[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-users] Does anybody here uses IPv6 for DomU?
What let me crazy is that from Dom0 (with local-link) I can ping the router and from DomU with static IP I can't!
Dom0: # ping6 2001:xxxx:xxxx::5
PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes 64 bytes from 2001:xxxx:xxxx::5: icmp_seq=1 ttl=64 time=4.56 ms
^C
DomU: # ping6 2001:xxxx:xxxx::5 PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
^C --- 2001:xxxx:xxxx::5 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 3999ms
Regards, ------------------------------- Carlos Eduardo Ribas
2012/7/19 Carlos Ribas <carlos@xxxxxxx>
Hello Stephan,
I tried to use my subnet, but didnt work. I tried to disable autoconf, no success. I also tried to manually configure the forward in Dom0 using "ip6tables -A FORWARD -s 2001:xxxx:xxxx::6 -m physdev --physdev-in vif21.0 -j ACCEPT" but once again, without success.
It's odd because if I try to ping the router from my DomU, it will not work, and this is the output from "ip -6 neigh":
# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0 FAILED fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
From my router I can't ping my DomU, but then I got this message: # ip -6 neigh 2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE
And then it changed to:
# ip -6 neigh 2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
What seems to be ok, but it is not ok. Well, I'm still investigating.
Thank you for your help,
------------------------------- Carlos Eduardo Ribas
2012/7/19 Stephan Seitz <s.seitz@xxxxxxxxxxx>
Hi,
as Simon already wrote, try to use your provisioned "regular" ipv6 net. This is usally
a /48 or /64.
Our dom0 don't have ipv6 configured in any way, it's just enabled by default.
Only the usual local-link (fe80...) addresses are bound to the interfaces.
If you're using bridges (peth0 -> eth0 -> vifX.X), you don't have to touch any
forwarding settings. It's "just working".
If you're using fixed addresses, don't forget to disable autoconf which is default.
E.g. :
iface eth0 inet6 static
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf
address ...
Am Mittwoch, den 18.07.2012, 12:48 -0300 schrieb Carlos Ribas:
Hello Simon,
Yes, I'm using bridging. I put 126 as subnet mask because I configured a P-P link. Unfortunately use 64 makes no difference. However, the command you said showed me that something is wrong:
# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0 FAILED
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
I was cheking only with this command (and looking at red line, I thought that it was all fine):
# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:xxxx:xxxx::4/126 :: Ue 256 0 4 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 2001:xxxx:xxxx::5 UG 1 0 0 eth0
::/0 fe80::224:38ff:fec9:8b00 UGDAe 1024 0 0 eth0
::/0 :: !n -1 1 73 lo
::1/128 :: Un 0 1 23 lo
2001:xxxx:xxxx::6/128 :: Un 0 1 24 lo
fe80::216:3eff:fee2:3f3d/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 eth0
::/0 :: !n -1 1 73 lo
I will investigate further more. Do you think there are something wrong with "network-script" that can cause this? I hope not! :)
Thanks,
-------------------------------
Carlos Eduardo Ribas
2012/7/18 Simon Hobson <linux@xxxxxxxxxxxxxxxx>
Carlos Ribas wrote:
I am trying to do some tests with IPv6. I would like to configure a dual stack for some services, such as DNS and Web Server.
First of all, to have IPv6 in DomU should I configure IPv6 in Dom0? I'm not sure, but I dont think so, since from Dom0 using loopback address I can ping the IPv6 address from my router.
You don't need any address of Dom0 (I'm assuming you are using bridging ?)
I have one DomU running IPv6 for testing (DNS, Web server), Dom0 and the rest of the network is IPv4 only - well as much as you can when everything defaults to at least configuring link-local IPv6 addresses.
# The primary network interface
auto eth0
iface eth0 inet static
address 10.0.0.100
gateway 10.0.0.1
netmask 255.255.255.0
broadcast 10.0.0.255
iface eth0 inet6 static
address 2001:xxxx:xxxx::6
netmask 126
gateway 2001:xxxx:xxxx::5
That looks OK, I'm running a Hurricane Electric tunnel so mine looks different.
But I cant ping the IPv6 address from my gateway. My routes seems to be OK. Should I configure something else? I was looking in google and saw some people saying about to check /etc/sysctl.conf, specially the line "net.ipv6.conf.all.forwarding=1", but this dont did any difference.
I have "post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" in the IPv6 stanza in my /etc/network/interfaces. But that is only needed to make the machine route packets between networks (ie act as a router for other devices' traffic), it will still talk to other devices without this.
(network-script 'network-bridge antispoof=yes')
(vif-script vif-bridge)
Standard advice now is not to use a network-script. It made sense a while back, but the scripts are deprecated and the host OS generally has better tools. For example, in Debian you can put something like this in /etc/network/interfaces :
auto br0
iface br0 inet static
bridge_ports eth0
address a.b.c.d
netmask 255.255.255.0
One things I suggest it might be worth looking at is your subnet mask. Try using 64 instead of 126 and see if it makes any difference. While technically a 126 bit netmask ought to work on a P-P link, in practice I believe there are a lot of things that break if you go less than 64 bits for the host part of the address.
Also, "ip -6 neigh" will show you the known IPv6 neighbours (roughly equivalent to ARP cache for Ipv4). That may help in debugging.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users
|
