IPv6 works best when veth devices are used to bridge VEs to their host. An IPv6 compliant method of using veth interfaces for VEs can be found in the VEs and HNs in same subnets article.
venet devices are not fully IPv6 compliant, but still works if you statically assign IPv6 addresses. They do not properly support MAC addresses and consequently link local addresses and can not play nice with neighbor discovery or router advertisements, router discovery, or auto-conf. They also require additional modifications to the layer 3 forwarding behaviour of the host via sysctl.
Contents
Configure the Node
In order for IPv6 to work for containers you must have a fully functioning IPv6 interface on the host node.
CentOS Node Configuration for IPv6
Add the below to the file /etc/sysconfig/network NETWORKING_IPV6=yes IPV6FORWARDING=yes IPV6_DEFAULTDEV=eth0 IPV6_DEFAULTGW=aaaa:bbbb:a01a::1 IPV6_AUTOCONF=no Add the below to the file /etc/sysconfig/network-scripts/ifcfg-ethX X being your interface number IPV6INIT=yes IPV6ADDR=aaaa:bbbb:cccc:0000:0100::1 /etc/sysctl.conf also needs net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.all.proxy_ndp = 1
venet example
(tests done on CentOS kernel 2.6.18-194.26.1.el5.028stab079.2)
Adding an IPv6 address to a container
# vzctl set <id> --ipadd <ipv6_addr> --save
In my tests, the container had to be restarted before it would respond to ICMP6 echo requests.
In other tests on 2.6.32-042stab044.11 kernel, container failed to receive Neighbor Solicitation requests and replies, so I had to enable proxy_ndp:
# sysctl -w net.ipv6.conf.all.proxy_ndp=1
(and later add appropriate line to /etc/sysctl.conf).
Removing an IPv6 address from a container
# vzctl set <id> --ipdel <ipv6_addr> --save
Removal is effective immediately and the host stops replying to echo requests.
See also
External Links
- A user success story / howto on SixXS wiki [1].