IPv6 subnet with libvirt question

Hallo again OpenWrt-Forum,

I struggle again with my IPv6 configuration. Perhaps someone can point me to the direction.

I happen to get a /56 prefix from my provider. So I configured the host with SLAAC/RA and DHCPv6 to get some IPs:

2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ec:08:6b:56:bc:57 brd ff:ff:ff:ff:ff:ff
    inet 100.110.43.99/10 metric 1024 brd 100.127.255.255 scope global dynamic bridge
       valid_lft 169sec preferred_lft 169sec
    inet6 2a0d:3344:1500:73fd::1234/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 247sec preferred_lft 97sec
    inet6 2a0d:3344:15de:7901::1234/64 metric 256 scope global dynamic mngtmpaddr 
       valid_lft 984sec preferred_lft 384sec
    inet6 fe80::ee08:6bff:fe56:bc57/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever

Fine.

Now I have libvirt running and added a routed network:

<network connections='1'>
  <name>ipv6test</name>
  <uuid>d825c26e-160a-4939-b167-50bd277ab8f7</uuid>
  <forward mode='route'/>
  <bridge name='virbr1' stp='on' delay='0'/>
  <mac address='52:54:00:ca:c9:21'/>
  <domain name='ipv6test'/>
  <ip family='ipv6' address='2a0d:3344:15de:7942::1' prefix='64'>
    <dhcp>
      <range start='2a0d:3344:15de:7942::100' end='2a0d:3344:15de:7942::1ff'/>
    </dhcp>
  </ip>
</network>

And then I configure my VM-guest to get an IPv6 via DHCPv6:

[Match]
Name=enp0s1

[Network]
DHCP=ipv6
IPv6AcceptRA=no
IPv6SendRA=no
UseDNS=true
DHCPPrefixDelegation=true

[Route]
GatewayOnLink=true

[DHCPPrefixDelegation]
Token=::1000
SubnetId=42

resulting in:

2: enp0s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:82:f2:3e brd ff:ff:ff:ff:ff:ff
    inet6 2a0d:3344:15de:7942::1000/64 metric 256 scope global dynamic mngtmpaddr 
       valid_lft 993sec preferred_lft 393sec
    inet6 2a0d:3344:15de:7942::1b5/128 scope global dynamic noprefixroute 
       valid_lft 85001sec preferred_lft 85001sec
    inet6 fe80::5054:ff:fe82:f23e/64 scope link 
       valid_lft forever preferred_lft forever

Problem:
I can't ping internet from VM.

Do I need to set any routes on the VM or on the host?
(I thought libvirt might take care of that cause I consider this like a straight forward standard configuration? Isn't that a common use case?)

Do I need to set ip6tables rules on host?

Thanks in advance :slight_smile:

Hi

i am far from libvirt expert, but above line ...
do you have default route on your VM ?

ip -6 r 
1 Like

Hi. Seems that I have some conflicting configuration (second VM) and some things more that were solved by a reboot. Also I feel that it is a problem, when I assign a IPv6 to the host, that is in the DHCPv6 subnet of the libvirt config.

I had host IP:

2a0d:3344:15de:7942::1337

This might have messed up routing.
Now I have:

2a0d:3344:15de:7900::1337

(00 instead of libvirt served 42 subnet for host)

Thanks anyway,
I think I can go from here...

All of your networks except the wan itself should have IPs made by delegating parts of the /56. The wan itself will usually have a separate (outside the /56) IP that is either /64 or /128. That IP should be used only for router-initiated Internet use such as NTP and relayed DHCP.

The VM should have a /64 taken out of the /56 and routed to it. OpenWrt does this with the ip6assign option on an interface. The router interface facing the VM is usually prefix::1/64 then the VM itself has one or more IPs within that /64.

To see the prefix, use ifstatus wan6. A /56 has the form XXXX:XXXX:XXXX:XX00::/56. The two zeros are under your local control to be replaced with other numbers to create separate local /64s (or larger, if you have multiple routers in cascade). Every IP with the 56 X bits matching is routed to your house by the ISP, then the router looks at the last 8 bits to route it to one of your LANs. Check the routing table with ip -6 route show (the non-abbreviated form of ip -6 r).

1 Like