Hello,
I have 2 networks on my lxc and I used IPv6 for them and first IPv6 is global route address from https://route48.org/
and second IPv6 is overlay network from https://yggdrasil-network.github.io/ (there no WAN access outside Yggdrasil network)
I add the networks like the following
1- change IPv6 of lxdbr0 to 2a06:a003:e034:37ad::1/64 (that work fine and every container get global route address)
lxc network set lxdbr0 ipv6.address=2a06:a003:e034:37ad::1/64 ipv6.nat=false ipv6.dhcp.stateful=true
2- created new network named yggbr0 and I gave it the address 300:e3b0:79ba:c5f::1/64
the issue is r48 (route48) address appear and work fine but my container didn’t get Yggdrasil address
Is it possible to assign 2 address to same profile (which will give automaticlly assign address to containers) and make r48 (use ::/0 prefix) more important then yggdrasil (use 200:/7 prefix)?
~$ lxc ls
+-------------+---------+----------------------+------------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-------------+---------+----------------------+------------------------------------------------+-----------+-----------+
| hello-world | RUNNING | 10.157.24.100 (eth0) | 2a06:a003:e034:37ad:5534:428b:6b74:e206 (eth0) | CONTAINER | 0 |
+-------------+---------+----------------------+------------------------------------------------+-----------+-----------+
When you run lxc network attach-profile what this does is to create a new NIC device in that profile.
As you already had an eth0 NIC device connected to lxdbr0 in the default profile, the command will have added an eth1 NIC connected to yggbr0.
However LXD instance images by default do not come with network configuration to perform automatic address configuration for any other NIC aside from eth0.
This is likely why you are not seeing eth1 getting configured, because you’re also requiring IPv6 DHCP stateful configuration (although you’ve not explained why you’re not using the default RA SLAAC for auto configuration).
To confirm this please show output of ip -6 a and ip -6 r from inside the instance.
An additional point you need to consider is that with RA SLAAC or stateful DHCPv6 you are going to end up with 2 default routes in the current setup. One route will go via lxdbr0 and the other via
yggbr0.
I think you’ll need to use the raw.dnsmasq option (see Bridge network - LXD documentation) on yggbr0 to instruct dnsmasq not to announce a default route. Although I don’t have the specific configuration required for dnsmasq to hand right now.
I’m not clear how you’re expecting this to get configured as a route inside the instances. I expect this will need to be setup manually inside each container, unless you can also add this as a route advert using raw.dnsmasq.
you are correct I got eth0 and eth1 inside each instances
but only eth0 get IPv6 address and eth1 didn’t get anythin
root@hello-world:~# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2a06:a003:e034:37ad:5534:428b:6b74:e206/128 scope global dynamic noprefixroute
valid_lft 3015sec preferred_lft 3015sec
inet6 fe80::216:3eff:fed9:81bb/64 scope link
valid_lft forever preferred_lft forever
9: eth1@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::216:3eff:fe6a:31c9/64 scope link
valid_lft forever preferred_lft forever
root@hello-world:~# ip -6 r
300:e3b0:79ba:c5f::/64 dev eth1 proto kernel metric 256 expires 3523sec pref medium
2a06:a003:e034:37ad::/64 dev eth0 proto ra metric 100 expires 3266sec pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fe80::216:3eff:fe06:843 dev eth0 proto ra metric 100 expires 1466sec mtu 1500 pref medium
default via fe80::216:3eff:fe6d:53df dev eth1 proto ra metric 1024 expires 1723sec hoplimit 64 pref medium
then ping specific address (like my desktop) using eth1 instance that will work:
# ping6 -I eth1 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc
PING 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc(200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc) from 300:e3b0:79ba:c5f::3 eth1: 56 data bytes
64 bytes from 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc: icmp_seq=1 ttl=63 time=11.4 ms
64 bytes from 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc: icmp_seq=2 ttl=63 time=8.77 ms
64 bytes from 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc: icmp_seq=3 ttl=63 time=8.15 ms
64 bytes from 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc: icmp_seq=4 ttl=63 time=12.2 ms
64 bytes from 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc: icmp_seq=5 ttl=63 time=16.1 ms
64 bytes from 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc: icmp_seq=6 ttl=63 time=8.15 ms
64 bytes from 200:eeda:7987:d0ed:a9fb:1ebb:f9b:a0fc: icmp_seq=7 ttl=63 time=12.2 ms
but I cannot ping the address without specify the interface
also I try to set address for yggbr0 to 200::/7 (ex. 300:e3b0:79ba:c5f::1/7)
after set yggbr0 to 200::/7 it got disappear from route list for my instances even after restart the machine
ubuntu@ubuntu:~$ lxc network set yggbr0 ipv6.address=300:e3b0:79ba:c5f::1/7 ipv6.nat=false ipv6.dhcp.stateful=true
ubuntu@ubuntu:~$ lxc network list
+--------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | STATE |
+--------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| eth0 | physical | NO | | | | 0 | |
+--------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| lxdbr0 | bridge | YES | 10.157.24.1/24 | 2a06:a003:e034:37ad::1/64 | | 3 | CREATED |
+--------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| wlan0 | physical | NO | | | | 0 | |
+--------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| yggbr0 | bridge | YES | 10.192.247.1/24 | 300:e3b0:79ba:c5f::1/7 | | 3 | CREATED |
+--------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
ubuntu@ubuntu:~$ lxc shell hello-world
root@hello-world:~# ip -6 r
2a06:a003:e034:37ad::/64 dev eth0 proto ra metric 100 expires 3331sec pref medium
2a06:a003:e034:37ad::/64 dev eth0 proto kernel metric 256 expires 3286sec pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fe80::216:3eff:fe06:843 dev eth0 proto ra metric 100 expires 1531sec mtu 1500 pref medium
default via fe80::216:3eff:fe06:843 dev eth0 proto ra metric 1024 expires 1486sec hoplimit 64 pref medium
root@hello-world:~#
Because one is added statically kernel I think and the other is from a router-advertisement ra.
Also, can you see that you have 2 default gateways:
default via fe80::216:3eff:fe06:843 dev eth0 proto ra metric 100 expires 1531sec mtu 1500 pref medium
default via fe80::216:3eff:fe06:843 dev eth0 proto ra metric 1024 expires 1486sec hoplimit 64 pref medium
This is what I mentioned above, you’ll need to decide which one is to be your default gateway and disable IPv6 router announcements (or configure the container to not accept them) on the other.
You can use this instance config settings to instruct the instance to accept IPv6 RAs for SLAAC and routes but not for the default route:
eth1 was shown in routes before I change yggbr0 prefix to 300:e3b0:79ba:c5f::1/7
root@hello-world:~# ip -6 r
300:e3b0:79ba:c5f::/64 dev eth1 proto kernel metric 256 expires 3523sec pref medium
Is it bug that hide it from routes?
I didn’t do anything and now the duplicated route gone
# ip -6 r
2a06:a003:e034:37ad::/64 dev eth0 proto ra metric 100 expires 3334sec pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fe80::216:3eff:fe06:843 dev eth0 proto ra metric 100 expires 1534sec mtu 1500 pref medium
