Am Sonntag, den 28.03.2021, 20:33 +0200 schrieb Wido den Hollander: > > On 26/03/2021 20:56, Stephan Seitz wrote: > > Wido, thank's a lot! > > > > I just had to look into the db. The correctly calculated SLAAC is > > already there. > > > > Double-check: The API and UI do show an IPv6 address for the NIC? > > It's then up to you to make sure the Routers in the (shared) > network > send out the proper Router Advertisements. > > Also check on the hypervisor with 'ip6tables-save' and ipset to see > if > all the IPs have been programmed properly into the security groups. > > Should just work. We have been using this code for years now. > > Wido
I was a little puzzled due to the new UI. Indeed, it is shown in the UI. I didn't check UI and API at first because of the outdated 4.11 docs which mentioned dhcp6. My fault and poor media literacy :) To summarize: Your code works well and everything is configured (and shown) as it should, I just tried the wrong approach with dhcp and didn't look out of the box. Anyway, thanks for pointing me to SLAAC! Stephan > > Sorry for the noise! > > > > Stephan > > > > Am Freitag, den 26.03.2021, 20:28 +0100 schrieb Wido den Hollander: > > > On 26/03/2021 20:23, Stephan Seitz wrote: > > > > Hi! > > > > > > > > I've recently deployed 4.15.0 Advanced Zone with CentOS 8 kvm > > > > hosts > > > > and > > > > classic linux bridges. I do know that CentOS 7 is preferred, > > > > but > > > > with > > > > some initial tweaks here and there, i'ld say it's working quite > > > > well. > > > > > > > > > > VLAN or VXLAN? > > > > small scale, so VLAN fits very well (just for the record) > > > > Currently, I'm trying to use IPv6 on shared networks. I'd > > > > learned > > > > that > > > > IPv6 only does not work, so I switched to IPv6 plus RFC 1918 > > > > IPv4 > > > > natted at the outer gateway. IPv4 is not a requirement, but if > > > > it's > > > > necessary to add, it doesn't harm. > > > > > > > > > > Yes. IPv4 is still needed and RFC1918 is just fine. Cloud-init > > > works > > > over IPv4. It's a lot of work to get rid of IPv4 in CloudStack. > > > > > > I'm a big IPv6 fan (wrote a lot of the code in CS), but I didn't > > > bother > > > getting rid of IPv4. Not a real use-case for v6-only just yet. > > > > > > > The IPv4 addresses of the deployed hosts are provided by the > > > > virtual > > > > router as expected. > > > > > > > > My problem is: I don't get any dhcp6 lease out of the VR. I dug > > > > with > > > > tcpdump on the host and VR. I see the solicit message arriving, > > > > but > > > > no > > > > answering advertise message. I've tried almost everything at > > > > the > > > > host: > > > > accepting RA, Autoconf, selectively disabling these. Also > > > > modifying > > > > the > > > > dhcpv6 duid as seen on some 4.11 docs didn't change anything. > > > > > > > > > > IPv6 does not work with DHCPv6. You should see that when the IPv6 > > > CIDR > > > is set properly for the shared network in the database that > > > CloudStack > > > calculates/generates the IPv6 address the Instance should obtain > > > through > > > SLAAC (without privacy addresses!) > > > > > > When that works you have security grouping also working. It then > > > filters > > > on source addresses from VMs and such. > > > > > > We have thousands of VMs connected with IPv6 this way. > > > > > > Wido > > > > > > > Best case is, that I'm stuck with hosts correctly configured by > > > > the > > > > router advertisement, but ACS doesn't know about it. So > > > > subsequently i > > > > can't add records to the respective DNS Zones. > > > > > > > > Alternatively, I could skip ACS and add the provable eui-64 > > > > addresses > > > > to the zone, but I'ld like to avoid that. > > > > > > > > After a few uneducated peeks into the VR's dnsmasq > > > > configuration, I > > > > cannot spot any setting for providing dhcp6 leases. > > > > > > > > Initially I've deployed the 4.15.0 systemvmtemplate downloaded > > > > from > > > > http://download.cloudstack.org/systemvm/4.15/ > > > > Right now, I've switched to the 4.15.1 from the same location, > > > > but > > > > that > > > > didn't change anything. > > > > > > > > I've also tried switching the Zone from internal DNS to > > > > external > > > > DNS > > > > and vice versa (these are identical, except the internal DNS is > > > > also > > > > equipped with the respective IPv6 addresses, which obviously > > > > cannot > > > > be > > > > added to the external DNS). That didn't change anything either. > > > > > > > > So, I'ld like to ask for any advise. > > > > > > > > Thanks in advance! > > > > > > > > Stephan > > > > > > > >
