[PATCH] doc: add some examples for IPv6 NAT configuration
Ian Wienand
iwienand at redhat.com
Tue Sep 8 20:55:57 UTC 2020
Gentle ping on this; thanks
-i
On Wed, Aug 12, 2020 at 11:21:47AM +1000, Ian Wienand wrote:
> Add some expanded examples for the nat ipv6 introduced with
> 927acaedec7effbe67a154d8bfa0e67f7d08e6c7.
>
> Unfortunately while for IPv4 it's well-known what addresses ranges are
> useful for NAT, with IPv6 unless you enjoy digging through RFC's going
> back-and-forth over unique local addresses and the meaning of the word
> "site" it's generally much less obvious. I've tried to add some
> details on choosing a range inline with RFC 4193 and then some
> pointers for when it maybe doesn't work in the guest as you first
> expect despite you doing what the RFC's say!
>
> Signed-off-by: Ian Wienand <iwienand at redhat.com>
> ---
> docs/formatnetwork.html.in | 47 ++++++++++++++++++++++++++++++++++++++
> 1 file changed, 47 insertions(+)
>
> diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
> index fb740111b1..94a4cab4d1 100644
> --- a/docs/formatnetwork.html.in
> +++ b/docs/formatnetwork.html.in
> @@ -1209,6 +1209,53 @@
> </ip>
> </network></pre>
>
> + <h3><a id="examplesNATv6">IPv6 NAT based network</a></h3>
> +
> + <p>
> + Below is a variation for also providing IPv6 NAT. This can be
> + especially useful when using multiple interfaces where some,
> + such as WiFi cards, can not be bridged (usually on a laptop),
> + making it difficult to provide end-to-end IPv6 routing.
> + </p>
> +
> + <pre>
> +<network>
> + <name>default6</name>
> + <bridge name="virbr0"/>
> + <forward mode="nat">
> + <nat ipv6='yes'>
> + <port start='1024' end='65535'/>
> + </nat>
> +
> + <ip address="192.168.122.1" netmask="255.255.255.0">
> + <dhcp>
> + <range start="192.168.122.2" end="192.168.122.254"/>
> + </dhcp>
> + </ip>
> + <ip family="ipv6" address="fdXX:XXXX:XXXX:NNNN:: prefix="64"/>
> + </ip>
> +</network></pre>
> +
> + <p>IPv6 NAT addressing has some caveats over the more straight
> + forward IPv4 case.
> + <a href="https://tools.ietf.org/html/rfc4193">RFC 4193</a>
> + defines the address range <tt>fd00::/8</tt> for <tt>/48</tt> IPv6
> + private networks. It should be concatenated with a random 40-bit
> + string (i.e. 10 random hexadecimal digits replacing the <tt>X</tt>
> + values above, RFC 4193 provides
> + an <a href="https://tools.ietf.org/html/rfc4193#section-3.2.2">algorithm</a>
> + if you do not have a source of sufficient randomness). This
> + leaves <tt>0</tt> through <tt>ffff</tt> for subnets (<tt>N</tt>
> + above) which you can use at will.</p>
> +
> + <p>Many operating systems will not consider these addresses as
> + preferential to IPv4, due to some practial history of these
> + addresses being present but unroutable and causing networking
> + issues. On many Linux distributions, you may need to
> + override <tt>/etc/gai.conf</tt> with values
> + from <a href="https://www.ietf.org/rfc/rfc3484.txt">RFC 3484</a>
> + to have your IPv6 NAT network correctly preferenced over IPv4.</p>
> +
> <h3><a id="examplesRoute">Routed network config</a></h3>
>
> <p>
> --
> 2.26.2
>
More information about the libvir-list
mailing list