4

I have an external server at Hetzner with Debian 7 and trying to setup KVM with IPv6 Routing (the same setup works for IPv4 without problems).

I have one Ubuntu Server VM with two interfaces which are in two different subnet. The first interface ist connected to the host via a bridge:

Host-eth0 <-- external bridge --> vnet0-VM-vnet1 <-- internal bridge

I configured the bridge to add a static route to the second subnet via the first VM interface:

ip -6 route add 2a01:4f8:X:Y:2::/80 via 2a01:4f8:X:Y:1::3 dev virbr_external

This adds the route entry BEFORE the VM is started. When I use ping6 from the host to the vnet1 interface (2::2) I get this error message:

ping: sendmsg: Network is down

When I don't add the route in the interfaces configuration and call it manually AFTER the VM is started, everything works.

So my question is why does route add for IPv6 addresses only work after the the VM is started?

Additional Configuration Details:

Host Interfaces

auto lo
iface lo inet6 loopback

auto eth0
iface eth0 inet6 static
    address 2a01:4f8:X:Y:0::2
    netmask 128
    gateway fe80::1

# Bridge between Host and VM
auto virbr_external
iface virbr_external inet6 static
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    address 2a01:4f8:X:Y:1::2
    netmask 80

up ip -6 route add 2a01:4f8:X:Y:2::/80 via 2a01:4f8:X:Y:1::3 dev virbr_external

# Bridge between VM and other VMs
auto virbr_internal
iface virbr_internal inet6 manual
    bridge_ports none
    bridge_stp off
    bridge_fd 0

VM Interfaces

auto lo
iface lo inet6 loopback

auto eth0
iface eth0 inet6 static
    address 2a01:4f8:X:Y:1::3
    netmask 80
    gateway 2a01:4f8:X:Y:1::2

auto eth1
iface eth1 inet6 static
    address 2a01:4f8:X:Y:2::2
    netmask 80

Please tell me if you need more logs (before and after it works), I will gather it then.

Dresel
  • 141
  • 5
  • I'm having the same problem - deleting and readding the route fixes the sendmsg problem. Kernel: `Linux ... 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u1 x86_64 GNU/Linux` – Stefan Jun 03 '14 at 11:51

2 Answers2

2

Having the same problem here. Solution is to flush the IPV6 route cache after setting the route:

ip -6 route flush cache

Changing your interfaces section to:

...
auto virbr_external
iface virbr_external inet6 static
   bridge_ports none
   bridge_stp off
   bridge_fd 0
   address 2a01:4f8:X:Y:1::2
   netmask 80
   up ip -6 route add 2a01:4f8:X:Y:2::/80 via 2a01:4f8:X:Y:1::3 dev virbr_external
   up ip -6 route flush cache # Flush cache after setting route
   ...

fixes the issue on boot.

Cygnus
  • 21
  • 2
0

I'm not sure it has to do with the order in which VM's are started/routes are added, unless there is some logic to set the metric lower than other routes... Multiple interfaces may want to route your ipv6 traffic and the kernel will pick the route with the lowest metric.

On my system, the default metric for my bridge was 425 so when a VM starts and set up a default route with metric 256 it takes precedence over the default bridge0 route and causes the traffic to be sent to my VM by default. The route can be printed with:

ip -6 route show

Libvirt should probably not even allow that interface to have an ipv6 address and routes as it's part of the bridge, but it does, so my workaround is simply to set the bridge's default route to a lower value than the vmnet interface. Using network-manager:

nmcli connection modify bridge0 ipv6.route-metric 128

Now, even though libvirt creates a route on the vnet0 interface it's not being used because the bridge takes precedence.

This bug report seems to be related, although it is very old so it may be a newer bug that I'm seeing...

Thomas Guyot-Sionnest
  • 449
  • 4
  • 6