IPv6-only virtual guests at OVH

How to configure a virtual guest with only an IPv6 address on a physical OVH server

Posted by Tobias Begalke on Wed Jun 15 2016
In Virtualization Networking
Tags linux networking ipv6 virtualization

So I was setting up a Storm cluster consisting of KVM guests across the OVH network and I wanted to use IPv6 addresses for these guests to communicate between each other. The Storm machines were not supposed to have an IPv4 address at all.

Each physical OVH server comes with a 64 bit IPv6 network that gets routed to the server’s first ethernet card. My guests are connected via a bridge (br0) on the host. They have their own MAC address and are thus not recognized by the router. For using IPv4 addresses on virtual guests you can generate a virtual MAC address for the server but for IPv6 there is no such thing at OVH. IPv6 works like a charm as long as the virtual server has a virtual MAC and an IPv4 address but as mentioned above this was not an option for these servers.

With a few tweaks I still managed to have virtual guests with only an IPv6 address and here is how it works using ARP/NDP proxying:

Set up the host

The host only needs a few settings in /etc/sysctl.cfg:

net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.router_solicitations = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0


These settings make sure the host forwards IPv6 packets and does NDP proxying (the IPv6 equivalent to ARP proxying). Run sysctl -p to apply these settings.

The host’s network configuration

My host runs Debian Jessie and here’s my network setup from /etc/network/interfaces:

auto br0
iface br0 inet static
  bridge_ports eth0
  bridge_stp off
  bridge_fd 0
  bridge_maxwait 0

iface br0 inet6 static
  address 2235:33fa:7:1236::1
  netmask 64
  # set up routing
  post-up /sbin/ip -f inet6 route add 2235:33fa:7:12ff:ff:ff:ff:ff dev br0
  post-up /sbin/ip -f inet6 route add default via 2235:33fa:7:12ff:ff:ff:ff:ff
  pre-down /sbin/ip -f inet6 route del default via 2235:33fa:7:12ff:ff:ff:ff:ff
  pre-down /sbin/ip -f inet6 route del 2235:33fa:7:12ff:ff:ff:ff:ff dev br0
  # add ndp proxying rules for each virtual guest
  post-up /sbin/ip -6 neigh add proxy 2235:33fa:7:1236::aaaa dev br0
  pre-down /sbin/ip -6 neigh del proxy 2235:33fa:7:1236::aaaa dev br0 is the IPv4 address of the server and its IPv6 network is 2235:33fa:7:1236::/64.

I have one virtual guest running on this host and its IPv6 address is 2235:33fa:7:1236::aaaa. Adding the two lines at the bottom of the iface br0 inet6 block enables the guest to speak to the outside world. You have to add two analog lines for each guest’s IPv6 address.

The guest’s network configuration

The network setup on the guest is straight forward. Make sure that there is a network interface available that’s connected to the host’s br0 bridge (it’s eth1 in my case) and configure networking (again for Debian Jessie) as follows:

 iface eth1 inet6 static
   address 2235:33fa:7:1236::aaaa
   netmask 64
   gateway 2235:33fa:7:1236::1
   dns-nameservers 2235:33fa:7:1236::1

Basically, you set up the IPv6 address and set the hosts’s IPv6 as gateway address.

I use the dnsmasq instance running on the host as DNS server.

That’s all: you should now have a virtual server that’s reachable at 2235:33fa:7:1236::aaaa and able to talk to the outside world via its IPv6 address.

Photo Credits

6666 66 2211 11 0082 00 by Jeremy Brooks, licensed under CC BY-NC 2.0.