carlos at ansp
Jul 19, 2012, 10:40 AM
Post #7 of 8
(612 views)
Permalink
|
|
Re: Does anybody here uses IPv6 for DomU?
[In reply to]
|
|
Can someone put here the output from the command "ip6tables -L -n" from
Dom0?
Thanks,
-------------------------------
Carlos Eduardo Ribas
2012/7/19 Carlos Ribas <carlos [at] ansp>
> What let me crazy is that from Dom0 (with local-link) I can ping the
> router and from DomU with static IP I can't!
>
> Dom0:
> # ping6 2001:xxxx:xxxx::5
> PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
> 64 bytes from 2001:xxxx:xxxx::5: icmp_seq=1 ttl=64 time=4.56 ms
> ^C
>
> DomU:
> # ping6 2001:xxxx:xxxx::5
> PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
> ^C
> --- 2001:xxxx:xxxx::5 ping statistics ---
> 5 packets transmitted, 0 received, 100% packet loss, time 3999ms
>
> Regards,
>
> -------------------------------
> Carlos Eduardo Ribas
>
>
>
>
>
> 2012/7/19 Carlos Ribas <carlos [at] ansp>
>
>> Hello Stephan,
>>
>> I tried to use my subnet, but didnt work. I tried to disable
>> autoconf, no success. I also tried to manually configure the forward in
>> Dom0 using "ip6tables -A FORWARD -s 2001:xxxx:xxxx::6 -m physdev
>> --physdev-in vif21.0 -j ACCEPT" but once again, without success.
>>
>> It's odd because if I try to ping the router from my DomU, it will
>> not work, and this is the output from "ip -6 neigh":
>>
>> # ip -6 neigh
>> 2001:xxxx:xxxx::5 dev eth0 FAILED
>> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>>
>> From my router I can't ping my DomU, but then I got this message:
>>
>> # ip -6 neigh
>> 2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE
>> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router
>> REACHABLE
>>
>> And then it changed to:
>>
>> # ip -6 neigh
>> 2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>>
>> What seems to be ok, but it is not ok. Well, I'm still investigating.
>>
>> Thank you for your help,
>>
>> -------------------------------
>> Carlos Eduardo Ribas
>>
>>
>>
>>
>>
>> 2012/7/19 Stephan Seitz <s.seitz [at] netzhaut>
>>
>>> **
>>> Hi,
>>>
>>> as Simon already wrote, try to use your provisioned "regular" ipv6 net.
>>> This is usally
>>> a /48 or /64.
>>>
>>> Our dom0 don't have ipv6 configured in any way, it's just enabled by
>>> default.
>>> Only the usual local-link (fe80...) addresses are bound to the
>>> interfaces.
>>> If you're using bridges (peth0 -> eth0 -> vifX.X), you don't have to
>>> touch any
>>> forwarding settings. It's "just working".
>>>
>>> If you're using fixed addresses, don't forget to disable autoconf which
>>> is default.
>>> E.g. :
>>> iface eth0 inet6 static
>>> pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf
>>> address ...
>>>
>>>
>>>
>>>
>>>
>>> Am Mittwoch, den 18.07.2012, 12:48 -0300 schrieb Carlos Ribas:
>>>
>>> Hello Simon,
>>>
>>>
>>>
>>> Yes, I'm using bridging. I put 126 as subnet mask because I configured
>>> a P-P link. Unfortunately use 64 makes no difference. However, the command
>>> you said showed me that something is wrong:
>>>
>>>
>>>
>>> # ip -6 neigh
>>>
>>> 2001:xxxx:xxxx::5 dev eth0 FAILED
>>>
>>> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>>>
>>>
>>>
>>> I was cheking only with this command (and looking at red line, I
>>> thought that it was all fine):
>>>
>>>
>>>
>>> # route -A inet6
>>>
>>> Kernel IPv6 routing table
>>>
>>> Destination Next Hop Flag Met Ref
>>> Use If
>>>
>>> 2001:xxxx:xxxx::4/126 :: Ue 256 0
>>> 4 eth0
>>>
>>> fe80::/64 :: U 256 0
>>> 0 eth0
>>>
>>> *::/0 2001:xxxx:xxxx::5 UG 1 0
>>> 0 eth0*
>>>
>>> ::/0 fe80::224:38ff:fec9:8b00 UGDAe 1024 0
>>> 0 eth0
>>>
>>> ::/0 :: !n -1 1
>>> 73 lo
>>>
>>> ::1/128 :: Un 0 1
>>> 23 lo
>>>
>>> 2001:xxxx:xxxx::6/128 :: Un 0 1
>>> 24 lo
>>>
>>> fe80::216:3eff:fee2:3f3d/128 :: Un 0 1
>>> 0 lo
>>>
>>> ff00::/8 :: U 256 0
>>> 0 eth0
>>>
>>> ::/0 :: !n -1 1
>>> 73 lo
>>>
>>>
>>>
>>> I will investigate further more. Do you think there are something
>>> wrong with "network-script" that can cause this? I hope not! :)
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> -------------------------------
>>>
>>> Carlos Eduardo Ribas
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> 2012/7/18 Simon Hobson <linux [at] thehobsons>
>>>
>>> Carlos Ribas wrote:
>>>
>>> I am trying to do some tests with IPv6. I would like to configure a
>>> dual stack for some services, such as DNS and Web Server.
>>>
>>> First of all, to have IPv6 in DomU should I configure IPv6 in Dom0? I'm
>>> not sure, but I dont think so, since from Dom0 using loopback address I can
>>> ping the IPv6 address from my router.
>>>
>>>
>>>
>>> You don't need any address of Dom0 (I'm assuming you are using
>>> bridging ?)
>>>
>>> I have one DomU running IPv6 for testing (DNS, Web server), Dom0 and the
>>> rest of the network is IPv4 only - well as much as you can when everything
>>> defaults to at least configuring link-local IPv6 addresses.
>>>
>>>
>>>
>>> # The primary network interface
>>> auto eth0
>>> iface eth0 inet static
>>> address 10.0.0.100
>>> gateway 10.0.0.1
>>> netmask 255.255.255.0
>>> broadcast 10.0.0.255
>>>
>>> iface eth0 inet6 static
>>> address 2001:xxxx:xxxx::6
>>> netmask 126
>>> gateway 2001:xxxx:xxxx::5
>>>
>>>
>>>
>>> That looks OK, I'm running a Hurricane Electric tunnel so mine looks
>>> different.
>>>
>>>
>>>
>>> But I cant ping the IPv6 address from my gateway. My routes seems to be
>>> OK. Should I configure something else? I was looking in google and saw some
>>> people saying about to check /etc/sysctl.conf, specially the line
>>> "net.ipv6.conf.all.forwarding=1", but this dont did any difference.
>>>
>>>
>>>
>>> I have "post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" in
>>> the IPv6 stanza in my /etc/network/interfaces. But that is only needed to
>>> make the machine route packets between networks (ie act as a router for
>>> other devices' traffic), it will still talk to other devices without this.
>>>
>>>
>>>
>>> (network-script 'network-bridge antispoof=yes')
>>> (vif-script vif-bridge)
>>>
>>>
>>>
>>> Standard advice now is not to use a network-script. It made sense a
>>> while back, but the scripts are deprecated and the host OS generally has
>>> better tools. For example, in Debian you can put something like this in
>>> /etc/network/interfaces :
>>> auto br0
>>> iface br0 inet static
>>> bridge_ports eth0
>>> address a.b.c.d
>>> netmask 255.255.255.0
>>>
>>> One things I suggest it might be worth looking at is your subnet mask.
>>> Try using 64 instead of 126 and see if it makes any difference. While
>>> technically a 126 bit netmask ought to work on a P-P link, in practice I
>>> believe there are a lot of things that break if you go less than 64 bits
>>> for the host part of the address.
>>>
>>> Also, "ip -6 neigh" will show you the known IPv6 neighbours (roughly
>>> equivalent to ARP cache for Ipv4). That may help in debugging.
>>>
>>> _______________________________________________Xen-users mailing listXen-users [at] listshttp://lists.xen.org/xen-users
>>>
>>>
>>
>
|
signature.asc
