[libvirt] IPV6 and routing

Gene Czarcinski gene at czarc.net
Sat Oct 6 14:34:43 UTC 2012 

As I have mentioned in other messages, I am interested in having full 
support for IPv6 in libvirt.  To me this includes having dhcp6 for IPV6 
address assignment and using RA (radvd) to establish the default route.  
This is what I am using on my real LANs.

Before starting into adding dhcp6 support to libvirt, I wanted to see 
just how it works with the current software.  First of all, it appears 
that, when nat or routed are specified for IPv4, the IPv6 is routed.  If 
it is an isolated/private network, then it can only work with other 
guests on that network.  The iptables and ip6tables settings 
corresponded and were as expected.  On the virtualization host, both 
IPv4 and IPv6 forwarding are enabled.

While I can easily do stuff like ping6 and ssh -6 from virtual guests to 
the virtualization host, I have been unable to do anything with external 
hosts ... unless I add a static route for the virtual IPv6 network on 
the target host back to the virtualization host. This is the only way I 
have gotten anything to work.  To complicate things, it seem that 
"everything" wants the IPv6 network to have prefix=64 or things do not 
work correctly.

The real systems use fd00:dead:beef:17::/64 for their network.  The 
virtual networks all use fd00:face:17:xx::/64 for their networks.

The network traffic on the virtualization host is forwarded to the 
target host ... I can see the packets with wireshark on the target host.

On the target host I tried specifying a static route for network 
fd00:face:17::/48 ... well, that really screwed things up, resulted in 
some "redirects" from the virtualization host saying the that it was 
sent a malformed packed ... it took a reboot to clean things up.

OK, so leave the fd00:face:17:6::/64 static route on the target host but 
subnetwork this network on the virtualization host using networks like 
fd00:face:17:6:8::/80 and fd00:face:6:9::/80.  This works if I manually 
configure IPv6 on the virtual guest.  Since radvd is "upset" by a 
non-prefix=64 network, I was not surprised when the guest's automatic 
IPv6 address/network was not configured.

OK, what am I missing?  What don't I understand?

If IPv6 is going to be useful in virtualization, then there must be some 
"easy" way to have other systems understand that the virtualization host 
is acting as a router for the virtual IPv6 networks it runs.  While 
being able to go between the virtualization hosts and the virtual guests 
is very useful, I do not consider this sufficient.

I have googled and found some stuff as well as reading more RFCs than I 
wanted to but I cannot find anything to address this issue.

IIRC, I did find something under a libvirt document that indicates 
"routed" will be used for some kind of subnetworking.

Does libvirt need an IPv6 "NAT" to make this work?

Comments?  Suggestions?

Gene

More information about the libvir-list mailing list