2

I am struggling a bit on how to equip my LXC configuration with IPv6 currently. What's the setup?

  • Ubuntu 16.04 LTS
  • LXC2-beta from the Ubuntu PPA's (feature IPv6 connectivity)
  • I use a netcup IPv6 setup
  • Currently IPv4 is routed via DNAT over eth0, work's fine (NO BRIDGE)
  • My host machine gots working IPv6 at prefix::1/64

I've read up a really long list of literature about IPv6 and how to solve this problem with several virtual machines, but couldn't come to a working, sane setup yet. So, what'd do I do now to get my LXC machines connected with IPv6?

  1. Enable IPv6 net forwarding
  2. Either
    • Assign each container a valid address in the /64 subnet (this does not work for me?)
    • Host a gateway at prefix::1 and use (e.g) radvd for automagic configuration (didn't work either)
Fohlen
  • 21
  • 2

2 Answers2

0

In the IPv4 world it is fine, if you just to hide everything behind a NAT - and that is why connectivity works for IPv4 addresses.

But as you have no doubt read NAT is basically not a thing in the IPv6 world, because why should it? There are plenty of available IPv6 adresses.

However: If you have only been assigned a single /64 subnet it gets a bit complicated, since all kinds of stuff breaks if you try to make smaller subnets out of it.

For starters SLAAC and EUI-64 is the new way of assigning IPv6 address to clients that have non-static IPv6 adresses and is contructed the hardware address for the network interface.

Long story short:

You need at least an additional /64 subnet routed to your machine that you can use to assign ipv6 addresses to all containers inside your LXC server.

That should not be a big issue, since companies can easily get a dedicated /48 subnet, which can be splitted into 65536 diffrent /64 subnets and I have seen several ISPs handing out at minimum a /56 subnets to their customers home, which can be split up into 256 /64 subnets.

Lasse Michael Mølgaard
  • 947
  • 10
  • 27
0

Your external access on IPv6 may be restricted to a single IP address. Normally you would be provided with one or more /64 subnets for internal use. These would be advertised by one or more radvd servers on your local network. You will need to check with your IP provider to see what mechanism to use, and which subnets are assigned to you.

IPv6 clients usually self configure if they receive router advertisements. If you require static IPv6 addresses for some servers, you will configure those yourself. This can be done with a stanza in /etc/network/interfaces.

Do consider using a firewall builder such as shorewall6 to build the firewall. It should be able to make the appropriate kernel configuration adjustments to forward your traffic appropriately.

BillThor
  • 27,737
  • 3
  • 37
  • 69