[libvirt] IPv6 subnet on virbr0
Daniel P. Berrange
berrange at redhat.com
Fri Jun 5 10:43:28 UTC 2009
On Thu, Jun 04, 2009 at 07:26:05PM +0200, Bernie Innocenti wrote:
> Hello,
>
> in a common scenario where there aren't enough public IPv4 addresses for
> all domains, I have elaborated this workaround:
>
> - the host operates a sixxs.net IPv6 tunnel with aiccu.
>
> - the virbr0 interface is manually configured an IPv6 address
> within a /64 subnet delegated by sixxs.net. (I do this from
> /etc/rc.local for lack of a better place)
>
> - radvd runs on the host to autoconfigure IPv6 for the guests
> on virbr0 and advertise the host as a gateway
>
> With this setup, all machines are globally addressable from the IPv6
> internet, which is still quite useful for backstage services such as a
> build farm.
>
> In order to automate this setup, libvirt should support configuring an
> IPv6 address on bridged interfaces, and possibly multiple addresses for
> dual stack setups. Automatically running radvd would make a nice goodie.
I'm not sure that we should automatically run radvd, because this has
potential implications for the host as a whole. It is hard to restrict
scope to just the virbr0 interface, as we do with IPv4 using NAT.
We should definitely allow multiple <ip> elements, and allow both IPv4
and IPv6 and configure interfaces accordingly. Annoyingly we used the
attribute 'netmask'. We really should have used 'prefix', since netmask
as a concept is deprecated in IPv6 world. I'd suggest we allow continued
use of netmask for IPv4 addresses, but recommend use of 'prefix' in the
future. If they give a netmask, then automatically generate a prefix
attribute, and vica-verca.
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254" />
</dhcp>
</ip>
<ip address="2001:200:0:8002:203:47ff:fea5:3083" prefix="64'/>
In theory we should also allow <dhcp> for IPv6, but I'm not sure that the
dnsmasq daemon supports offering of DHCPv6 addresses.
Todo this properly we'll need to
- Extend the parser to allow multiple addresses
- Change the string -> address code to use getaddrinfo, not inet_aton
- Change interface bring up code to add multiple addresses IPv4 & 6
- Add support for ip6tables
- Add rules for ip6tables as appropriate for the <forward/> rule
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list