<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hello guys!<br>
<br>
I got into problem with installing IPv6 default gateway on centos7
guest while running dhcpv6.<br>
<br>
=== Scheme ===<br>
<br>
Guest has two network interfaces.<br>
<br>
<b>eth0</b> is connected to Host-Only network over virbr0. This
network has dhcpv6 set up.<br>
<br>
<small>[root@s143 ~]# virsh net-dumpxml Host-Only<br>
<network connections='1'><br>
<name>Host-Only</name><br>
<uuid>11aa4e6a-9014-4dae-86b9-b13159896efe</uuid><br>
<bridge name='virbr0' stp='off' delay='0'/><br>
<mac address='52:54:00:1e:17:49'/><br>
<ip family='ipv4' address='10.37.130.2' prefix='24'><br>
<dhcp><br>
<range start='10.37.130.1' end='10.37.130.254'/><br>
</dhcp><br>
</ip><br>
<ip family='ipv6' address='fdb2:2c26:f4e4::1' prefix='64'><br>
<dhcp><br>
<range start='fdb2:2c26:f4e4::'
end='fdb2:2c26:f4e4::ffff'/><br>
</dhcp><br>
</ip><br>
</network></small><br>
<br>
<b>eth1</b> is connected to Bridged network over br0 bridge on host
enp4s0 interface.<br>
<br>
<small>[root@s143 ~]# virsh net-dumpxml Bridged<br>
<network connections='1'><br>
<name>Bridged</name><br>
<uuid>1ffa16f9-6a52-4710-9b58-52b8463cdece</uuid><br>
<forward mode='bridge'/><br>
<bridge name='br0'/><br>
</network></small><br>
<small><br>
[root@s143 ~]# virsh iface-dumpxml br0<br>
<interface type='bridge' name='br0'><br>
<protocol family='ipv4'><br>
<ip address='10.94.1.161' prefix='16'/><br>
</protocol><br>
<protocol family='ipv6'><br>
<ip address='2001:aaad::a5e:a28<big>E</big>'
prefix='64'/><br>
<ip address='fe80::be5f:f4ff:fe44:2cbb' prefix='64'/><br>
</protocol><br>
<bridge><br>
<interface type='ethernet' name='vme42460d71'><br>
<link state='unknown'/><br>
<mac address='fe:1c:42:46:0d:71'/><br>
</interface><br>
<interface type='ethernet' name='enp4s0'><br>
<link speed='1000' state='up'/><br>
<mac address='bc:5f:f4:44:2c:bb'/><br>
</interface><br>
</bridge><br>
</interface></small><br>
<br>
=== Problem ===<br>
<br>
Now I want to set ipv6 address <small>2001:aaad::a5e:a28</small>F
to guest eth1 (bridged to host) <br>
and install a default route<br>
ip -6 route add default via <small>2001:aaad::a5e:a2<big>90 dev
eth1 // metric 1024 <br>
<br>
So I want all the IPv6 traffic w/o route to go into eth1, then
through host bridge to gateway (same for host and guest).<br>
<br>
The problem is that I see following in my guest:</big></small><br>
<small><big><small><big>// the metric changes somehow, but this does
not matter.<br>
</big>default via fe80::5054:ff:fe1e:1749 dev eth0 proto
static metric 100 pref medium <br>
default via 2001:aaad::a5e:a290 dev eth1 metric 1024 pref
medium </small><br>
<br>
And the first (via link-local) route is preferred on routing.<br>
<br>
<small>[root@s143 ~]# ip -6 address show dev virbr0<br>
6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 <br>
inet6 fdb2:2c26:f4e4::1/64 scope global <br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::5054:ff:fe1e:1749/64 scope link <br>
valid_lft forever preferred_lft forever</small><br>
<br>
</big></small>The problem is:<br>
<small>guest:/ # radvdump<br>
#<br>
# radvd configuration generated by radvdump 2.11<br>
# based on Router Advertisement from fe80::5054:ff:fe1e:1749<br>
# received by interface eth0<br>
#<br>
<br>
interface eth0<br>
{<br>
AdvSendAdvert on;<br>
# Note: {Min,Max}RtrAdvInterval cannot be obtained with
radvdump<br>
AdvManagedFlag on;<br>
AdvOtherConfigFlag on;<br>
AdvReachableTime 0;<br>
AdvRetransTimer 0;<br>
AdvCurHopLimit 64;<br>
AdvDefaultLifetime 1800; <----------------<br>
AdvHomeAgentFlag off;<br>
AdvDefaultPreference medium;<br>
AdvLinkMTU 1500;<br>
AdvSourceLLAddress on;<br>
<br>
prefix fdb2:2c26:f4e4::/64<br>
{<br>
AdvValidLifetime 3600;<br>
AdvPreferredLifetime 3600;<br>
AdvOnLink on;<br>
AdvAutonomous off;<br>
AdvRouterAddr off;<br>
}; # End of prefix definition<br>
<br>
<br>
RDNSS fe80::5054:ff:fe1e:1749<br>
{<br>
AdvRDNSSLifetime 3600;<br>
}; # End of RDNSS definition<br>
<br>
}; # End of interface definition</small><br>
<br>
So, dnsmasq includes its link-local address into RA and <br>
announces itself as default gateway valid for 30min.<br>
Guest sees this RA and installs a route in accordance.<br>
<br>
As a result, the default gateway requested by user is overridden and
thus not used.<br>
We cannot just disable RA since we still need IPv6 address on guest
eth0 (dhcp6 part of functionality).<br>
<br>
=== Possible solutions ===<br>
<br>
I see two possible solutions.<br>
1) Tinker with routes.<br>
As I said, the metric of installed RA routes may change and it's
difficult to override them for sure (maybe with metric 0 or 1?)<br>
Moreover, this may confuse user and requires specific knowledge
(IPv6, RA, etc.).<br>
<br>
2) Forbid guest to learn default route from RA<br>
sysctl -w net.ipv6.conf.eth0.accept_ra_defrtr=0<br>
- This should be made for all virbr-based networks.<br>
- This may confuse user as well.<br>
<br>
3) Forbid dnsmasq to announce virbr0 link-local address as default
gateway.<br>
This can be made with <br>
adding 'ra-param=*,0,0' to /var/lib/libvirt/dnsmasq/Host-Only.conf<br>
// interface=* (any), interval=0 (default), router_lifetime=0 (I am
NOT you gateway, Luke).<br>
// tested on dnsmasq-2.75-3.fc22 but should work from 2.67<br>
now the RA looks as following:<br>
<small><br>
linux-bnqo:/ # radvdump<br>
#<br>
# radvd configuration generated by radvdump 2.11<br>
# based on Router Advertisement from fe80::5054:ff:fe1e:1749<br>
# received by interface eth0<br>
#<br>
<br>
interface eth0<br>
{<br>
AdvSendAdvert on;<br>
# Note: {Min,Max}RtrAdvInterval cannot be obtained with
radvdump<br>
AdvManagedFlag on;<br>
AdvOtherConfigFlag on;<br>
AdvReachableTime 0;<br>
AdvRetransTimer 0;<br>
AdvCurHopLimit 64;<br>
AdvDefaultLifetime 0;<br>
AdvHomeAgentFlag off;<br>
AdvDefaultPreference medium;<br>
AdvLinkMTU 1500;<br>
AdvSourceLLAddress on;<br>
<br>
prefix fdb2:2c26:f4e4::/64<br>
{<br>
AdvValidLifetime 3600;<br>
AdvPreferredLifetime 3600;<br>
AdvOnLink on;<br>
AdvAutonomous off;<br>
AdvRouterAddr off;<br>
}; # End of prefix definition<br>
<br>
<br>
RDNSS fe80::5054:ff:fe1e:1749<br>
{<br>
AdvRDNSSLifetime 3600;<br>
}; # End of RDNSS definition<br>
<br>
}; # End of interface definition</small><br>
<br>
=== Conclusion ====<br>
<br>
Please correct me if my setup itself is wrong and causes problems.<br>
Maybe there are another solutions possible, w/o modifying
libvirt/guest?<br>
Would you accept patches related to 3rd solution?<br>
<br>
Looking forward to your replies.<br>
Thanks in advance!<br>
<pre class="moz-signature" cols="72">--
Your sincerely,
Maxim Perevedentsev</pre>
</body>
</html>