Hi People,
I have some issues with routing ipv6 to my kvm guests. I use a bridge interface with bridge-utils like recommended in the most howtos.
Bridge conf: http://fpaste.org/hh9U/ ip -6 route show output: http://fpaste.org/c5Rd/ sysctl.conf: http://fpaste.org/oMjD/
Thanks for your help in advance. If you need more informations just let me know.
David Hackl
On Fri, 2012-09-14 at 22:41 +0200, David Hackl wrote:
I have some issues with routing ipv6 to my kvm guests. I use a bridge interface with bridge-utils like recommended in the most howtos.
Bridge conf: http://fpaste.org/hh9U/ ip -6 route show output: http://fpaste.org/c5Rd/ sysctl.conf: http://fpaste.org/oMjD/
Thanks for your help in advance. If you need more informations just let me know.
How can these wonderful Centos people help you if you do not post here, on this list, a summary of your problem ???
Asking people to go a South American web site hosted in the USA seems, certainly to me, to be 'strange' especially for someone posting from Austria.
Bis bald ?
Paul.
David Hackl _______________________________________________ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Sorry Paul....
Well, the problem is that there is no IPv6 connection at all. I set up the IPv6 adresses in the guests. They also appear with ip addr.
When I try to ping6 the guest, I get "Destination unreachable: Address unreachable"
Pinging an IPv6 Host out of the guests also doesn't work.
Here is the output of a guest: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 52:54:00:67:52:34 brd ff:ff:ff:ff:ff:ff inet 91.216.245.61/24 brd 91.216.245.255 scope global eth0 inet 91.216.245.62/24 brd 91.216.245.255 scope global secondary eth0:0 inet6 2001:1608:10:34::3/64 scope global valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe67:5234/64 scope link valid_lft forever preferred_lft forever
I hope these are enough informations?
And what do you mean with south american website? Are you talking about fpaste?
Greets, David
On 2012-09-14 23:52, Always Learning wrote:
On Fri, 2012-09-14 at 22:41 +0200, David Hackl wrote:
I have some issues with routing ipv6 to my kvm guests. I use a bridge interface with bridge-utils like recommended in the most howtos.
Bridge conf: http://fpaste.org/hh9U/ ip -6 route show output: http://fpaste.org/c5Rd/ sysctl.conf: http://fpaste.org/oMjD/
Thanks for your help in advance. If you need more informations just let me know.
How can these wonderful Centos people help you if you do not post here, on this list, a summary of your problem ???
Asking people to go a South American web site hosted in the USA seems, certainly to me, to be 'strange' especially for someone posting from Austria.
Bis bald ?
Paul.
David Hackl _______________________________________________ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
On Sat, 2012-09-15 at 00:02 +0200, David Hackl wrote:
Well, the problem is that there is no IPv6 connection at all. I set up the IPv6 adresses in the guests. They also appear with ip addr.
I haven't done much Virtual Hosts yet but:
(1) how have you enabled IP6 ?
Is this useful
(2) http://www.timgalyean.com/2011/09/virtual-hosts-using-ipv6/
Mfg,
Paul.
And what do you mean with south american website? Are you talking about fpaste?
Yes, registrant is in Guatemala.
IPv6 is enabled. As I said, it works good on the node itself. I can ping it and also ping out of it.
The link just shows an apache configuration with ipv6 and some basic ipv6 configuration I already did.
And fpaste is an fedora related page and the binary is also available in centos repo to easily post files or output from terminal. Saves a lot of time...
Mfg from austria in this case to where? ;) Germany? ^^
David
On 2012-09-15 00:11, Always Learning wrote:
On Sat, 2012-09-15 at 00:02 +0200, David Hackl wrote:
Well, the problem is that there is no IPv6 connection at all. I set up the IPv6 adresses in the guests. They also appear with ip addr.
I haven't done much Virtual Hosts yet but:
(1) how have you enabled IP6 ?
Is this useful
(2) http://www.timgalyean.com/2011/09/virtual-hosts-using-ipv6/
Mfg,
Paul.
And what do you mean with south american website? Are you talking about fpaste?
Yes, registrant is in Guatemala.
CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
On 09/14/2012 03:16 PM, David Hackl wrote:
IPv6 is enabled. As I said, it works good on the node itself. I can ping it and also ping out of it.
this is a really annoying bug in the linux bridge code. ipv6 neighbor discovery relies on multicast, and the bridge code tries to optimize multicast by not treating it as broadcast. but since v6 neighbor discovery doesn't use v4 igmp, the bridge code never realizes what bridge interfaces should get what multicast packets. the easiest fix is:
echo 2 > /sys/class/net/vif#.#/brport/multicast_router
with the appropriate #.# substituted (or just do them all), which tells the bridge code that there is a multicast router on that port and therefore it should receive all multicast traffic. i ran into this a few months back and had forgotten it again until now. i never found a way to make it happen at boot time, or via some script in xen, but i will now dive into that hunt again...
On 09/19/2012 04:29 PM, Joe Pruett wrote:
On 09/14/2012 03:16 PM, David Hackl wrote:
IPv6 is enabled. As I said, it works good on the node itself. I can ping it and also ping out of it.
this is a really annoying bug in the linux bridge code. ipv6 neighbor discovery relies on multicast, and the bridge code tries to optimize multicast by not treating it as broadcast. but since v6 neighbor discovery doesn't use v4 igmp, the bridge code never realizes what bridge interfaces should get what multicast packets. the easiest fix is:
echo 2 > /sys/class/net/vif#.#/brport/multicast_router
with the appropriate #.# substituted (or just do them all), which tells the bridge code that there is a multicast router on that port and therefore it should receive all multicast traffic. i ran into this a few months back and had forgotten it again until now. i never found a way to make it happen at boot time, or via some script in xen, but i will now dive into that hunt again...
ah, the memory is going. i did come up with a hacked way to make this happen for xen vms, so you'd have to find another way to make it happen for kvm. for xen, there is a script that is called to create the vif interface, and i just hacked in the echo in there. i had to do it as a background job with a 5 second delay to get around some timing issue. and it only works for newly created vms, once a vm has been created, it remembers the original script name, so suspending and resuming gets you back to square one, even rebooting from within the guest.
here is the code that was added to the vif-bridge script, just to see how easy it was:
(sleep 5 ; echo 2 > /sys/class/net/$vif/brport/multicast_router) &
Hi Joe,
strange thing but after setting multicast_router once to 2, ipv6 worked on all vnet devices. I also restarted the node and the vms and it is still working.
Seems like this fixes the problem....
Thanks for you help!
David
Am 20.09.2012 01:39, schrieb Joe Pruett:
On 09/19/2012 04:29 PM, Joe Pruett wrote:
On 09/14/2012 03:16 PM, David Hackl wrote:
IPv6 is enabled. As I said, it works good on the node itself. I can ping it and also ping out of it.
this is a really annoying bug in the linux bridge code. ipv6 neighbor discovery relies on multicast, and the bridge code tries to optimize multicast by not treating it as broadcast. but since v6 neighbor discovery doesn't use v4 igmp, the bridge code never realizes what bridge interfaces should get what multicast packets. the easiest fix is:
echo 2 > /sys/class/net/vif#.#/brport/multicast_router
with the appropriate #.# substituted (or just do them all), which tells the bridge code that there is a multicast router on that port and therefore it should receive all multicast traffic. i ran into this a few months back and had forgotten it again until now. i never found a way to make it happen at boot time, or via some script in xen, but i will now dive into that hunt again...
ah, the memory is going. i did come up with a hacked way to make this happen for xen vms, so you'd have to find another way to make it happen for kvm. for xen, there is a script that is called to create the vif interface, and i just hacked in the echo in there. i had to do it as a background job with a 5 second delay to get around some timing issue. and it only works for newly created vms, once a vm has been created, it remembers the original script name, so suspending and resuming gets you back to square one, even rebooting from within the guest.
here is the code that was added to the vif-bridge script, just to see how easy it was:
(sleep 5 ; echo 2 > /sys/class/net/$vif/brport/multicast_router) &
CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
-
Always Learning -
David Hackl -
Joe Pruett