[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Does anybody here uses IPv6 for DomU?



Can someone put here the output from the command "ip6tables -L -n" from Dom0?

Thanks,

-------------------------------
Carlos Eduardo Ribas



2012/7/19 Carlos Ribas <carlos@xxxxxxx>
What let me crazy is that from Dom0 (with local-link) I can ping the router and from DomU with static IP I can't!

Dom0:
# ping6 2001:xxxx:xxxx::5
PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
64 bytes from 2001:xxxx:xxxx::5: icmp_seq=1 ttl=64 time=4.56 ms
^C

DomU:
# ping6 2001:xxxx:xxxx::5
PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
^C
--- 2001:xxxx:xxxx::5 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms
  
Regards,

-------------------------------
Carlos Eduardo Ribas





2012/7/19 Carlos Ribas <carlos@xxxxxxx>
Hello Stephan,

    I tried to use my subnet, but didnt work. I tried to disable autoconf, no success. I also tried to manually configure the forward in Dom0 using "ip6tables -A FORWARD -s 2001:xxxx:xxxx::6 -m physdev --physdev-in vif21.0 -j ACCEPT" but once again, without success.

    It's odd because if I try to ping the router from my DomU, it will not work, and this is the output from "ip -6 neigh":

# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0  FAILED
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE

    From my router I can't ping my DomU, but then I got this message: 
  
# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE

    And then it changed to:

# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE

    What seems to be ok, but it is not ok. Well, I'm still investigating. 

Thank you for your help, 
 
-------------------------------
Carlos Eduardo Ribas





2012/7/19 Stephan Seitz <s.seitz@xxxxxxxxxxx>
Hi,

as Simon already wrote, try to use your provisioned "regular" ipv6 net. This is usally
a /48 or /64.

Our dom0 don't have ipv6 configured in any way, it's just enabled by default.
Only the usual local-link (fe80...) addresses are bound to the interfaces.
If you're using bridges (peth0 -> eth0 -> vifX.X), you don't have to touch any
forwarding settings. It's "just working".

If you're using fixed addresses, don't forget to disable autoconf which is default.
E.g. :
iface eth0 inet6 static
    pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf
    address ...





Am Mittwoch, den 18.07.2012, 12:48 -0300 schrieb Carlos Ribas:

Hello Simon,


Yes, I'm using bridging. I put 126 as subnet mask because I configured a P-P link. Unfortunately use 64 makes no difference. However, the command you said showed me that something is wrong: 


# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0  FAILED
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE


I was cheking only with this command (and looking at red line, I thought that it was all fine):


# route -A inet6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:xxxx:xxxx::4/126          ::                         Ue   256 0     4 eth0
fe80::/64                      ::                         U    256 0     0 eth0
::/0                           2001:xxxx:xxxx::5          UG   1   0     0 eth0
::/0                           fe80::224:38ff:fec9:8b00   UGDAe 1024 0     0 eth0
::/0                           ::                         !n   -1  1    73 lo
::1/128                        ::                         Un   0   1    23 lo
2001:xxxx:xxxx::6/128          ::                         Un   0   1    24 lo
fe80::216:3eff:fee2:3f3d/128   ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 eth0
::/0                           ::                         !n   -1  1    73 lo


I will investigate further more. Do you think there are something wrong with "network-script" that can cause this? I hope not! :)


Thanks,


-------------------------------
Carlos Eduardo Ribas







2012/7/18 Simon Hobson <linux@xxxxxxxxxxxxxxxx>
Carlos Ribas wrote:

I am trying to do some tests with IPv6. I would like to configure a dual stack for some services, such as DNS and Web Server.

First of all, to have IPv6 in DomU should I configure IPv6 in Dom0? I'm not sure, but I dont think so, since from Dom0 using loopback address I can ping the IPv6 address from my router.


You don't need any address of Dom0 (I'm assuming you are using bridging ?)

I have one DomU running IPv6 for testing (DNS, Web server), Dom0 and the rest of the network is IPv4 only - well as much as you can when everything defaults to at least configuring link-local IPv6 addresses.


# The primary network interface
auto eth0
iface eth0 inet static
 address 10.0.0.100
 gateway 10.0.0.1
 netmask 255.255.255.0
 broadcast 10.0.0.255

iface eth0 inet6 static
 address 2001:xxxx:xxxx::6
 netmask 126
 gateway 2001:xxxx:xxxx::5


That looks OK, I'm running a Hurricane Electric tunnel so mine looks different.


But I cant ping the IPv6 address from my gateway. My routes seems to be OK. Should I configure something else? I was looking in google and saw some people saying about to check /etc/sysctl.conf, specially the line "net.ipv6.conf.all.forwarding=1", but this dont did any difference.


I have "post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" in the IPv6 stanza in my /etc/network/interfaces. But that is only needed to make the machine route packets between networks (ie act as a router for other devices' traffic), it will still talk to other devices without this.


(network-script 'network-bridge antispoof=yes')
(vif-script vif-bridge)


Standard advice now is not to use a network-script. It made sense a while back, but the scripts are deprecated and the host OS generally has better tools. For example, in Debian you can put something like this in /etc/network/interfaces :
auto br0
iface br0 inet static
        bridge_ports eth0
        address a.b.c.d
        netmask 255.255.255.0

One things I suggest it might be worth looking at is your subnet mask. Try using 64 instead of 126 and see if it makes any difference. While technically a 126 bit netmask ought to work on a P-P link, in practice I believe there are a lot of things that break if you go less than 64 bits for the host part of the address.

Also, "ip -6 neigh" will show you the known IPv6 neighbours (roughly equivalent to ARP cache for Ipv4). That may help in debugging.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.