Sorry... Long quote of my own post with no snip. Too much is relevant... On Sun, 2010-01-24 at 23:43 -0500, Michael H. Warfield wrote: > On Mon, 2010-01-25 at 02:18 +0100, Michael Holzt wrote: > > : - snip > > > I haven't played with ipv6 for some years, but i'm sure that your > > problems can be fixed without much work. For starters i would try > > something like this: > > > interface foo inet6 manual > > pre-up ifconfig foo up > > Well, it was a good shot. But, unfortunately, all for naught. It still > no workie. > > The Debian container: > > eth0 Link encap:Ethernet HWaddr 00:04:08:01:02:40 > inet addr:172.20.38.130 Bcast:172.20.38.255 Mask:255.255.255.0 > inet6 addr: fe80::204:8ff:fe01:240/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:246 errors:0 dropped:0 overruns:0 frame:0 > TX packets:186 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:21383 (21.3 KB) TX bytes:23934 (23.9 KB) > > The Fedora container: > > eth0 Link encap:Ethernet HWaddr 00:04:08:01:02:0A > inet addr:172.20.38.131 Bcast:172.20.38.255 Mask:255.255.255.0 > inet6 addr: 2001:4830:3000:8202:204:8ff:fe01:20a/64 Scope:Global > inet6 addr: fe80::204:8ff:fe01:20a/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:127 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:12396 (12.1 KiB) TX bytes:1008 (1008.0 b)
> I DON'T understand this. It makes NO sense to me. At that point > EVERYTHING SHOULD BE under control of the kernel. But... Somehow the > Debian configuration fails, even if I restart the routing daemon and > re-advertise those routes. At that point, everything should just > autoconf with no action from the user space at all. > There is one other very important weirdism. IPv6 stateless autoconf, by > design and by intent, is disabled if IPv6 forwarding is enabled in the > kernel (remember too, this is a 2.6.30 kernel) and these containers are > residing on a machine acting as an IPv6 router (recurse back to my > earlier comments about very complex configurations and routing) although > they, themselves are not routers. The host machine is running a routing > advertisement daemon (zebra) providing IPv6 routes. That host routes to > and from REAL IPv6 networks as well as these virtual containers as well. > In the host sysctl.conf: > net.ipv6.conf.all.forwarding = 1 > Confirmed by: > [r...@complex ~]# cat /proc/sys/net/ipv6/conf/all/forwarding > 1 > In the Fedora container, I have not hat to set that to 0 but... > [r...@alcove ~]# cat /proc/sys/net/ipv6/conf/all/forwarding > 0 > Like magic. And there it works. > In the Debian container, it was NOT showing up as 1 but 0. So I set it > in /etc/sysctl.conf. Now... > r...@ubuntu:~# cat /proc/sys/net/ipv6/conf/all/forwarding > 0 > And there it still doesn't work. What is the difference? Why doesn't > it work properly with Debian? These containers are running side by side > in the same host environment (re-enforcing some relevance to the > lxc-devel topic). This has been frustrating me for ttttoooo long, and I had to get to the bottom of it. It's something on the kernel level and it had to be resolvable, I just don't understand why it's peculiar to the Debian containers. FOUND IT! [r...@alcove ~]# cat /proc/sys/net/ipv6/conf/all/accept_ra 1 r...@ubuntu:~# cat /proc/sys/net/ipv6/conf/all/accept_ra 0 That's what was killing me and blocking autoconf in Debian. I set that to 1 for all and for eth0 and it all magically starts working. Leaves unresolved why this is required in the Debian containers and NOT in the Fedora containers but someone else can worry about that while I integrate this into my container "hacks". This is what I had to add to the container /etc/sysctl.conf to make this all work: net.ipv6.conf.all.forwarding=0 net.ipv6.conf.all.accept_ra=1 net.ipv6.conf.default.accept_ra=1 net.ipv6.conf.eth0.accept_ra=1 Had to add all of them. Leave any one of them out and it fails (which probably means, if there is an eth1 or eth2, they need to be there as well... Gag...) Which begs a question (not "begs the question" which is a logical conundrum of a different sort)... WHY is this necessary in Debian containers and not at all in Fedora containers? Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
