So I was setting up a Storm cluster consisting of KVM guests across the OVH network and I wanted to use IPv6 addresses for these guests to communicate between each other. The Storm machines were not supposed to have an IPv4 address at all.
Each physical OVH server comes with a 64 bit IPv6 network that gets routed to the server’s first ethernet card. My guests are connected via a bridge (br0) on the host. They have their own MAC address and are thus not recognized by the router. For using IPv4 addresses on virtual guests you can generate a virtual MAC address for the server but for IPv6 there is no such thing at OVH. IPv6 works like a charm as long as the virtual server has a virtual MAC and an IPv4 address but as mentioned above this was not an option for these servers.
With a few tweaks I still managed to have virtual guests with only an IPv6 address and here is how it works using ARP/NDP proxying:
Set up the host
The host only needs a few settings in
net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.eth0.autoconf = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.all.router_solicitations = 0 net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.eth0.accept_ra = 0 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.proxy_ndp=1 net.ipv6.conf.default.forwarding=1
These settings make sure the host forwards IPv6 packets and does NDP proxying (the IPv6
equivalent to ARP proxying). Run
sysctl -p to apply these settings.
The host’s network configuration
My host runs Debian Jessie and here’s my network setup from
auto br0 iface br0 inet static address 18.104.22.168 netmask 255.255.255.0 network 22.214.171.124 broadcast 126.96.36.199 gateway 188.8.131.52 bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0 iface br0 inet6 static address 2235:33fa:7:1236::1 netmask 64 # set up routing post-up /sbin/ip -f inet6 route add 2235:33fa:7:12ff:ff:ff:ff:ff dev br0 post-up /sbin/ip -f inet6 route add default via 2235:33fa:7:12ff:ff:ff:ff:ff pre-down /sbin/ip -f inet6 route del default via 2235:33fa:7:12ff:ff:ff:ff:ff pre-down /sbin/ip -f inet6 route del 2235:33fa:7:12ff:ff:ff:ff:ff dev br0 # add ndp proxying rules for each virtual guest post-up /sbin/ip -6 neigh add proxy 2235:33fa:7:1236::aaaa dev br0 pre-down /sbin/ip -6 neigh del proxy 2235:33fa:7:1236::aaaa dev br0
184.108.40.206 is the IPv4 address of the server and its IPv6 network is
I have one virtual guest running on this host and its IPv6 address is
Adding the two lines at the bottom of the iface br0 inet6 block enables the guest
to speak to the outside world. You have to add two analog lines for each guest’s IPv6 address.
The guest’s network configuration
The network setup on the guest is straight forward. Make sure that there is a network interface available that’s connected to the host’s br0 bridge (it’s eth1 in my case) and configure networking (again for Debian Jessie) as follows:
iface eth1 inet6 static address 2235:33fa:7:1236::aaaa netmask 64 gateway 2235:33fa:7:1236::1 dns-nameservers 2235:33fa:7:1236::1
Basically, you set up the IPv6 address and set the hosts’s IPv6 as gateway address.
I use the dnsmasq instance running on the host as DNS server.
That’s all: you should now have a virtual server that’s reachable at
and able to talk to the outside world via its IPv6 address.