|
Subnet a /64 network
![[de]](/s/countries/de.gif) Shadow Hawkins on Thursday, 20 September 2012 21:57:37
Hi,
I try to Setup my Vitual Machines on my Debian Root Server with ipv6.
My provider gave me a ipv6 /64 subnet which I separated into 8 /70 subnets.
I have my local interface eth0 and 3 virtual networks connected to a bridge.
brctl show
bridge namebridge idSTP enabledinterfaces
vmbr08000.XX8d38ca4f1fnotap100i0
tap101i0
tap200i0
tap201i0
tap254i0
veth102.0
vmbr18000.XXfec5b721c1notap2323i0
vmbr28000.XXe57edaf983notap254i1
tap255i0
The IPv6 Subnet I got is 2a0X:XXX:162:1e2::/64
iface eth0 inet6 static
address 2a0X:XXX:162:1e2::2
netmask 70
gateway fe80::1
iface vmbr0 inet6 static
address 2a0X:XXX:162:1e2:400::2
netmask 70
iface vmbr1 inet6 static
address 2a0X:XXX:162:1e2:800::2
netmask 70
I wanna give my VMs - which are connected to the bridges - a IPv6 address with radvd and wide-dhcpv6-server.
I followed this instructions http://www.rjsystems.nl/en/2100-dhcpv6-stateful-autocfg.php
my /etc/radvd.conf
interface vmbr0 {
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix 2a0X:XXX:162:1e2:400::/70 {
AdvAutonomous off;
};
};
interface vmbr1 {
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix 2a0X:XXX:162:1e2:800::/70 {
AdvAutonomous off;
};
};
and my /etc/wide-dhcpv6/dhcp6s.conf is
option domain-name-servers 2a0X:XXX:0:a0a1::add:1010 2a0X:XXX:0:a102::add:9999 2a0X:XXX:0:a111::add:9898;
interface vmbr0 {
address-pool pool1 3600;
};
interface vmbr1 {
address-pool pool2 3600;
};
pool pool1 {
range 2a0X:XXX:162:1e2:400::10 to 2a0X:XXX:162:1e2:400::ffff;
};
pool pool2 {
range 2a0X:XXX:162:1e2:800::10 to 2a0X:XXX:162:1e2:800::ffff;
};
so thats my setup. My problem is, that my Windows 7 Client dont get the right gateway (sorry output is in german):
C:\Users\Username>ipconfig /all
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : MY-PC
Primres DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : domain.com
Ethernet-Adapter LAN-Verbindung 2:
Verbindungsspezifisches DNS-Suffix: domain.com
Beschreibung. . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter
Physikalische Adresse . . . . . . : 76-97-17-05-33-33
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2a0X:XXX:162:1e2:800::10(Bevorzugt)
Lease erhalten. . . . . . . . . . : Donnerstag, 20. September 2012 23:28:50
Lease luft ab. . . . . . . . . . : Freitag, 21. September 2012 00:28:51
Verbindungslokale IPv6-Adresse . : fe80::8499:3693:b505:a60f%13(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 10.0.0.223(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Donnerstag, 20. September 2012 22:56:04
Lease luft ab. . . . . . . . . . : Donnerstag, 20. September 2012 23:56:22
Standardgateway . . . . . . . . . : fe80::4445:41ff:fee3:f961%13
10.0.0.254
DHCP-Server . . . . . . . . . . . : 10.0.0.254
DHCPv6-IAID . . . . . . . . . . . : 292984599
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-17-D5-47-1F-76-97-17-05-33-33
DNS-Server . . . . . . . . . . . : 2a0X:XXX:0:a0a1::add:1010
2a0X:XXX:0:a102::add:9999
2a0X:XXX:0:a111::add:9898
213.133.98.98
213.133.99.99
213.133.100.100
NetBIOS ber TCP/IP . . . . . . . : Aktiviert
Tunneladapter isatap.domain.com:
Verbindungsspezifisches DNS-Suffix: domain.com
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::5efe:10.0.0.223%11(Bevorzugt)
Standardgateway . . . . . . . . . :
DNS-Server . . . . . . . . . . . : 2a0X:XXX:0:a0a1::add:1010
2a0X:XXX:0:a102::add:9999
2a0X:XXX:0:a111::add:9898
213.133.98.98
213.133.99.99
213.133.100.100
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
Tunneladapter LAN-Verbindung*:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:73b8:18ba:173b:faf6:ad58(Bevo
rzugt)
Verbindungslokale IPv6-Adresse . : fe80::18ba:173b:faf6:ad58%12(Bevorzugt)
Standardgateway . . . . . . . . . :
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
I see, that he get DNS Server from dhcp6s.
I also can ping the eth0 host interface with 2a0X:XXX:162:1e2::2.
But I can not connect to outside. On the host machine I have ipv6 connectivity and can ping a external ipv6 host.
It looks like radvd not giving the right gateway address to the vm?
I also activated routing with on the host
sysctl -w net.ipv6.conf.all.forwarding=1
Any Idea how I can fix it?
King regards,
Thomas
Subnet a /64 network
My provider gave me a ipv6 /64 subnet which I separated into 8 /70 subnets.
Which provider is this? As they should be able to give you a /56 with ease. Have you asked them?
Hetzner for one gives one only a single /64 unfortunately.
my /etc/radvd.conf
Router Announcements do not work with anything else than a /64... this as the EUI-64 portion cannot be calculated with less bits.
so thats my setup. My problem is, that my Windows 7 Client dont get the right gateway (sorry output is in german):
It is magic that it gets a prefix at all, but likely it derives is solely from DHCPv6, not from RA.
The router likely comes from the RA though.
IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:73b8:18ba:173b:faf6:ad58(Bevo
You might want to disable Teredo on the clients as then you have one point less to worry about.
Subnet a /64 network
Shadow Hawkins on Thursday, 20 September 2012 22:22:07
yes it is hetzner ;)
I also read, that radvd dont like anything else than /64. I also get this in my syslog:
radvd[576052]: prefix length should be 64 for vmbr1
but when I understand it right, this hits only if you wanna deploy EUI-64 addresses with radvd... *but I'm really not sure*
with radvdump -d4 I get this:
[Sep 21 00:20:17] radvdump: recvmsg len=56
[Sep 21 00:20:17] radvdump: receiver if_index: 53
#
# radvd configuration generated by radvdump 1.6
# based on Router Advertisement from fe80::4445:41ff:fee3:f961
# received by interface vmbr1
#
interface vmbr1
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag on;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
prefix 2a0X:XXX:162:1e2:800::/70
{
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
AdvOnLink on;
AdvAutonomous off;
AdvRouterAddr off;
}; # End of prefix definition
}; # End of interface definition
You might want to disable Teredo on the clients as then you have one point less to worry about.
Thats was my idea to in the last minutes
C:\Windows\system32>netsh interface teredo set state disabled
OK.
but it not change anything... :(
Any other way I can follow?
Subnet a /64 network
What most people do for these one-/64 situations is to just use it on one bridged device.
The problem with Hetzner though is that the /64 is located on the ISP side and that would thus require one to add the upstream interface (typically eth0) also into the bridge, this while one wants to route stuff.
As a solution to that one has to use proxy-nd to make the IPv6 address discoverable from the upstream interface. There is a daemon which can do this for you btw so that it is automatic.
In the end it will be dirty though.
Subnet a /64 network
Shadow Hawkins on Thursday, 20 September 2012 23:04:49
thanks,
thats was the missing thing.. but yes.. it is urgly
I followed that page: http://blog.kyri0s.org/post/2761309667/native-ipv6-bei-hetzner-mit-xen-in-der-praxis
sysctl -w net.ipv6.conf.all.proxy_ndp=1
ip -6 neigh add proxy 2a0X:XXX:162:1e2:800::10 dev eth0
and my VM can reach the Internet :)
I really need to add this for every address? What daemon you are taking about?
Subnet a /64 network
Shadow Hawkins on Thursday, 20 September 2012 23:22:36What daemon you are taking about? ok, found it: npd6
Subnet a /64 network
Shadow Hawkins on Thursday, 20 September 2012 23:36:31
any idea about the configuration?
Subnet a /64 network
Shadow Hawkins on Friday, 21 September 2012 00:01:44
a other problem is now a linux VM:
there I dont get a ipv6 address :(
LANG=C rdisc6 eth0
Soliciting ff02::2 (ff02::2) on eth0...
Hop limit : 64 ( 0x40)
Stateful address conf. : Yes
Stateful other conf. : Yes
Router preference : medium
Router lifetime : 30 (0x0000001e) seconds
Reachable time : unspecified (0x00000000)
Retransmit time : unspecified (0x00000000)
Prefix : 2a0X:XXX:162:1e2:400::/70
Valid time : 86400 (0x00015180) seconds
Pref. time : 14400 (0x00003840) seconds
Source link-layer address: 06:XX:XX:CA:4F:1F
from fe80::f476:31ff:feb1:2101
LANG=C ifconfig eth0
eth0 Link encap:Ethernet HWaddr 76:XX:XX:be:a8:43
inet addr:5.9.XXX.XXX Bcast:5.9.XXX.XXX Mask:255.255.255.240
inet6 addr: fe80::74de:d0ff:febe:a843/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:134310 errors:0 dropped:0 overruns:0 frame:0
TX packets:115884 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15193371 (15.1 MB) TX bytes:37603326 (37.6 MB)
Any Idea?
Subnet a /64 network
I suggest that for the likely few VMs you are going to run, having hard-coded IPv6 addresses is a lot easier then trying to get around this weird mess of non-subnettable /64's.
Subnet a /64 network
Shadow Hawkins on Friday, 21 September 2012 07:28:42
thats not what I want ;)
I found why the client not get address.. dhcp6c had to be installed and configured.
but the npd6 is still a mystery to me.
Thats why I asked Hetzner to give me a second /64 subnet for routing.
Subnetting should not be the problem - but the proxy-na ;)
and also I try to change dhcp6s to isc-dhcp-server
found a interesting way to run both ipv4 and ipv6 mode:
blog
Subnet a /64 network
Shadow Hawkins on Friday, 21 September 2012 07:18:38
I still see, that there is also a other daemon for proxy-na: ndppd
Subnet a /64 network
Shadow Hawkins on Friday, 21 September 2012 07:03:27
|
![[ch]](/s/countries/ch.gif)
on Thursday, 20 September 2012 22:10:23
Posting is only allowed when you are