OVH Community, your new community space.

IPv6 and stuff


Myatu
19-05-2009, 21:50
But wait, there's more!

The whole idea of this exercise is to assign IPv6 addresses to containers/KVMs in Proxmox. Given there's no NAT or similar with IPv6 (and why? you've got trillions of addresses to pick from!), it ought to be straight forward by simply assigning an address with your prefix. Not so, I'm afraid!

First, Proxmox's web interface isn't IPv6 ready yet. So from the shell on the host you use:
Code:
# vzctl set  --ipadd 2001:41d0:xxxx:xxxx::yyyy --save
Where xxxx is your private prefix at OVH and YYYY a specific address for the container.

At this point, you can use ping6 to ping the host. But that's it - it's not reachable from the internet and vice versa. This had me pulling my hairs for HOURS, trying to figure that one out. I tried forcing routes to the gateway, etc., etc.

Turns out, Proxmox does not enable Proxy Neighbor Discovery (and same goes for OpenVZ if you use that). So the router at OVH has no clue about it and therefore can't route any traffic. So here's what you need to do as well...

On the host, you MUST enable Proxy Neighbor Discovery with
Code:
# echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
You should be able to add this to /etc/sysctl.conf as well, but the more networking stuff you install, the more likely this gets overridden...

Then you can "force" the discovery of a container with
Code:
ip -6 neigh add proxy 2001:41d0:xxxx:xxxx::yyyy dev eth0
Here I'm assuming that eth0 is actually the main entry point for your public network

Furthermore, make sure that in /etc/vz/vzctl.conf IPv6 support is enabled (IPV6="yes", near the bottom) and forwarding is enabled as well (/etc/sysctl.conf, net.ipv6.conf.all.forwarding=1 or "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding")

Now your container is visible to the internet with the assigned IP (a traceroute6 will show eth0 as a router, by the way).

Hopefully this will save someone else countless hours pulling hairs and a caffeine overload...

derchris
19-05-2009, 19:35
NP,

I actually had a hard time myself to get this working, as the OVH documentation in the wiki is not very "up2date"

Myatu
19-05-2009, 12:40
Right, let me clarify a little on what the "trick" was I was a bit too tired to expand upon that

What was missing on my end was the gateway information (I should have seen it in the route "via"). The thing was, I didn't need the gateway detalis before I had changed something: IPv6 Forwarding. Apparently when you enable this feature, you will no longer advertise the need for IPv6 autoconfig data (which includes the gateway). So if you enable that, you have to specifically specify it.

The gateway can easily be determined from the assigned IPv6 prefix by the way. Replace the last two hexadecimal values with "FF" and tack on a further ":FF:FF:FF:FF" (4x). For example, if your assigned IPv6 was 2001:4D01:1:C123, the gateway would be 2001:4D01:1:C1FF:FF:FF:FF:FF - Just remember that the values can be left-padded with 0's up to a length of 4 - so if your assigned prefix would have been 2001:4D01:1:2, it actually is 2001:4D01:0001:0002 (thus the "02" gets replaced by "FF"). This is also where netmask 56 comes into play (so don't use 48 or /48, even though the kernel may complain).

Thanks to derchris for pointing out the obvious

Myatu
19-05-2009, 01:33
"Youdaman!" That did the trick indeed, and I thank you!

derchris
19-05-2009, 01:01
The prefix is not correct:

auto eth0


iface eth0 inet6 static
2001:41D0:1:7xxx::1
netmask 56
gateway 2001:41D0:2:2FF:FF:FF:FF:FF
My setup is working like this.
You can try to ping ipv6.derchris.eu from your box to see if this is working

Myatu
19-05-2009, 00:25
Well, I decided to start a server from scratch... using IPv6 wherever I can

The IP6to4 tunnels were a breeze - all my IPv4 IPs now translate properly to their IPv6 equivalent and vice versa, with good connectivity to and from the wild, wild web.

BUT... The native IPv6 I have from OVH doesn't seem to do much. I've peeked at http://help.ovh.co.uk/Ipv4Ipv6. I've given eth0 a static IPv6, from the one shown in my managerv3. It gets assigned, shows up in ifconfig but remains unreachable.

A traceroute6 from the internet (http://www.sixxs.net/tools/traceroute/ - cool tools!) stops at ipv6.rbx-1-6k.routers.net (2001:41d0::591). But the next hop, which ought to be me, doesn't respond. In Oles' voice: POURQUOI?!

I mean, the IP6to4 works, and I can use ping6 and traceroute6 (for IPv6) from various online websites to reach my IPv4-equivalent. I can do the same for sites, say, ipv6.google.com. All comes back OK.

But not my native IP, which is in the 2001:41d0:1:7xxx range. Even a traceroute6 from my machine (with this IP) to 2001:41d0::591 results in a timeout:
Code:
traceroute to 2001:41D0:1::591 (2001:41d0:1::591), 30 hops max, 40 byte packets
 1  2001:41d0:1:7xxx::1 (2001:41d0:1:7xxx::1)  3003.708 ms !H  3003.705 ms !H  3003.699 ms !H
Que? The default gateway comes back OK:
Code:
traceroute to 2001:41D0:1:7Xff:ff:ff:ff:ff (2001:41d0:1:7Xff:ff:ff:ff:ff), 30 hops max, 40 byte packets
 1  2001:41d0:1:7Xff:ff:ff:ff:ff (2001:41d0:1:7Xff:ff:ff:ff:ff)  10.595 ms  10.706 ms  10.817 ms
So what have I broken this time? In my /etc/network/interfaces I have added the IPv6 as following (immediately after the IPv4 define for eth0):
Code:
iface eth0 inet6 static
        address 2001:41D0:1:7xxx::1
        netmask 48
(I realise OVH talks about /56 and I did try that as well, no such luck).

It shows up in ifconfig just fine too:
Code:
eth0      Link encap:Ethernet  HWaddr 00:xx:xx:xx:xx:xx
          inet addr:91.xx.xx.xx  Bcast:91.xx.xx.255  Mask:255.255.255.0
          inet6 addr: 2001:41d0:1:7xxx::1/48 Scope:Global
...
With ip -6 addr:
Code:
2: eth0:  mtu 1500 qlen 1000
    inet6 2001:41d0:1:7xxx::1/48 scope global
       valid_lft forever preferred_lft forever
And even has a route:
Code:
2001:41d0:1::/48 dev eth0  metric 256  expires 17180605sec mtu 1500 advmss 1440 hoplimit 4294967295
And yes - I did disable the firewall... So tell me, at what other bits and bytes can I poke a stick at?

[edit] Ohyes, forgot:
Code:
Linux (MYHOSTNAME) 2.6.24-5-pve #1 SMP PREEMPT Tue May 12 09:01:17 CEST 2009 x86_64 GNU/Linux