3

So I have a dedicated server from OVH. With that I got a /64 range of IPv6 addresses and 1 public IPv4 address. I purchased a second IPv4 address as a fallback.

The host is running the Xen hypervisor and I already set up the bridge 

bridge name bridge id       STP enabled interfaces
br0     8000.0cc47ac4292c   no      eno3
                                    vif4.0
                                    vif4.0-emu
virbr0  8000.525400a2390a   yes     virbr0-nic

I was able to get the VM connected with both the IPv4 and IPv6 address (it will only be using IPv6 though) however as a test I changed the VM's MAC address from the one listed for my fallback and boom, no more IPv6 connectivity but once I set the MAC address back it was working right as rain.

Host ipv6 routing table

2607:5300:61:45b::/64 dev br0  proto kernel  metric 256  pref medium
2607:5300:61:400::/56 dev eno3  proto kernel  metric 202  mtu 1500 pref medium
fe80::/64 dev eno3  proto kernel  metric 256  pref medium
fe80::/64 dev eno4  proto kernel  metric 256  pref medium
fe80::/64 dev br0  proto kernel  metric 256  pref medium
fe80::/64 dev vif4.0-emu  proto kernel  metric 256  pref medium
fe80::/64 dev vif4.0  proto kernel  metric 256  pref medium
ff00::/8 dev eno3  metric 256  pref medium
ff00::/8 dev eno4  metric 256  pref medium
ff00::/8 dev br0  metric 256  pref medium
ff00::/8 dev vif4.0-emu  metric 256  pref medium
ff00::/8 dev vif4.0  metric 256  pref medium
default via fe80::205:73ff:fea0:0 dev br0  metric 1024  pref medium

Guest ipv6 routing table 

2607:5300:61:45b::/64 dev eth0  proto kernel  metric 256  pref medium
2607:5300:61:400::/56 dev eth0  proto kernel  metric 256  expires 2591946sec pref medium
fe80::/64 dev eth0  proto kernel  metric 256  pref medium
default via fe80::205:73ff:fea0:0 dev eth0  proto ra  metric 1024  expires 1746sec hoplimit 64 pref medium

Ideally what I'm looking to do is be able to create VM's that will have their own publicly routable IPv6 address without having to have a separate fallback IPv4 address for each one.

The host system is running Gentoo btw.

Francis Booth
  • 83
  • 1
  • 5
  • have you tried https://wiki.ubuntu.com/IPv6#Configure_your_Ubuntu_box_as_a_IPv6_router – Jacob Evans Mar 03 '17 at 12:39
  • I'm not sure what you are trying to accomplish with "I changed the VM's MAC address from the one listed for my fallback" You can use whatever unique MAC address you want in the guest. Could you show the change you made, in both host and guest interfaces? – John Mahowald Mar 03 '17 at 13:24
  • 2
    You're on OVH, and their IPv6 support is _limited_, as you've discovered. VMs bridged directly to the physical network must use an OVH-assigned MAC address, but OVH won't assign such a MAC address except for a failover IPv4. But if you route to an internal virtual network, you don't have any IPv6 subnets to assign to it. – Michael Hampton Mar 03 '17 at 16:54
  • @MichaelHampton I'm actually going to try a cheat method. I have a /48 from Hurricane Electric so what I COULD do and still utilize the secondary IPv4 address is create a PFSense VM that's only function is to provide the /48 address range to my VM's. – Francis Booth Mar 03 '17 at 17:53
  • @MichaelHampton, the annoying thing is that OVH appearently have assigned MAC-addresses to 3 machines 2-3 years ago, because it is working, but I can't make it work for new machines, not even a clone of a working machine. – Lenne Sep 26 '18 at 11:21
  • @Lenne I run ndppd on the interface where OVH has routed IPv6 into the server, and then subnet it further, generally by /80, on internal virtual networks which are routed (not bridged). It's messy but it works. – Michael Hampton Sep 26 '18 at 16:26

1 Answers1

0

I created my own solution where I created a PFSense firewall which will handle the natting of the single IPv4 address and allocate out globally routable IPv6 addresses. (Currently working on a separate issue with the setup but full IPv6 connectivity works just fine.)

To do the setup, create a separate bridge off the host machine (br1) and connect PFSense to both br0 and br1 WAN/LAN respectively. Have all your virtual machines bridge to br1 which will then receive a private IPv4 address and public IPv6 address from DHCP.

Francis Booth
  • 83
  • 1
  • 5
  • I have done this, and it works for some hosts we did years ago, but I can't get it to work on new hosts. I believe everything is configured the same on both working and non-working. I must be forgetting a simple step to make it work. – Lenne Sep 24 '18 at 11:28