, I think the best way for you is to get
an OpenVZ support contract.<br>
That way you'll have engineers who deal with such stuff on a daily
basis, and they will surely<br>
be able to help (or find a bug and forward it to developers). It's
here:<br>
<br>
<a href="http://www.parallels.com/support/virtualization-suite/openvz/" target="_blank">http://www.parallels.com/support/virtualization-suite/openvz/</a><br>
<br>
PS please understand I don't want to sell anything, I just want to
help.<div><div class="h5"><br>
<br>
On 02/26/2014 08:50 PM, Axton wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">A little more information to add.
<div><br>
</div>
<div><b><u>I rebooted the server, which resulted in the state
where I cannot reach ipv6 devices on the other side of my
router:</u></b></div>
<div>
<div><b>root@cluster-02:~# ping6 <a href="http://google.com" target="_blank">google.com</a></b></div>
<div>PING <a href="http://google.com" target="_blank">google.com</a>(<a href="http://atl14s08-in-x09.1e100.net" target="_blank">atl14s08-in-x09.1e100.net</a>)
56 data bytes</div>
<div>ping: sendmsg: Network is down</div>
<div>ping: sendmsg: Network is down</div>
<div>^C</div>
<div>--- <a href="http://google.com" target="_blank">google.com</a>
ping statistics ---</div>
<div>2 packets transmitted, 0 received, 100% packet loss, time
999ms</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>Here is the route and neighborhood information
while in this broken state:</u></b></div>
<div><b>root@cluster-02:~# ip -6 route</b></div>
<div>2001:xyz:abc:40::/64 dev vmbr40 proto kernel metric 256
expires 2147157sec mtu 1500 advmss 1440 hoplimit 0</div>
<div>fe80::1 dev venet0 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev vmbr30 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev vmbr40 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1.40 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1.30 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev venet0 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev veth10000.40 proto kernel metric 256 mtu
1500 advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev veth10000.30 proto kernel metric 256 mtu
1500 advmss 1440 hoplimit 0</div>
<div>default via fe80::225:90ff:fe09:9b81 dev vmbr40 proto
kernel metric 1024 expires 11sec mtu 1500 advmss 1440
hoplimit 64</div>
<div><b>root@cluster-02:~# ip -6 neigh</b></div>
<div>fe80::225:90ff:fe09:9b81 dev vmbr30 lladdr
00:25:90:09:9b:81 router STALE</div>
<div>2001:xyz:abc:40::10 dev vmbr40 lladdr 00:25:90:09:9b:81
router REACHABLE</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>Just to reconfirm things are not working after
print the route/neighborhood information:</u></b></div>
<div><b>root@cluster-02:~# ping6 <a href="http://google.com" target="_blank">google.com</a></b></div>
<div>
PING <a href="http://google.com" target="_blank">google.com</a>(<a href="http://atl14s08-in-x09.1e100.net" target="_blank">atl14s08-in-x09.1e100.net</a>)
56 data bytes</div>
<div>ping: sendmsg: Network is down</div>
<div>ping: sendmsg: Network is down</div>
<div>^C</div>
<div>--- <a href="http://google.com" target="_blank">google.com</a>
ping statistics ---</div>
<div>2 packets transmitted, 0 received, 100% packet loss, time
999ms</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>I delete the default ipv6 route:</u></b></div>
<div><b>root@cluster-02:~# ip -6 route del default via
fe80::225:90ff:fe09:9b81 dev vmbr40</b></div>
<div><b><br>
</b></div>
<div><b><br>
</b></div>
<div><b><u>Still unreachable:</u></b></div>
<div><b>root@cluster-02:~# ping6 <a href="http://google.com" target="_blank">google.com</a></b></div>
<div>connect: Network is unreachable</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>Here is the route and neighborhood information
after using ip to delete the route:</u></b></div>
<div><b>root@cluster-02:~# ip -6 route</b></div>
<div>2001:xyz:abc:40::/64 dev vmbr40 proto kernel metric 256
expires 2147157sec mtu 1500 advmss 1440 hoplimit 0</div>
<div>fe80::1 dev venet0 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev vmbr30 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev vmbr40 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1.40 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1.30 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev venet0 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev veth10000.40 proto kernel metric 256 mtu
1500 advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev veth10000.30 proto kernel metric 256 mtu
1500 advmss 1440 hoplimit 0</div>
<div>default via fe80::225:90ff:fe09:9b81 dev vmbr40 proto
kernel metric 1024 expires 10sec mtu 1500 advmss 1440
hoplimit 64</div>
<div><b>root@cluster-02:~# ip -6 neigh</b></div>
<div>fe80::225:90ff:fe09:9b81 dev vmbr30 lladdr
00:25:90:09:9b:81 router STALE</div>
<div>2001:xyz:abc:40::10 dev vmbr40 lladdr 00:25:90:09:9b:81
router STALE</div>
<div>fe80::225:90ff:fe09:9b81 dev vmbr40 lladdr
00:25:90:09:9b:81 router STALE</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>I then attempt to re-add the route (though it does
not show to have been deleted):</u></b></div>
<div><b>root@cluster-02:~# ip -6 route add default via
fe80::225:90ff:fe09:9b81 dev vmbr40</b></div>
<div>RTNETLINK answers: File exists</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>I now attempt to access the machine on the other
side of my router and things work:</u></b></div>
<div><b>root@cluster-02:~# ping6 <a href="http://google.com" target="_blank">google.com</a></b></div>
<div>PING <a href="http://google.com" target="_blank">google.com</a>(<a href="http://atl14s08-in-x01.1e100.net" target="_blank">atl14s08-in-x01.1e100.net</a>)
56 data bytes</div>
<div>64 bytes from <a href="http://atl14s08-in-x01.1e100.net" target="_blank">atl14s08-in-x01.1e100.net</a>:
icmp_seq=1 ttl=57 time=59.7 ms</div>
<div>64 bytes from <a href="http://atl14s08-in-x01.1e100.net" target="_blank">atl14s08-in-x01.1e100.net</a>:
icmp_seq=2 ttl=57 time=61.1 ms</div>
<div>^C</div>
<div>--- <a href="http://google.com" target="_blank">google.com</a>
ping statistics ---</div>
<div>
2 packets transmitted, 2 received, 0% packet loss, time
1000ms</div>
<div>rtt min/avg/max/mdev = 59.782/60.448/61.114/0.666 ms</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>Here is the route and neighborhood information
after the changes above:</u></b></div>
<div><b>root@cluster-02:~# ip -6 neigh</b></div>
<div>2001:xyz:abc:40::10 dev vmbr40 lladdr 00:25:90:09:9b:81
router REACHABLE</div>
<div>fe80::225:90ff:fe09:9b81 dev vmbr30 lladdr
00:25:90:09:9b:81 router STALE</div>
<div>fe80::225:90ff:fe09:9b81 dev vmbr40 lladdr
00:25:90:09:9b:81 router REACHABLE</div>
<div><b>root@cluster-02:~# ip -6 route</b></div>
<div>2001:xyz:abc:40::/64 dev vmbr40 proto kernel metric 256
expires 2147157sec mtu 1500 advmss 1440 hoplimit 0</div>
<div>fe80::1 dev venet0 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev vmbr30 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev vmbr40 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1.40 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev eth1.30 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev venet0 proto kernel metric 256 mtu 1500
advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev veth10000.40 proto kernel metric 256 mtu
1500 advmss 1440 hoplimit 0</div>
<div>fe80::/64 dev veth10000.30 proto kernel metric 256 mtu
1500 advmss 1440 hoplimit 0</div>
<div>default via fe80::225:90ff:fe09:9b81 dev vmbr40 proto
kernel metric 1024 mtu 1500 advmss 1440 hoplimit 64</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Feb 26, 2014 at 12:05 AM,
Axton <span dir="ltr"><<a href="mailto:axton.grams@gmail.com" target="_blank">axton.grams@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><b>Synopsis: </b>Servers are connected to
a series of vlans. When server boots with vz enabled in
the inittab, the HN cannot reach routed ipv6 hosts. VEs
can reach routed ipv6 hosts.
<div>
<br>
</div>
<div>I have tried to narrow down the cause of the issue
to the extent that I can, so the information presented
below uses the fewest variables required to illustrate
the issues I see. In practice, these servers are
connected to more than two vlans and there are many
CT's on each HE, which have different combinations of
vlan access. For the purposes of this conversation I
am only referencing 2 vlans since I can consistently
reproduce the issue with just 2 vlans.</div>
</div>
</blockquote>
<div><br>
</div>
<div>snipped</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">
<div>Any help is appreciated.<br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Axton Grams</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@openvz.org" target="_blank">Users@openvz.org</a>
<a href="https://lists.openvz.org/mailman/listinfo/users" target="_blank">https://lists.openvz.org/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@openvz.org">Users@openvz.org</a><br>
<a href="https://lists.openvz.org/mailman/listinfo/users" target="_blank">https://lists.openvz.org/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>