So I was setting up a Storm cluster consisting of KVM guests across the OVH network and I wanted to use IPv6 addresses for these guests to communicate between each other. The Storm machines were not supposed to have an IPv4 address at all.
Each physical OVH server comes with a 64 bit IPv6 network that gets routed to the server’s first ethernet card. My guests are connected via a bridge (br0) on the host. They have their own MAC address and are thus not recognized by the router. For using IPv4 addresses on virtual guests you can generate a virtual MAC address for the server but for IPv6 there is no such thing at OVH. IPv6 works like a charm as long as the virtual server has a virtual MAC and an IPv4 address but as mentioned above this was not an option for these servers.
With a few tweaks I still managed to have virtual guests with only an IPv6 address and here is how it works using ARP/NDP proxying:
Set up the host
The host only needs a few settings in /etc/sysctl.cfg:
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.router_solicitations = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.default.forwarding=1
These settings make sure the host forwards IPv6 packets and does NDP proxying (the IPv6
equivalent to ARP proxying). Run sysctl -p to apply these settings.
The host’s network configuration
My host runs Debian Jessie and here’s my network setup from /etc/network/interfaces:
auto br0
iface br0 inet static
address 34.82.11.12
netmask 255.255.255.0
network 34.82.11.0
broadcast 34.82.11.255
gateway 34.82.11.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
iface br0 inet6 static
address 2235:33fa:7:1236::1
netmask 64
# set up routing
post-up /sbin/ip -f inet6 route add 2235:33fa:7:12ff:ff:ff:ff:ff dev br0
post-up /sbin/ip -f inet6 route add default via 2235:33fa:7:12ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del default via 2235:33fa:7:12ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2235:33fa:7:12ff:ff:ff:ff:ff dev br0
# add ndp proxying rules for each virtual guest
post-up /sbin/ip -6 neigh add proxy 2235:33fa:7:1236::aaaa dev br0
pre-down /sbin/ip -6 neigh del proxy 2235:33fa:7:1236::aaaa dev br0
34.82.11.12 is the IPv4 address of the server and its IPv6 network is 2235:33fa:7:1236::/64.
I have one virtual guest running on this host and its IPv6 address is 2235:33fa:7:1236::aaaa.
Adding the two lines at the bottom of the iface br0 inet6 block enables the guest
to speak to the outside world. You have to add two analog lines for each guest’s IPv6 address.
The guest’s network configuration
The network setup on the guest is straight forward. Make sure that there is a network interface available that’s connected to the host’s br0 bridge (it’s eth1 in my case) and configure networking (again for Debian Jessie) as follows:
iface eth1 inet6 static
address 2235:33fa:7:1236::aaaa
netmask 64
gateway 2235:33fa:7:1236::1
dns-nameservers 2235:33fa:7:1236::1
Basically, you set up the IPv6 address and set the hosts’s IPv6 as gateway address.
I use the dnsmasq instance running on the host as DNS server.
That’s all: you should now have a virtual server that’s reachable at 2235:33fa:7:1236::aaaa
and able to talk to the outside world via its IPv6 address.
Photo Credits
6666 66 2211 11 0082 00 by Jeremy Brooks, licensed under CC BY-NC 2.0.