Ah can you also provide ip -6 r from the host and container please.
Although I think I can already see the issue. You cannot have 2a01:abcd:abcd:abcd::2/64 defined on both enp41s0 and lxdbr0. As that will create 2 routes for 2a01:abcd:abcd:abcd::/64 one going out of enp41s0 and the other going out of lxdbr0. When you ping an IP in the subnet which interface will the host use? (Hint: there’s no happy answer here :))
This has come up in the past and you’ve got a couple of options:
-
Remove the IPs from
enp41s0and move them to an unmanaged bridge such asbr0(e.g. using Netplan | Backend-agnostic network configuration in YAML) and then get your containers to directly attach to the external network usinglxc config device add <instance> <eth0> nic nictype=bridged parent=br0. This will then rely on the external network’s DHCP/SLAAC and DNS services (if they exist). It will also mean that each instance will get its own MAC address, which may be restricted by Hetzner’s network. -
Use a routed approach. As it sounds like you have the whole /64 routed to your LXD host directly without the need for NDP proxying. You could just take a single IP from the /64 subnet and assign it to
enp41s0with a /128 subnet (so it doesn’t add any routes to the host). Then pick a different IP for thelxdbr0interface’s IP and use the /64 subnet. This way you’ll only have one /64 route on the LXD host for your subnet (going down lxdbr0) and the host should still respond to its own IP onenp41s0. That way LXD will provide DHCP/SLAAC and DNS services forlxdbr0as it is solely responsible for the subnet. And all packets leaving the host will use the host’s external interface MAC address.