OVH Community, your new community space.

Proxmox/IPv6 - Proxy NDP Issue


Linus
19-02-2015, 18:15
Sorry for reviving this old thread, but after trying to get this kind of setup to work I'm out of ideas and hope that you can help me with my issue, as it seems to be closely related to this topic..

First some information regarding my IPs:

Main v4: 37.187.76.192
Add. IPv4: 151.80.170.44/30

v6 Subnet: 2001:41D0:A:2CC0::/64

OS: Proxmox 3.3 64bit on the host, Ubuntu 14.04 64bit for the guests

What I want to achieve:
Proxmox should be available under 37.187.76.192 and 2001:41D0:A:2CC0::2
VMs should be available under 151.80.170.44, 151.80.170.45, 151.80.170.46 and 151.80.170.47 and, accordingly, 2001:41D0:A:2CC0::100, 2001:41D0:A:2CC0::101, 2001:41D0:A:2CC0::102 and 2001:41D0:A:2CC0::103.

No bridging should be involved, I want a purely routed setup.

So far I've got IPv4 working as intended, but IPv6 is a different story, as I can sometimes ping6 in any direction from any host (External to VM, VM to External, Gateway to External, External to Gateway, Gateway to VM, VM to Gateway). But after a minute or so it just stops working as soon as the VM is involved, everything between Gateway and External keeps working.

Here are my configs:

/etc/network/interfaces on the HOST
Code:
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet manual
        post-up /etc/pve/kvm-networking.sh
        bridge_ports dummy0
        bridge_stp off
        bridge_fd 0

auto vmbr0
iface vmbr0 inet static
        address 37.187.76.192
        netmask 255.255.255.255
        pointopoint 37.187.76.254
        gateway 37.187.76.254
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

iface vmbr0 inet6 static
        address 2001:41D0:A:2CC0::2
        netmask 64

        post-up /sbin/ip -f inet6 route add 2001:41D0:A:2Cff:ff:ff:ff:ff dev vmbr0
        post-up /sbin/ip -f inet6 route add default via 2001:41D0:A:2Cff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del default via 2001:41D0:A:2Cff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del 2001:41D0:A:2Cff:ff:ff:ff:ff dev vmbr0

auto vmbr2
iface vmbr2 inet static
        address 37.187.76.192
        netmask 255.255.255.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        up ip route add 151.80.170.44/32 dev vmbr2
        up ip route add 151.80.170.45/32 dev vmbr2
        up ip route add 151.80.170.46/32 dev vmbr2
        up ip route add 151.80.170.47/32 dev vmbr2

iface vmbr2 inet6 static
        address 2001:41d0:a:2cc0::3
        netmask 64
        post-up echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
        post-up echo 1 > /proc/sys/net/ipv6/conf/vmbr0/proxy_ndp
        post-up echo 1 > /proc/sys/net/ipv6/conf/vmbr2/proxy_ndp
        post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
        post-up echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
        post-up /sbin/ip -f inet6 route add 2001:41d0:a:2cc0::100/64 dev vmbr2
        post-up /sbin/ip -f inet6 neigh add proxy 2001:41d0:a:2cc0::3 dev vmbr2
        post-up /sbin/ip -f inet6 neigh add proxy 2001:41d0:a:2cc0::100 dev vmbr0
/etc/network/interfaces on the GUEST
Code:
auto lo
auto eth0

iface lo inet loopback

iface eth0 inet static
        address 151.80.170.44
        netmask 255.255.255.255
        pointopoint 37.187.76.192
        gateway 37.187.76.192
        dns-nameservers 213.186.33.99
        dns-nameservers 8.8.8.8
        dns-nameservers 8.8.4.4

iface eth0 inet6 static
        address   2001:41d0:a:2cc0::100
        netmask   64

        post-up /sbin/ip -f inet6 route add 2001:41d0:a:2cc0::3 dev eth0
        post-up /sbin/ip -f inet6 route add default via 2001:41d0:a:2cc0::3
ip -6 neigh on the HOST
Code:
# ip -6 neigh
fe80::68f7:4ff:fe09:1dad dev vmbr2 lladdr 6a:f7:04:09:1d:ad STALE
2001:41d0:a:2cff:ff:ff:ff:ff dev vmbr0  FAILED
ip -6 neigh on the GUEST is empty

route -6 on the HOST
Code:
# route -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:41d0:a:2cc0::/64          ::                         U    256 0     0 vmbr0
2001:41d0:a:2cc0::/64          ::                         U    256 0     0 vmbr2
2001:41d0:a:2cc0::/64          ::                         U    1024 0     0 vmbr2
2001:41d0:a:2cff:ff:ff:ff:ff/128 ::                         U    1024 0     1 vmbr0
fe80::1/128                    ::                         U    256 0     0 venet0
fe80::/64                      ::                         U    256 0     0 dummy0
fe80::/64                      ::                         U    256 0     0 vmbr1
fe80::/64                      ::                         U    256 0     0 vmbr0
fe80::/64                      ::                         U    256 0     0 vmbr2
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         U    256 0     0 venet0
fe80::/64                      ::                         U    256 0     0 tap100i0
::/0                           2001:41d0:a:2cff:ff:ff:ff:ff UG   1024 0   126 vmbr0
::/0                           ::                         !n   -1  1   132 lo
::1/128                        ::                         Un   0   1     9 lo
2001:41d0:a:2cc0::/128         ::                         Un   0   1     0 lo
2001:41d0:a:2cc0::/128         ::                         Un   0   1     0 lo
2001:41d0:a:2cc0::2/128        ::                         Un   0   1    39 lo
2001:41d0:a:2cc0::3/128        ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::1/128                    ::                         Un   0   1     0 lo
fe80::a60:6eff:fee5:be06/128   ::                         Un   0   1     0 lo
fe80::a03a:60ff:fedb:1c5b/128  ::                         Un   0   1     0 lo
fe80::a03a:60ff:fedb:1c5b/128  ::                         Un   0   1     0 lo
fe80::d883:d9ff:fe8a:9f6a/128  ::                         Un   0   1     0 lo
fe80::dcf1:12ff:fefb:95b2/128  ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 dummy0
ff00::/8                       ::                         U    256 0     0 vmbr1
ff00::/8                       ::                         U    256 0     0 vmbr0
ff00::/8                       ::                         U    256 0     0 vmbr2
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 venet0
ff00::/8                       ::                         U    256 0     0 tap100i0
::/0                           ::                         !n   -1  1   132 lo
route -6 on the GUEST
Code:
route -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:41d0:a:2cc0::3/128        ::                         U    1024 0     1 eth0
2001:41d0:a:2cc0::/64          ::                         U    256 0     0 eth0
fe80::/64                      ::                         U    256 0     0 eth0
::/0                           2001:41d0:a:2cc0::3        UG   1024 0     0 eth0
::/0                           ::                         !n   -1  1    12 lo
::1/128                        ::                         Un   0   1     6 lo
2001:41d0:a:2cc0::100/128      ::                         Un   0   1     0 lo
fe80::68f7:4ff:fe09:1dad/128   ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 1     0  eth0
::/0                           ::                         !n   -1  1    12 lo
Those are directly after boot.. After then pinging the HOST from the GUEST the following changes:
ip -6 neigh on the GUEST
Code:
 ip -6 neigh
2001:41d0:a:2cc0::3 dev eth0 lladdr de:f1:12:fb:95:b2 router REACHABLE
fe80::d883:d9ff:fe8a:9f6a dev eth0 lladdr de:f1:12:fb:95:b2 DELAY
ip -6 neigh on the HOST
Code:
fe80::68f7:4ff:fe09:1dad dev vmbr2 lladdr 6a:f7:04:09:1d:ad STALE
2001:41d0:a:2cc0::100 dev vmbr2 lladdr 6a:f7:04:09:1d:ad STALE
2001:41d0:a:2cff:ff:ff:ff:ff dev vmbr0 lladdr 00:05:73:a0:00:00 router STALE
after waiting for a minute
Code:
2001:41d0:a:2cff:ff:ff:ff:ff dev vmbr0 lladdr 00:05:73:a0:00:00 router STALE
fe80::12bd:18ff:fee5:ff80 dev vmbr0 lladdr 10:bd:18:e5:ff:80 router STALE
Then SSHing into the GUEST and pinging the HOSTyields
Code:
PING 2001:41d0:a:2cc0::3(2001:41d0:a:2cc0::3) 56 data bytes
^C
--- 2001:41d0:a:2cc0::3 ping statistics ---
22 packets transmitted, 0 received, 100% packet loss, time 21167ms
I'm quite clueless as to where my error might be, so I'd appreciate any help :-)

Kind Regards,
Linus
Tentacruel
13-09-2013, 12:44
Quote Originally Posted by raxxeh
So long as you continue to post solutions to problems where you posted the problem, everyone will love you
Yay! Acceptance!
raxxeh
13-09-2013, 11:26
Quote Originally Posted by Tentacruel
xD No Problem, I figure someone else will have the same mental block as me at some point.

And I'm the exact opposite. Have never done anything with 2012 (other than a really basic server) or Hyper-V etc. even though I would say I'm a fairly competent Windows User - GNU/Linux just seems more...able
So long as you continue to post solutions to problems where you posted the problem, everyone will love you
Tentacruel
13-09-2013, 08:26
xD No Problem, I figure someone else will have the same mental block as me at some point.

And I'm the exact opposite. Have never done anything with 2012 (other than a really basic server) or Hyper-V etc. even though I would say I'm a fairly competent Windows User - GNU/Linux just seems more...able
rickyday
12-09-2013, 18:05
Thanks for posting the answer I am sure it will come in handy for others, I did read your post but I am a basic Linux user so couldn't really help, if it was your clusters within Server 2012 that would have been a different story
Tentacruel
12-09-2013, 00:22
Update:

I solved this. After some thinking it occured to me that the only reason it "timing out" of the neighbour list would be an issue was if the proxmos server didn't know which interface it should be sending the packet too.

Like a fool, I forgot to add a route to the Proxmox server.

Now it works!
Tentacruel
11-09-2013, 15:45
Hi there,

I have searched high and low across the forums and the internet and am really struggling to find an answer to this.

I have IPv6 enabled on my Proxmox Host and on a test VM. IPv6 works, but only if I ping the default gateway (the Proxmox host) first.

It times out after about a minute if no more IPv6 traffic flows.

From what I can work out it seems to be a problem with Proxy NDP, and the entries timing out on the Proxmox server.

Configuration of Proxmox host (via http://help.ovh.co.uk/Proxmox#link5)
Code:
root@xx: /home/stadmin # cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet manual
	post-up /etc/pve/kvm-networking.sh
	bridge_ports dummy0
	bridge_stp off
	bridge_fd 0


# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
	address 176.31.XX.XX
	netmask 255.255.255.0
	network 176.31.XX.0
	broadcast 176.31.XX.255
	gateway 176.31.XX.254
	bridge_ports eth0
	bridge_stp off
	bridge_fd 0

	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
	post-up iptables -t nat -A POSTROUTING -s '172.16.1.0/24' -o vmbr0 -j MASQUERADE
	post-down iptables -t nat -D POSTROUTING -s '172.16.1.0/24' -o vmbr0 -j MASQUERADE

iface vmbr0 inet6 static
	address 2001:41D0:8:XXXX::1
	netmask 64

	post-up /sbin/ip -f inet6 route add 2001:41D0:8:XXff:ff:ff:ff:ff dev vmbr0
	post-up /sbin/ip -f inet6 route add default via 2001:41D0:8:XXff:ff:ff:ff:ff
	pre-down /sbin/ip -f inet6 route del default via 2001:41D0:8:XXff:ff:ff:ff:ff
	pre-down /sbin/ip -f inet6 route del 2001:41D0:8:XXff:ff:ff:ff:ff dev vmbr0

auto vmbr2
iface vmbr2 inet static
	address 172.16.1.1
	netmask 255.255.255.0
	network 172.16.1.0
	broadcast 172.16.1.255
	bridge_ports none
	bridge_stp off
	bridge_fd 0

iface vmbr2 inet6 static
	address 2001:41d0:8:XXXX::2
	netmask 64

	post-up echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
	post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
	post-up echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
	post-up /sbin/ip -f inet6 neigh add proxy 2001:41d0:8:XXXX::2 dev vmbr2
	post-up /sbin/ip -f inet6 neigh add proxy 2001:41d0:8:XXXX::beef dev vmbr0
Configuration of VM
Code:
1 root@DebTest ~ # cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface lo inet6 loopback

auto eth0
iface eth0 inet static
	address 172.16.1.10
	netmask 255.255.255.0
	broadcast 172.16.1.255
	network 172.16.1.0
	gateway 172.16.1.1

iface eth0 inet6 static
	address 2001:41d0:8:XXXX::beef
	netmask 128

	post-up /sbin/ip -f inet6 route add 2001:41d0:8:XXXX::2 dev eth0
	post-up /sbin/ip -f inet6 route add default via 2001:41d0:8:XXXX::2
Ping to internet from VM:
Code:
root@DebTest ~ # ping6 ipv6.google.com
PING ipv6.google.com(par10s10-in-x13.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 7999ms
Neighbour table on Proxmox Server:
Code:
root@xx /home/stadmin # ip -6 nei
fe80::1cec:79ff:fe13:702b dev vmbr2 lladdr 1e:ec:79:13:70:2b STALE
2001:41d0:8:XXff:ff:ff:ff:ff dev vmbr0 lladdr 00:05:73:a0:00:00 router STALE
fe80::66ae:cff:fe40:f080 dev vmbr0 lladdr 64:ae:0c:40:f0:80 router STALE
Ping to Gateway from VM:
Code:
1 root@DebTest ~ # ping6 2001:41d0:8:XXXX::1
PING 2001:41d0:8:XXXX::1(2001:41d0:8:XXXX::1) 56 data bytes
64 bytes from 2001:41d0:8:XXXX::1: icmp_seq=1 ttl=64 time=0.256 ms
64 bytes from 2001:41d0:8:XXXX::1: icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from 2001:41d0:8:XXXX::1: icmp_seq=3 ttl=64 time=0.032 ms
64 bytes from 2001:41d0:8:XXXX::1: icmp_seq=4 ttl=64 time=0.032 ms
^C
--- 2001:41d0:8:XXXX::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.031/0.087/0.256/0.097 ms
Neighbour table on Proxmox Server:
Code:
root@xx /home/stadmin # ip -6 nei
2001:41d0:8:XXXX::beef dev vmbr2 lladdr 1e:ec:79:13:70:2b REACHABLE
fe80::1cec:79ff:fe13:702b dev vmbr2 lladdr 1e:ec:79:13:70:2b REACHABLE
2001:41d0:8:XXXX::beef dev vmbr0  FAILED
2001:41d0:8:XXff:ff:ff:ff:ff dev vmbr0 lladdr 00:05:73:a0:00:00 router REACHABLE
Ping to Internet from VM:
Code:
root@DebTest ~ # ping6 ipv6.google.com
PING ipv6.google.com(par10s10-in-x13.1e100.net) 56 data bytes
64 bytes from par10s10-in-x13.1e100.net: icmp_seq=1 ttl=56 time=4.97 ms
64 bytes from par10s10-in-x13.1e100.net: icmp_seq=2 ttl=56 time=5.02 ms
64 bytes from par10s10-in-x13.1e100.net: icmp_seq=3 ttl=56 time=5.01 ms
64 bytes from par10s10-in-x13.1e100.net: icmp_seq=4 ttl=56 time=4.96 ms
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 4.968/4.994/5.025/0.090 ms
Any thoughts on this would be really appreciated. I am totally stuck.

EDIT: I redacted the IP information in this post but not sure if it's really worth it or not for troubleshooting purposes. Let me know if more detail is needed.