IPv6 Addresses again. Same setup, different distro - Incus 6.0.x on Alpine 3.20

michacassola · October 11, 2024, 2:58pm

I am having problems with IPv6 addresses again.

I have setup incus 6.0.x a very similar way as I used to do in Ubuntu with LXD, now on Alpine latest stable.
Unfortunately the IPv6 address in the container is not universally routable. It cannot be reached from the outside.

As mentioned a similar setup on an old Ubuntu machine works.
What have I overlooked?

# incus admin init --dump
config:
  images.auto_update_interval: "0"
networks:
- config:
    ipv4.address: 10.0.0.1/9
    ipv4.nat: "true"
    ipv6.address: 2000:SOMEIPV6::2/64
    ipv6.dhcp: "false"
    ipv6.nat: "false"
    ipv6.routing: "true"
  description: ""
  name: incusbr0
  type: bridge
  project: default
storage_pools:
- config:
    source: zpool/cnt/base-pool
    volatile.initial_source: zpool/cnt/base-pool
    zfs.pool_name: zpool/cnt/base-pool
  description: ""
  name: base-pool
  driver: zfs
profiles:
- config: {}
  description: Default Incus profile
  devices:
    eth0:
      name: eth0
      network: incusbr0
      type: nic
    root:
      path: /
      pool: base-pool
      type: disk
  name: default
projects:
- config:
    features.images: "true"
    features.networks: "true"
    features.networks.zones: "true"
    features.profiles: "true"
    features.storage.buckets: "true"
    features.storage.volumes: "true"
  description: Default Incus project
  name: default

The kernel is also setup to allow forwarding, here a complete sysctl -a:

abi.vsyscall32 = 1
debug.exception-trace = 1
debug.kprobes-optimization = 1
dev.cdrom.autoclose = 1
dev.cdrom.autoeject = 0
dev.cdrom.check_media = 0
dev.cdrom.debug = 0
dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17
dev.cdrom.info = 
dev.cdrom.info = drive name:            sr0
dev.cdrom.info = drive speed:           4
dev.cdrom.info = drive # of slots:      1
dev.cdrom.info = Can close tray:                1
dev.cdrom.info = Can open tray:         1
dev.cdrom.info = Can lock tray:         1
dev.cdrom.info = Can change speed:      1
dev.cdrom.info = Can select disk:       0
dev.cdrom.info = Can read multisession: 1
dev.cdrom.info = Can read MCN:          1
dev.cdrom.info = Reports media changed: 1
dev.cdrom.info = Can play audio:                1
dev.cdrom.info = Can write CD-R:                0
dev.cdrom.info = Can write CD-RW:       0
dev.cdrom.info = Can read DVD:          1
dev.cdrom.info = Can write DVD-R:       0
dev.cdrom.info = Can write DVD-RAM:     0
dev.cdrom.info = Can read MRW:          1
dev.cdrom.info = Can write MRW:         1
dev.cdrom.info = Can write RAM:         1
dev.cdrom.info = 
dev.cdrom.info = 
dev.cdrom.lock = 1
dev.hpet.max-user-freq = 64
dev.raid.speed_limit_max = 200000
dev.raid.speed_limit_min = 1000
dev.scsi.logging_level = 0
dev.tty.ldisc_autoload = 0
dev.tty.legacy_tiocsti = 1
fs.aio-max-nr = 65536
fs.aio-nr = 1
fs.dentry-state = 40643 37283   45      0       1299    0
fs.epoll.max_user_watches = 1798455
fs.fanotify.max_queued_events = 16384
fs.fanotify.max_user_groups = 128
fs.fanotify.max_user_marks = 65448
fs.file-max = 807579
fs.file-nr = 576        0       807579
fs.inode-nr = 39427     243
fs.inode-state = 39427  243     0       0       0       0       0
fs.inotify.max_queued_events = 16384
fs.inotify.max_user_instances = 128
fs.inotify.max_user_watches = 61552
fs.lease-break-time = 45
fs.leases-enable = 1
fs.mount-max = 100000
fs.mqueue.msg_default = 10
fs.mqueue.msg_max = 10
fs.mqueue.msgsize_default = 8192
fs.mqueue.msgsize_max = 8192
fs.mqueue.queues_max = 256
fs.nr_open = 1048576
fs.overflowgid = 65534
fs.overflowuid = 65534
fs.pipe-max-size = 1048576
fs.pipe-user-pages-hard = 0
fs.pipe-user-pages-soft = 16384
fs.protected_fifos = 0
fs.protected_hardlinks = 0
fs.protected_regular = 0
fs.protected_symlinks = 0
fs.quota.allocated_dquots = 0
fs.quota.cache_hits = 0
fs.quota.drops = 0
fs.quota.free_dquots = 0
fs.quota.lookups = 0
fs.quota.reads = 0
fs.quota.syncs = 0
fs.quota.writes = 0
fs.suid_dumpable = 0
fs.verity.require_signatures = 0
kernel.acct = 4 2       30
kernel.acpi_video_flags = 0
kernel.arch = x86_64
kernel.auto_msgmni = 0
kernel.bootloader_type = 208
kernel.bootloader_version = 0
kernel.bpf_stats_enabled = 0
kernel.cad_pid = 1
kernel.cap_last_cap = 40
kernel.core_pattern = core
kernel.core_pipe_limit = 0
kernel.core_uses_pid = 0
kernel.ctrl-alt-del = 0
kernel.dmesg_restrict = 1
kernel.domainname = (none)
kernel.firmware_config.force_sysfs_fallback = 0
kernel.firmware_config.ignore_sysfs_fallback = 0
kernel.ftrace_dump_on_oops = 0
kernel.ftrace_enabled = 1
kernel.hardlockup_all_cpu_backtrace = 0
kernel.hardlockup_panic = 0
kernel.hostname = cs0002
kernel.hotplug = /sbin/mdev
kernel.io_delay_type = 0
kernel.io_uring_disabled = 0
kernel.io_uring_group = -1
kernel.kexec_load_disabled = 1
kernel.kexec_load_limit_panic = -1
kernel.kexec_load_limit_reboot = -1
kernel.keys.gc_delay = 300
kernel.keys.maxbytes = 20000
kernel.keys.maxkeys = 200
kernel.keys.root_maxbytes = 25000000
kernel.keys.root_maxkeys = 1000000
kernel.kptr_restrict = 0
kernel.latencytop = 0
kernel.max_lock_depth = 1024
kernel.max_rcu_stall_to_panic = 0
kernel.modprobe = /sbin/modprobe
kernel.modules_disabled = 0
kernel.msg_next_id = -1
kernel.msgmax = 8192
kernel.msgmnb = 16384
kernel.msgmni = 32000
kernel.ngroups_max = 65536
kernel.nmi_watchdog = 0
kernel.ns_last_pid = 3348
kernel.oops_all_cpu_backtrace = 0
kernel.oops_limit = 10000
kernel.osrelease = 6.6.54-0-lts
kernel.ostype = Linux
kernel.overflowgid = 65534
kernel.overflowuid = 65534
kernel.panic = 0
kernel.panic_on_io_nmi = 0
kernel.panic_on_oops = 0
kernel.panic_on_rcu_stall = 0
kernel.panic_on_unrecovered_nmi = 0
kernel.panic_on_warn = 0
kernel.panic_print = 0
kernel.perf_cpu_time_max_percent = 25
kernel.perf_event_max_contexts_per_stack = 8
kernel.perf_event_max_sample_rate = 100000
kernel.perf_event_max_stack = 127
kernel.perf_event_mlock_kb = 516
kernel.perf_event_paranoid = 2
kernel.pid_max = 32768
kernel.poweroff_cmd = /sbin/poweroff
kernel.print-fatal-signals = 0
kernel.printk = 4       4       1       7
kernel.printk_delay = 0
kernel.printk_devkmsg = ratelimit
kernel.printk_ratelimit = 5
kernel.printk_ratelimit_burst = 10
kernel.pty.max = 4096
kernel.pty.nr = 2
kernel.pty.reserve = 1024
kernel.random.boot_id = a94c2400-7e0d-4d4e-a366-752886afe377
kernel.random.entropy_avail = 256
kernel.random.poolsize = 256
kernel.random.urandom_min_reseed_secs = 60
kernel.random.uuid = d44fab97-b98b-49f7-a230-f5575d8ead09
kernel.random.write_wakeup_threshold = 256
kernel.randomize_va_space = 2
kernel.real-root-dev = 0
kernel.sched_autogroup_enabled = 1
kernel.sched_cfs_bandwidth_slice_us = 5000
kernel.sched_child_runs_first = 0
kernel.sched_deadline_period_max_us = 4194304
kernel.sched_deadline_period_min_us = 100
kernel.sched_rr_timeslice_ms = 100
kernel.sched_rt_period_us = 1000000
kernel.sched_rt_runtime_us = 950000
kernel.sched_schedstats = 0
kernel.seccomp.actions_avail = kill_process kill_thread trap errno user_notif trace log allow
kernel.seccomp.actions_logged = kill_process kill_thread trap errno user_notif trace log
kernel.sem = 32000      1024000000      500     32000
kernel.sem_next_id = -1
kernel.shm_next_id = -1
kernel.shm_rmid_forced = 0
kernel.shmall = 18446744073692774399
kernel.shmmax = 18446744073692774399
kernel.shmmni = 4096
kernel.soft_watchdog = 1
kernel.softlockup_all_cpu_backtrace = 0
kernel.softlockup_panic = 0
kernel.spl.gitrev = zfs-2.2.5-0-g33174af15-dist
kernel.spl.hostid = bab10c
kernel.spl.kmem.slab_kvmem_alloc = 41230592
kernel.spl.kmem.slab_kvmem_max = 49619200
kernel.spl.kmem.slab_kvmem_total = 55255232
kernel.split_lock_mitigate = 1
kernel.stack_erasing = 1
kernel.sysctl_writes_strict = 1
kernel.sysrq = 1
kernel.tainted = 4097
kernel.task_delayacct = 0
kernel.threads-max = 63117
kernel.timer_migration = 1
kernel.traceoff_on_warning = 0
kernel.tracepoint_printk = 0
kernel.unknown_nmi_panic = 0
kernel.unprivileged_bpf_disabled = 2
kernel.usermodehelper.bset = 4294967295 511
kernel.usermodehelper.inheritable = 4294967295  511
kernel.version = #1-Alpine SMP PREEMPT_DYNAMIC 2024-10-04 16:47:58
kernel.warn_limit = 0
kernel.watchdog = 1
kernel.watchdog_cpumask = 0-3
kernel.watchdog_thresh = 10
kernel.yama.ptrace_scope = 1
net.core.bpf_jit_enable = 1
net.core.bpf_jit_harden = 0
net.core.bpf_jit_kallsyms = 1
net.core.bpf_jit_limit = 528482304
net.core.busy_poll = 0
net.core.busy_read = 0
net.core.default_qdisc = pfifo_fast
net.core.dev_weight = 64
net.core.dev_weight_rx_bias = 1
net.core.dev_weight_tx_bias = 1
net.core.devconf_inherit_init_net = 0
net.core.fb_tunnels_only_for_init_net = 0
net.core.flow_limit_cpu_bitmap = 0
net.core.flow_limit_table_len = 4096
net.core.gro_normal_batch = 8
net.core.high_order_alloc_disable = 0
net.core.max_skb_frags = 17
net.core.mem_pcpu_rsv = 256
net.core.message_burst = 10
net.core.message_cost = 5
net.core.netdev_budget = 300
net.core.netdev_budget_usecs = 6666
net.core.netdev_max_backlog = 1000
net.core.netdev_rss_key = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
net.core.netdev_tstamp_prequeue = 1
net.core.netdev_unregister_timeout_secs = 10
net.core.optmem_max = 20480
net.core.rmem_default = 212992
net.core.rmem_max = 212992
net.core.rps_default_mask = 0
net.core.rps_sock_flow_entries = 0
net.core.skb_defer_max = 64
net.core.somaxconn = 4096
net.core.tstamp_allow_data = 1
net.core.txrehash = 1
net.core.warnings = 0
net.core.wmem_default = 212992
net.core.wmem_max = 212992
net.core.xfrm_acq_expires = 30
net.core.xfrm_aevent_etime = 10
net.core.xfrm_aevent_rseqth = 2
net.core.xfrm_larval_drop = 1
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_evict_nocarrier = 1
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bc_forwarding = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.drop_gratuitous_arp = 0
net.ipv4.conf.all.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.all.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.all.ignore_routes_with_linkdown = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.route_localnet = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_evict_nocarrier = 1
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bc_forwarding = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.drop_gratuitous_arp = 0
net.ipv4.conf.default.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.default.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.default.ignore_routes_with_linkdown = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.route_localnet = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.eth0.accept_local = 0
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.accept_source_route = 1
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_evict_nocarrier = 1
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_notify = 0
net.ipv4.conf.eth0.bc_forwarding = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.drop_gratuitous_arp = 0
net.ipv4.conf.eth0.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.eth0.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.eth0.ignore_routes_with_linkdown = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.promote_secondaries = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.route_localnet = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.secure_redirects = 1
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.src_valid_mark = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.incusbr0.accept_local = 0
net.ipv4.conf.incusbr0.accept_redirects = 1
net.ipv4.conf.incusbr0.accept_source_route = 1
net.ipv4.conf.incusbr0.arp_accept = 0
net.ipv4.conf.incusbr0.arp_announce = 0
net.ipv4.conf.incusbr0.arp_evict_nocarrier = 1
net.ipv4.conf.incusbr0.arp_filter = 0
net.ipv4.conf.incusbr0.arp_ignore = 0
net.ipv4.conf.incusbr0.arp_notify = 0
net.ipv4.conf.incusbr0.bc_forwarding = 0
net.ipv4.conf.incusbr0.bootp_relay = 0
net.ipv4.conf.incusbr0.disable_policy = 0
net.ipv4.conf.incusbr0.disable_xfrm = 0
net.ipv4.conf.incusbr0.drop_gratuitous_arp = 0
net.ipv4.conf.incusbr0.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.incusbr0.force_igmp_version = 0
net.ipv4.conf.incusbr0.forwarding = 1
net.ipv4.conf.incusbr0.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.incusbr0.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.incusbr0.ignore_routes_with_linkdown = 0
net.ipv4.conf.incusbr0.log_martians = 0
net.ipv4.conf.incusbr0.mc_forwarding = 0
net.ipv4.conf.incusbr0.medium_id = 0
net.ipv4.conf.incusbr0.promote_secondaries = 0
net.ipv4.conf.incusbr0.proxy_arp = 0
net.ipv4.conf.incusbr0.proxy_arp_pvlan = 0
net.ipv4.conf.incusbr0.route_localnet = 0
net.ipv4.conf.incusbr0.rp_filter = 0
net.ipv4.conf.incusbr0.secure_redirects = 1
net.ipv4.conf.incusbr0.send_redirects = 1
net.ipv4.conf.incusbr0.shared_media = 1
net.ipv4.conf.incusbr0.src_valid_mark = 0
net.ipv4.conf.incusbr0.tag = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_evict_nocarrier = 1
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bc_forwarding = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.drop_gratuitous_arp = 0
net.ipv4.conf.lo.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.lo.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.lo.ignore_routes_with_linkdown = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.route_localnet = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.vethf5ebd376.accept_local = 0
net.ipv4.conf.vethf5ebd376.accept_redirects = 1
net.ipv4.conf.vethf5ebd376.accept_source_route = 1
net.ipv4.conf.vethf5ebd376.arp_accept = 0
net.ipv4.conf.vethf5ebd376.arp_announce = 0
net.ipv4.conf.vethf5ebd376.arp_evict_nocarrier = 1
net.ipv4.conf.vethf5ebd376.arp_filter = 0
net.ipv4.conf.vethf5ebd376.arp_ignore = 0
net.ipv4.conf.vethf5ebd376.arp_notify = 0
net.ipv4.conf.vethf5ebd376.bc_forwarding = 0
net.ipv4.conf.vethf5ebd376.bootp_relay = 0
net.ipv4.conf.vethf5ebd376.disable_policy = 0
net.ipv4.conf.vethf5ebd376.disable_xfrm = 0
net.ipv4.conf.vethf5ebd376.drop_gratuitous_arp = 0
net.ipv4.conf.vethf5ebd376.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.vethf5ebd376.force_igmp_version = 0
net.ipv4.conf.vethf5ebd376.forwarding = 1
net.ipv4.conf.vethf5ebd376.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.vethf5ebd376.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.vethf5ebd376.ignore_routes_with_linkdown = 0
net.ipv4.conf.vethf5ebd376.log_martians = 0
net.ipv4.conf.vethf5ebd376.mc_forwarding = 0
net.ipv4.conf.vethf5ebd376.medium_id = 0
net.ipv4.conf.vethf5ebd376.promote_secondaries = 0
net.ipv4.conf.vethf5ebd376.proxy_arp = 0
net.ipv4.conf.vethf5ebd376.proxy_arp_pvlan = 0
net.ipv4.conf.vethf5ebd376.route_localnet = 0
net.ipv4.conf.vethf5ebd376.rp_filter = 0
net.ipv4.conf.vethf5ebd376.secure_redirects = 1
net.ipv4.conf.vethf5ebd376.send_redirects = 1
net.ipv4.conf.vethf5ebd376.shared_media = 1
net.ipv4.conf.vethf5ebd376.src_valid_mark = 0
net.ipv4.conf.vethf5ebd376.tag = 0
net.ipv4.fib_multipath_hash_fields = 7
net.ipv4.fib_multipath_hash_policy = 0
net.ipv4.fib_multipath_use_neigh = 0
net.ipv4.fib_notify_on_flag_change = 0
net.ipv4.fib_sync_mem = 524288
net.ipv4.fwmark_reflect = 0
net.ipv4.icmp_echo_enable_probe = 0
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_msgs_burst = 50
net.ipv4.icmp_msgs_per_sec = 1000
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.igmp_link_local_mcast_reports = 1
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.igmp_qrv = 2
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_threshold = 65664
net.ipv4.ip_autobind_reuse = 0
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_dynaddr = 0
net.ipv4.ip_early_demux = 1
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_local_port_range = 32768    60999
net.ipv4.ip_local_reserved_ports = 
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ip_unprivileged_port_start = 1024
net.ipv4.ipfrag_high_thresh = 4194304
net.ipv4.ipfrag_low_thresh = 3145728
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 0
net.ipv4.ipfrag_time = 30
net.ipv4.neigh.default.anycast_delay = 99
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.interval_probe_time_ms = 5000
net.ipv4.neigh.default.locktime = 99
net.ipv4.neigh.default.mcast_resolicit = 0
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 79
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.retrans_time = 99
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 101
net.ipv4.neigh.default.unres_qlen_bytes = 212992
net.ipv4.neigh.eth0.anycast_delay = 99
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.base_reachable_time = 30
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.interval_probe_time_ms = 5000
net.ipv4.neigh.eth0.locktime = 99
net.ipv4.neigh.eth0.mcast_resolicit = 0
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.eth0.proxy_delay = 79
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.retrans_time = 99
net.ipv4.neigh.eth0.retrans_time_ms = 1000
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.unres_qlen = 101
net.ipv4.neigh.eth0.unres_qlen_bytes = 212992
net.ipv4.neigh.incusbr0.anycast_delay = 99
net.ipv4.neigh.incusbr0.app_solicit = 0
net.ipv4.neigh.incusbr0.base_reachable_time = 30
net.ipv4.neigh.incusbr0.base_reachable_time_ms = 30000
net.ipv4.neigh.incusbr0.delay_first_probe_time = 5
net.ipv4.neigh.incusbr0.gc_stale_time = 60
net.ipv4.neigh.incusbr0.interval_probe_time_ms = 5000
net.ipv4.neigh.incusbr0.locktime = 99
net.ipv4.neigh.incusbr0.mcast_resolicit = 0
net.ipv4.neigh.incusbr0.mcast_solicit = 3
net.ipv4.neigh.incusbr0.proxy_delay = 79
net.ipv4.neigh.incusbr0.proxy_qlen = 64
net.ipv4.neigh.incusbr0.retrans_time = 99
net.ipv4.neigh.incusbr0.retrans_time_ms = 1000
net.ipv4.neigh.incusbr0.ucast_solicit = 3
net.ipv4.neigh.incusbr0.unres_qlen = 101
net.ipv4.neigh.incusbr0.unres_qlen_bytes = 212992
net.ipv4.neigh.lo.anycast_delay = 99
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.interval_probe_time_ms = 5000
net.ipv4.neigh.lo.locktime = 99
net.ipv4.neigh.lo.mcast_resolicit = 0
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 79
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 99
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 101
net.ipv4.neigh.lo.unres_qlen_bytes = 212992
net.ipv4.neigh.vethf5ebd376.anycast_delay = 99
net.ipv4.neigh.vethf5ebd376.app_solicit = 0
net.ipv4.neigh.vethf5ebd376.base_reachable_time = 30
net.ipv4.neigh.vethf5ebd376.base_reachable_time_ms = 30000
net.ipv4.neigh.vethf5ebd376.delay_first_probe_time = 5
net.ipv4.neigh.vethf5ebd376.gc_stale_time = 60
net.ipv4.neigh.vethf5ebd376.interval_probe_time_ms = 5000
net.ipv4.neigh.vethf5ebd376.locktime = 99
net.ipv4.neigh.vethf5ebd376.mcast_resolicit = 0
net.ipv4.neigh.vethf5ebd376.mcast_solicit = 3
net.ipv4.neigh.vethf5ebd376.proxy_delay = 79
net.ipv4.neigh.vethf5ebd376.proxy_qlen = 64
net.ipv4.neigh.vethf5ebd376.retrans_time = 99
net.ipv4.neigh.vethf5ebd376.retrans_time_ms = 1000
net.ipv4.neigh.vethf5ebd376.ucast_solicit = 3
net.ipv4.neigh.vethf5ebd376.unres_qlen = 101
net.ipv4.neigh.vethf5ebd376.unres_qlen_bytes = 212992
net.ipv4.nexthop_compat_mode = 1
net.ipv4.ping_group_range = 1   0
net.ipv4.raw_l3mdev_accept = 1
net.ipv4.route.error_burst = 1500
net.ipv4.route.error_cost = 300
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = -1
net.ipv4.route.gc_timeout = 300
net.ipv4.route.max_size = 2147483647
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
net.ipv4.route.mtu_expires = 600
net.ipv4.route.redirect_load = 6
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 6144
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_allowed_congestion_control = reno cubic
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_autocorking = 1
net.ipv4.tcp_available_congestion_control = reno cubic
net.ipv4.tcp_available_ulp = mptcp
net.ipv4.tcp_base_mss = 1024
net.ipv4.tcp_challenge_ack_limit = 2147483647
net.ipv4.tcp_child_ehash_entries = 0
net.ipv4.tcp_comp_sack_delay_ns = 1000000
net.ipv4.tcp_comp_sack_nr = 44
net.ipv4.tcp_comp_sack_slack_ns = 100000
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_early_demux = 1
net.ipv4.tcp_early_retrans = 3
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_ecn_fallback = 1
net.ipv4.tcp_ehash_entries = 65536
net.ipv4.tcp_fack = 0
net.ipv4.tcp_fastopen = 1
net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0
net.ipv4.tcp_fastopen_key = 87227d09-1f641aeb-2eff42b0-256fa30e
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_frto = 2
net.ipv4.tcp_fwmark_accept = 0
net.ipv4.tcp_invalid_ratelimit = 500
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_l3mdev_accept = 0
net.ipv4.tcp_limit_output_bytes = 1048576
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_max_reordering = 300
net.ipv4.tcp_max_syn_backlog = 512
net.ipv4.tcp_max_tw_buckets = 32768
net.ipv4.tcp_mem = 93486        124651  186972
net.ipv4.tcp_migrate_req = 0
net.ipv4.tcp_min_rtt_wlen = 300
net.ipv4.tcp_min_snd_mss = 48
net.ipv4.tcp_min_tso_segs = 2
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_mtu_probe_floor = 48
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_no_ssthresh_metrics_save = 1
net.ipv4.tcp_notsent_lowat = 4294967295
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_pacing_ca_ratio = 120
net.ipv4.tcp_pacing_ss_ratio = 200
net.ipv4.tcp_plb_cong_thresh = 128
net.ipv4.tcp_plb_enabled = 0
net.ipv4.tcp_plb_idle_rehash_rounds = 3
net.ipv4.tcp_plb_rehash_rounds = 12
net.ipv4.tcp_plb_suspend_rto_sec = 60
net.ipv4.tcp_probe_interval = 600
net.ipv4.tcp_probe_threshold = 8
net.ipv4.tcp_recovery = 1
net.ipv4.tcp_reflect_tos = 0
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_rmem = 4096        131072  6291456
net.ipv4.tcp_sack = 1
net.ipv4.tcp_shrink_window = 0
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_syn_linear_timeouts = 4
net.ipv4.tcp_syn_retries = 6
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tso_rtt_log = 9
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_tw_reuse = 2
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4096        16384   4194304
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.udp_child_hash_entries = 0
net.ipv4.udp_early_demux = 1
net.ipv4.udp_hash_entries = 4096
net.ipv4.udp_l3mdev_accept = 0
net.ipv4.udp_mem = 186975       249303  373950
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
net.ipv4.xfrm4_gc_thresh = 32768
net.ipv6.anycast_src_echo_reply = 0
net.ipv6.auto_flowlabels = 1
net.ipv6.bindv6only = 0
net.ipv6.conf.all.accept_dad = 0
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.all.accept_ra_defrtr = 1
net.ipv6.conf.all.accept_ra_from_local = 0
net.ipv6.conf.all.accept_ra_min_hop_limit = 1
net.ipv6.conf.all.accept_ra_min_lft = 0
net.ipv6.conf.all.accept_ra_mtu = 1
net.ipv6.conf.all.accept_ra_pinfo = 1
net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.all.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.all.accept_ra_rtr_pref = 1
net.ipv6.conf.all.accept_redirects = 1
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_untracked_na = 0
net.ipv6.conf.all.addr_gen_mode = 0
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.dad_transmits = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.all.disable_policy = 0
net.ipv6.conf.all.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.all.drop_unsolicited_na = 0
net.ipv6.conf.all.enhanced_dad = 1
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.force_tllao = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.ignore_routes_with_linkdown = 0
net.ipv6.conf.all.ioam6_enabled = 0
net.ipv6.conf.all.ioam6_id = 65535
net.ipv6.conf.all.ioam6_id_wide = 4294967295
net.ipv6.conf.all.keep_addr_on_down = 0
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.all.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.all.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.ndisc_evict_nocarrier = 1
net.ipv6.conf.all.ndisc_notify = 0
net.ipv6.conf.all.ndisc_tclass = 0
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.all.ra_defrtr_metric = 1024
net.ipv6.conf.all.regen_max_retry = 3
net.ipv6.conf.all.router_probe_interval = 60
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitation_max_interval = 3600
net.ipv6.conf.all.router_solicitations = -1
net.ipv6.conf.all.rpl_seg_enabled = 0
net.ipv6.conf.all.seg6_enabled = 0
net.ipv6.conf.all.seg6_require_hmac = 0
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error
net.ipv6.conf.all.suppress_frag_ndisc = 1
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.use_oif_addrs_only = 0
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.accept_dad = 1
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.default.accept_ra_defrtr = 1
net.ipv6.conf.default.accept_ra_from_local = 0
net.ipv6.conf.default.accept_ra_min_hop_limit = 1
net.ipv6.conf.default.accept_ra_min_lft = 0
net.ipv6.conf.default.accept_ra_mtu = 1
net.ipv6.conf.default.accept_ra_pinfo = 1
net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.default.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 1
net.ipv6.conf.default.accept_redirects = 1
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_untracked_na = 0
net.ipv6.conf.default.addr_gen_mode = 0
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.dad_transmits = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.default.disable_policy = 0
net.ipv6.conf.default.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.default.drop_unsolicited_na = 0
net.ipv6.conf.default.enhanced_dad = 1
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.default.force_tllao = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.default.hop_limit = 64
net.ipv6.conf.default.ignore_routes_with_linkdown = 0
net.ipv6.conf.default.ioam6_enabled = 0
net.ipv6.conf.default.ioam6_id = 65535
net.ipv6.conf.default.ioam6_id_wide = 4294967295
net.ipv6.conf.default.keep_addr_on_down = 0
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.max_desync_factor = 600
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.default.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.default.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.default.ndisc_evict_nocarrier = 1
net.ipv6.conf.default.ndisc_notify = 0
net.ipv6.conf.default.ndisc_tclass = 0
net.ipv6.conf.default.proxy_ndp = 0
net.ipv6.conf.default.ra_defrtr_metric = 1024
net.ipv6.conf.default.regen_max_retry = 3
net.ipv6.conf.default.router_probe_interval = 60
net.ipv6.conf.default.router_solicitation_delay = 1
net.ipv6.conf.default.router_solicitation_interval = 4
net.ipv6.conf.default.router_solicitation_max_interval = 3600
net.ipv6.conf.default.router_solicitations = -1
net.ipv6.conf.default.rpl_seg_enabled = 0
net.ipv6.conf.default.seg6_enabled = 0
net.ipv6.conf.default.seg6_require_hmac = 0
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error
net.ipv6.conf.default.suppress_frag_ndisc = 1
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.default.use_oif_addrs_only = 0
net.ipv6.conf.default.use_tempaddr = 0
net.ipv6.conf.eth0.accept_dad = 1
net.ipv6.conf.eth0.accept_ra = 2
net.ipv6.conf.eth0.accept_ra_defrtr = 1
net.ipv6.conf.eth0.accept_ra_from_local = 0
net.ipv6.conf.eth0.accept_ra_min_hop_limit = 1
net.ipv6.conf.eth0.accept_ra_min_lft = 0
net.ipv6.conf.eth0.accept_ra_mtu = 1
net.ipv6.conf.eth0.accept_ra_pinfo = 1
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.eth0.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.accept_source_route = 0
net.ipv6.conf.eth0.accept_untracked_na = 0
net.ipv6.conf.eth0.addr_gen_mode = 0
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.eth0.dad_transmits = 1
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_policy = 0
net.ipv6.conf.eth0.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.eth0.drop_unsolicited_na = 0
net.ipv6.conf.eth0.enhanced_dad = 1
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth0.force_tllao = 0
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth0.hop_limit = 64
net.ipv6.conf.eth0.ignore_routes_with_linkdown = 0
net.ipv6.conf.eth0.ioam6_enabled = 0
net.ipv6.conf.eth0.ioam6_id = 65535
net.ipv6.conf.eth0.ioam6_id_wide = 4294967295
net.ipv6.conf.eth0.keep_addr_on_down = 0
net.ipv6.conf.eth0.max_addresses = 16
net.ipv6.conf.eth0.max_desync_factor = 600
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.eth0.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.eth0.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.eth0.mtu = 1500
net.ipv6.conf.eth0.ndisc_evict_nocarrier = 1
net.ipv6.conf.eth0.ndisc_notify = 0
net.ipv6.conf.eth0.ndisc_tclass = 0
net.ipv6.conf.eth0.proxy_ndp = 0
net.ipv6.conf.eth0.ra_defrtr_metric = 1024
net.ipv6.conf.eth0.regen_max_retry = 3
net.ipv6.conf.eth0.router_probe_interval = 60
net.ipv6.conf.eth0.router_solicitation_delay = 1
net.ipv6.conf.eth0.router_solicitation_interval = 4
net.ipv6.conf.eth0.router_solicitation_max_interval = 3600
net.ipv6.conf.eth0.router_solicitations = -1
net.ipv6.conf.eth0.rpl_seg_enabled = 0
net.ipv6.conf.eth0.seg6_enabled = 0
net.ipv6.conf.eth0.seg6_require_hmac = 0
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error
net.ipv6.conf.eth0.suppress_frag_ndisc = 1
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.use_oif_addrs_only = 0
net.ipv6.conf.eth0.use_tempaddr = 0
net.ipv6.conf.incusbr0.accept_dad = 0
net.ipv6.conf.incusbr0.accept_ra = 2
net.ipv6.conf.incusbr0.accept_ra_defrtr = 1
net.ipv6.conf.incusbr0.accept_ra_from_local = 0
net.ipv6.conf.incusbr0.accept_ra_min_hop_limit = 1
net.ipv6.conf.incusbr0.accept_ra_min_lft = 0
net.ipv6.conf.incusbr0.accept_ra_mtu = 1
net.ipv6.conf.incusbr0.accept_ra_pinfo = 1
net.ipv6.conf.incusbr0.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.incusbr0.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.incusbr0.accept_ra_rtr_pref = 1
net.ipv6.conf.incusbr0.accept_redirects = 1
net.ipv6.conf.incusbr0.accept_source_route = 0
net.ipv6.conf.incusbr0.accept_untracked_na = 0
net.ipv6.conf.incusbr0.addr_gen_mode = 0
net.ipv6.conf.incusbr0.autoconf = 0
net.ipv6.conf.incusbr0.dad_transmits = 1
net.ipv6.conf.incusbr0.disable_ipv6 = 0
net.ipv6.conf.incusbr0.disable_policy = 0
net.ipv6.conf.incusbr0.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.incusbr0.drop_unsolicited_na = 0
net.ipv6.conf.incusbr0.enhanced_dad = 1
net.ipv6.conf.incusbr0.force_mld_version = 0
net.ipv6.conf.incusbr0.force_tllao = 0
net.ipv6.conf.incusbr0.forwarding = 1
net.ipv6.conf.incusbr0.hop_limit = 64
net.ipv6.conf.incusbr0.ignore_routes_with_linkdown = 0
net.ipv6.conf.incusbr0.ioam6_enabled = 0
net.ipv6.conf.incusbr0.ioam6_id = 65535
net.ipv6.conf.incusbr0.ioam6_id_wide = 4294967295
net.ipv6.conf.incusbr0.keep_addr_on_down = 0
net.ipv6.conf.incusbr0.max_addresses = 16
net.ipv6.conf.incusbr0.max_desync_factor = 600
net.ipv6.conf.incusbr0.mc_forwarding = 0
net.ipv6.conf.incusbr0.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.incusbr0.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.incusbr0.mtu = 1500
net.ipv6.conf.incusbr0.ndisc_evict_nocarrier = 1
net.ipv6.conf.incusbr0.ndisc_notify = 0
net.ipv6.conf.incusbr0.ndisc_tclass = 0
net.ipv6.conf.incusbr0.proxy_ndp = 0
net.ipv6.conf.incusbr0.ra_defrtr_metric = 1024
net.ipv6.conf.incusbr0.regen_max_retry = 3
net.ipv6.conf.incusbr0.router_probe_interval = 60
net.ipv6.conf.incusbr0.router_solicitation_delay = 1
net.ipv6.conf.incusbr0.router_solicitation_interval = 4
net.ipv6.conf.incusbr0.router_solicitation_max_interval = 3600
net.ipv6.conf.incusbr0.router_solicitations = -1
net.ipv6.conf.incusbr0.rpl_seg_enabled = 0
net.ipv6.conf.incusbr0.seg6_enabled = 0
net.ipv6.conf.incusbr0.seg6_require_hmac = 0
sysctl: error reading key 'net.ipv6.conf.incusbr0.stable_secret': I/O error
net.ipv6.conf.incusbr0.suppress_frag_ndisc = 1
net.ipv6.conf.incusbr0.temp_prefered_lft = 86400
net.ipv6.conf.incusbr0.temp_valid_lft = 604800
net.ipv6.conf.incusbr0.use_oif_addrs_only = 0
net.ipv6.conf.incusbr0.use_tempaddr = 0
net.ipv6.conf.lo.accept_dad = -1
net.ipv6.conf.lo.accept_ra = 2
net.ipv6.conf.lo.accept_ra_defrtr = 1
net.ipv6.conf.lo.accept_ra_from_local = 0
net.ipv6.conf.lo.accept_ra_min_hop_limit = 1
net.ipv6.conf.lo.accept_ra_min_lft = 0
net.ipv6.conf.lo.accept_ra_mtu = 1
net.ipv6.conf.lo.accept_ra_pinfo = 1
net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.lo.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.lo.accept_ra_rtr_pref = 1
net.ipv6.conf.lo.accept_redirects = 1
net.ipv6.conf.lo.accept_source_route = 0
net.ipv6.conf.lo.accept_untracked_na = 0
net.ipv6.conf.lo.addr_gen_mode = 0
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.lo.dad_transmits = 1
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.lo.disable_policy = 0
net.ipv6.conf.lo.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.lo.drop_unsolicited_na = 0
net.ipv6.conf.lo.enhanced_dad = 1
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.lo.force_tllao = 0
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.lo.hop_limit = 64
net.ipv6.conf.lo.ignore_routes_with_linkdown = 0
net.ipv6.conf.lo.ioam6_enabled = 0
net.ipv6.conf.lo.ioam6_id = 65535
net.ipv6.conf.lo.ioam6_id_wide = 4294967295
net.ipv6.conf.lo.keep_addr_on_down = 0
net.ipv6.conf.lo.max_addresses = 16
net.ipv6.conf.lo.max_desync_factor = 600
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.lo.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.lo.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.lo.mtu = 65536
net.ipv6.conf.lo.ndisc_evict_nocarrier = 1
net.ipv6.conf.lo.ndisc_notify = 0
net.ipv6.conf.lo.ndisc_tclass = 0
net.ipv6.conf.lo.proxy_ndp = 0
net.ipv6.conf.lo.ra_defrtr_metric = 1024
net.ipv6.conf.lo.regen_max_retry = 3
net.ipv6.conf.lo.router_probe_interval = 60
net.ipv6.conf.lo.router_solicitation_delay = 1
net.ipv6.conf.lo.router_solicitation_interval = 4
net.ipv6.conf.lo.router_solicitation_max_interval = 3600
net.ipv6.conf.lo.router_solicitations = -1
net.ipv6.conf.lo.rpl_seg_enabled = 0
net.ipv6.conf.lo.seg6_enabled = 0
net.ipv6.conf.lo.seg6_require_hmac = 0
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error
net.ipv6.conf.lo.suppress_frag_ndisc = 1
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.temp_valid_lft = 604800
net.ipv6.conf.lo.use_oif_addrs_only = 0
net.ipv6.conf.lo.use_tempaddr = -1
net.ipv6.conf.vethf5ebd376.accept_dad = 1
net.ipv6.conf.vethf5ebd376.accept_ra = 0
net.ipv6.conf.vethf5ebd376.accept_ra_defrtr = 1
net.ipv6.conf.vethf5ebd376.accept_ra_from_local = 0
net.ipv6.conf.vethf5ebd376.accept_ra_min_hop_limit = 1
net.ipv6.conf.vethf5ebd376.accept_ra_min_lft = 0
net.ipv6.conf.vethf5ebd376.accept_ra_mtu = 1
net.ipv6.conf.vethf5ebd376.accept_ra_pinfo = 1
net.ipv6.conf.vethf5ebd376.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.vethf5ebd376.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.vethf5ebd376.accept_ra_rtr_pref = 1
net.ipv6.conf.vethf5ebd376.accept_redirects = 1
net.ipv6.conf.vethf5ebd376.accept_source_route = 0
net.ipv6.conf.vethf5ebd376.accept_untracked_na = 0
net.ipv6.conf.vethf5ebd376.addr_gen_mode = 0
net.ipv6.conf.vethf5ebd376.autoconf = 1
net.ipv6.conf.vethf5ebd376.dad_transmits = 1
net.ipv6.conf.vethf5ebd376.disable_ipv6 = 1
net.ipv6.conf.vethf5ebd376.disable_policy = 0
net.ipv6.conf.vethf5ebd376.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.vethf5ebd376.drop_unsolicited_na = 0
net.ipv6.conf.vethf5ebd376.enhanced_dad = 1
net.ipv6.conf.vethf5ebd376.force_mld_version = 0
net.ipv6.conf.vethf5ebd376.force_tllao = 0
net.ipv6.conf.vethf5ebd376.forwarding = 1
net.ipv6.conf.vethf5ebd376.hop_limit = 64
net.ipv6.conf.vethf5ebd376.ignore_routes_with_linkdown = 0
net.ipv6.conf.vethf5ebd376.ioam6_enabled = 0
net.ipv6.conf.vethf5ebd376.ioam6_id = 65535
net.ipv6.conf.vethf5ebd376.ioam6_id_wide = 4294967295
net.ipv6.conf.vethf5ebd376.keep_addr_on_down = 0
net.ipv6.conf.vethf5ebd376.max_addresses = 16
net.ipv6.conf.vethf5ebd376.max_desync_factor = 600
net.ipv6.conf.vethf5ebd376.mc_forwarding = 0
net.ipv6.conf.vethf5ebd376.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.vethf5ebd376.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.vethf5ebd376.mtu = 1500
net.ipv6.conf.vethf5ebd376.ndisc_evict_nocarrier = 1
net.ipv6.conf.vethf5ebd376.ndisc_notify = 0
net.ipv6.conf.vethf5ebd376.ndisc_tclass = 0
net.ipv6.conf.vethf5ebd376.proxy_ndp = 0
net.ipv6.conf.vethf5ebd376.ra_defrtr_metric = 1024
net.ipv6.conf.vethf5ebd376.regen_max_retry = 3
net.ipv6.conf.vethf5ebd376.router_probe_interval = 60
net.ipv6.conf.vethf5ebd376.router_solicitation_delay = 1
net.ipv6.conf.vethf5ebd376.router_solicitation_interval = 4
net.ipv6.conf.vethf5ebd376.router_solicitation_max_interval = 3600
net.ipv6.conf.vethf5ebd376.router_solicitations = -1
net.ipv6.conf.vethf5ebd376.rpl_seg_enabled = 0
net.ipv6.conf.vethf5ebd376.seg6_enabled = 0
net.ipv6.conf.vethf5ebd376.seg6_require_hmac = 0
sysctl: error reading key 'net.ipv6.conf.vethf5ebd376.stable_secret': I/O error
net.ipv6.conf.vethf5ebd376.suppress_frag_ndisc = 1
net.ipv6.conf.vethf5ebd376.temp_prefered_lft = 86400
net.ipv6.conf.vethf5ebd376.temp_valid_lft = 604800
net.ipv6.conf.vethf5ebd376.use_oif_addrs_only = 0
net.ipv6.conf.vethf5ebd376.use_tempaddr = 0
net.ipv6.fib_multipath_hash_fields = 7
net.ipv6.fib_multipath_hash_policy = 0
net.ipv6.fib_notify_on_flag_change = 0
net.ipv6.flowlabel_consistency = 1
net.ipv6.flowlabel_reflect = 0
net.ipv6.flowlabel_state_ranges = 0
net.ipv6.fwmark_reflect = 0
net.ipv6.icmp.echo_ignore_all = 0
net.ipv6.icmp.echo_ignore_anycast = 0
net.ipv6.icmp.echo_ignore_multicast = 0
net.ipv6.icmp.error_anycast_as_unicast = 0
net.ipv6.icmp.ratelimit = 1000
net.ipv6.icmp.ratemask = 0-1,3-127
net.ipv6.idgen_delay = 1
net.ipv6.idgen_retries = 3
net.ipv6.ioam6_id = 16777215
net.ipv6.ioam6_id_wide = 72057594037927935
net.ipv6.ip6frag_high_thresh = 4194304
net.ipv6.ip6frag_low_thresh = 3145728
net.ipv6.ip6frag_secret_interval = 0
net.ipv6.ip6frag_time = 60
net.ipv6.ip_nonlocal_bind = 0
net.ipv6.max_dst_opts_length = 2147483647
net.ipv6.max_dst_opts_number = 8
net.ipv6.max_hbh_length = 2147483647
net.ipv6.max_hbh_opts_number = 8
net.ipv6.mld_max_msf = 64
net.ipv6.mld_qrv = 2
net.ipv6.neigh.default.anycast_delay = 99
net.ipv6.neigh.default.app_solicit = 0
net.ipv6.neigh.default.base_reachable_time = 30
net.ipv6.neigh.default.base_reachable_time_ms = 30000
net.ipv6.neigh.default.delay_first_probe_time = 5
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
net.ipv6.neigh.default.gc_thresh1 = 128
net.ipv6.neigh.default.gc_thresh2 = 512
net.ipv6.neigh.default.gc_thresh3 = 1024
net.ipv6.neigh.default.interval_probe_time_ms = 5000
net.ipv6.neigh.default.locktime = 0
net.ipv6.neigh.default.mcast_resolicit = 0
net.ipv6.neigh.default.mcast_solicit = 3
net.ipv6.neigh.default.proxy_delay = 79
net.ipv6.neigh.default.proxy_qlen = 64
net.ipv6.neigh.default.retrans_time = 300
net.ipv6.neigh.default.retrans_time_ms = 1000
net.ipv6.neigh.default.ucast_solicit = 3
net.ipv6.neigh.default.unres_qlen = 101
net.ipv6.neigh.default.unres_qlen_bytes = 212992
net.ipv6.neigh.eth0.anycast_delay = 99
net.ipv6.neigh.eth0.app_solicit = 0
net.ipv6.neigh.eth0.base_reachable_time = 30
net.ipv6.neigh.eth0.base_reachable_time_ms = 30000
net.ipv6.neigh.eth0.delay_first_probe_time = 5
net.ipv6.neigh.eth0.gc_stale_time = 60
net.ipv6.neigh.eth0.interval_probe_time_ms = 5000
net.ipv6.neigh.eth0.locktime = 0
net.ipv6.neigh.eth0.mcast_resolicit = 0
net.ipv6.neigh.eth0.mcast_solicit = 3
net.ipv6.neigh.eth0.proxy_delay = 79
net.ipv6.neigh.eth0.proxy_qlen = 64
net.ipv6.neigh.eth0.retrans_time = 300
net.ipv6.neigh.eth0.retrans_time_ms = 1000
net.ipv6.neigh.eth0.ucast_solicit = 3
net.ipv6.neigh.eth0.unres_qlen = 101
net.ipv6.neigh.eth0.unres_qlen_bytes = 212992
net.ipv6.neigh.incusbr0.anycast_delay = 99
net.ipv6.neigh.incusbr0.app_solicit = 0
net.ipv6.neigh.incusbr0.base_reachable_time = 30
net.ipv6.neigh.incusbr0.base_reachable_time_ms = 30000
net.ipv6.neigh.incusbr0.delay_first_probe_time = 5
net.ipv6.neigh.incusbr0.gc_stale_time = 60
net.ipv6.neigh.incusbr0.interval_probe_time_ms = 5000
net.ipv6.neigh.incusbr0.locktime = 0
net.ipv6.neigh.incusbr0.mcast_resolicit = 0
net.ipv6.neigh.incusbr0.mcast_solicit = 3
net.ipv6.neigh.incusbr0.proxy_delay = 79
net.ipv6.neigh.incusbr0.proxy_qlen = 64
net.ipv6.neigh.incusbr0.retrans_time = 300
net.ipv6.neigh.incusbr0.retrans_time_ms = 1000
net.ipv6.neigh.incusbr0.ucast_solicit = 3
net.ipv6.neigh.incusbr0.unres_qlen = 101
net.ipv6.neigh.incusbr0.unres_qlen_bytes = 212992
net.ipv6.neigh.lo.anycast_delay = 99
net.ipv6.neigh.lo.app_solicit = 0
net.ipv6.neigh.lo.base_reachable_time = 30
net.ipv6.neigh.lo.base_reachable_time_ms = 30000
net.ipv6.neigh.lo.delay_first_probe_time = 5
net.ipv6.neigh.lo.gc_stale_time = 60
net.ipv6.neigh.lo.interval_probe_time_ms = 5000
net.ipv6.neigh.lo.locktime = 0
net.ipv6.neigh.lo.mcast_resolicit = 0
net.ipv6.neigh.lo.mcast_solicit = 3
net.ipv6.neigh.lo.proxy_delay = 79
net.ipv6.neigh.lo.proxy_qlen = 64
net.ipv6.neigh.lo.retrans_time = 300
net.ipv6.neigh.lo.retrans_time_ms = 1000
net.ipv6.neigh.lo.ucast_solicit = 3
net.ipv6.neigh.lo.unres_qlen = 101
net.ipv6.neigh.lo.unres_qlen_bytes = 212992
net.ipv6.neigh.vethf5ebd376.anycast_delay = 99
net.ipv6.neigh.vethf5ebd376.app_solicit = 0
net.ipv6.neigh.vethf5ebd376.base_reachable_time = 30
net.ipv6.neigh.vethf5ebd376.base_reachable_time_ms = 30000
net.ipv6.neigh.vethf5ebd376.delay_first_probe_time = 5
net.ipv6.neigh.vethf5ebd376.gc_stale_time = 60
net.ipv6.neigh.vethf5ebd376.interval_probe_time_ms = 5000
net.ipv6.neigh.vethf5ebd376.locktime = 0
net.ipv6.neigh.vethf5ebd376.mcast_resolicit = 0
net.ipv6.neigh.vethf5ebd376.mcast_solicit = 3
net.ipv6.neigh.vethf5ebd376.proxy_delay = 79
net.ipv6.neigh.vethf5ebd376.proxy_qlen = 64
net.ipv6.neigh.vethf5ebd376.retrans_time = 300
net.ipv6.neigh.vethf5ebd376.retrans_time_ms = 1000
net.ipv6.neigh.vethf5ebd376.ucast_solicit = 3
net.ipv6.neigh.vethf5ebd376.unres_qlen = 101
net.ipv6.neigh.vethf5ebd376.unres_qlen_bytes = 212992
net.ipv6.route.gc_elasticity = 9
net.ipv6.route.gc_interval = 30
net.ipv6.route.gc_min_interval = 0
net.ipv6.route.gc_min_interval_ms = 500
net.ipv6.route.gc_thresh = 1024
net.ipv6.route.gc_timeout = 60
net.ipv6.route.max_size = 2147483647
net.ipv6.route.min_adv_mss = 1220
net.ipv6.route.mtu_expires = 600
net.ipv6.route.skip_notify_on_dev_down = 0
net.ipv6.seg6_flowlabel = 0
net.ipv6.xfrm6_gc_thresh = 32768
net.mptcp.add_addr_timeout = 120
net.mptcp.allow_join_initial_addr_port = 1
net.mptcp.checksum_enabled = 0
net.mptcp.enabled = 1
net.mptcp.pm_type = 0
net.mptcp.scheduler = default
net.mptcp.stale_loss_cnt = 4
net.netfilter.nf_conntrack_acct = 0
net.netfilter.nf_conntrack_buckets = 262144
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_count = 5
net.netfilter.nf_conntrack_dccp_loose = 1
net.netfilter.nf_conntrack_dccp_timeout_closereq = 64
net.netfilter.nf_conntrack_dccp_timeout_closing = 64
net.netfilter.nf_conntrack_dccp_timeout_open = 43200
net.netfilter.nf_conntrack_dccp_timeout_partopen = 480
net.netfilter.nf_conntrack_dccp_timeout_request = 240
net.netfilter.nf_conntrack_dccp_timeout_respond = 480
net.netfilter.nf_conntrack_dccp_timeout_timewait = 240
net.netfilter.nf_conntrack_events = 2
net.netfilter.nf_conntrack_expect_max = 4096
net.netfilter.nf_conntrack_frag6_high_thresh = 4194304
net.netfilter.nf_conntrack_frag6_low_thresh = 3145728
net.netfilter.nf_conntrack_frag6_timeout = 60
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_gre_timeout = 30
net.netfilter.nf_conntrack_gre_timeout_stream = 180
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_icmpv6_timeout = 30
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_max = 262144
net.netfilter.nf_conntrack_sctp_timeout_closed = 10
net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3
net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3
net.netfilter.nf_conntrack_sctp_timeout_established = 210
net.netfilter.nf_conntrack_sctp_timeout_heartbeat_sent = 30
net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3
net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 3
net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 3
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_tcp_ignore_invalid_rst = 0
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_timestamp = 0
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 120
net.netfilter.nf_flowtable_tcp_timeout = 30
net.netfilter.nf_flowtable_udp_timeout = 30
net.netfilter.nf_hooks_lwtunnel = 0
net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.10 = NONE
net.netfilter.nf_log.2 = NONE
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log_all_netns = 0
net.nf_conntrack_max = 262144
net.unix.max_dgram_qlen = 10
user.max_cgroup_namespaces = 31558
user.max_fanotify_groups = 128
user.max_fanotify_marks = 65448
user.max_inotify_instances = 128
user.max_inotify_watches = 61552
user.max_ipc_namespaces = 31558
user.max_mnt_namespaces = 31558
user.max_net_namespaces = 31558
user.max_pid_namespaces = 31558
user.max_time_namespaces = 31558
user.max_user_namespaces = 31558
user.max_uts_namespaces = 31558
vm.admin_reserve_kbytes = 8192
vm.compact_unevictable_allowed = 1
vm.compaction_proactiveness = 20
vm.dirty_background_bytes = 0
vm.dirty_background_ratio = 10
vm.dirty_bytes = 0
vm.dirty_expire_centisecs = 3000
vm.dirty_ratio = 20
vm.dirty_writeback_centisecs = 500
vm.dirtytime_expire_seconds = 43200
vm.extfrag_threshold = 500
vm.hugetlb_optimize_vmemmap = 0
vm.hugetlb_shm_group = 0
vm.laptop_mode = 0
vm.legacy_va_layout = 0
vm.lowmem_reserve_ratio = 256   256     32      0       0
vm.max_map_count = 65530
vm.memfd_noexec = 0
vm.min_free_kbytes = 67584
vm.min_slab_ratio = 5
vm.min_unmapped_ratio = 1
vm.mmap_min_addr = 4096
vm.mmap_rnd_bits = 28
vm.mmap_rnd_compat_bits = 8
vm.nr_hugepages = 0
vm.nr_hugepages_mempolicy = 0
vm.nr_overcommit_hugepages = 0
vm.numa_stat = 1
vm.numa_zonelist_order = Node
vm.oom_dump_tasks = 1
vm.oom_kill_allocating_task = 0
vm.overcommit_kbytes = 0
vm.overcommit_memory = 0
vm.overcommit_ratio = 50
vm.page-cluster = 3
vm.page_lock_unfairness = 5
vm.panic_on_oom = 0
vm.percpu_pagelist_high_fraction = 0
vm.stat_interval = 1
vm.swappiness = 60
vm.user_reserve_kbytes = 131072
vm.vfs_cache_pressure = 100
vm.watermark_boost_factor = 15000
vm.watermark_scale_factor = 10
vm.zone_reclaim_mode = 0

I have setup nftables very permissive so everything can first of all work and later I can do the limiting:

# nft list ruleset
table inet filter {
        chain input {
                type filter hook input priority filter + 1; policy accept;
        }

        chain forward {
                type filter hook forward priority filter + 1; policy accept;
                ip version 4 oifname "incusbr0" accept
                ip version 4 iifname "incusbr0" accept
                ip6 version 6 oifname "incusbr0" accept
                ip6 version 6 iifname "incusbr0" accept
        }

        chain output {
                type filter hook output priority filter + 1; policy accept;
        }
}
table ip nat {
        chain prerouting {
                type nat hook prerouting priority dstnat; policy accept;
        }
}
table inet incus {
        chain pstrt.incusbr0 {
                type nat hook postrouting priority srcnat; policy accept;
                ip saddr 10.0.0.0/9 ip daddr != 10.0.0.0/9 masquerade
        }

        chain fwd.incusbr0 {
                type filter hook forward priority filter; policy accept;
                ip version 4 oifname "incusbr0" accept
                ip version 4 iifname "incusbr0" accept
                ip6 version 6 oifname "incusbr0" accept
                ip6 version 6 iifname "incusbr0" accept
        }

        chain in.incusbr0 {
                type filter hook input priority filter; policy accept;
                iifname "incusbr0" tcp dport 53 accept
                iifname "incusbr0" udp dport 53 accept
                iifname "incusbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
                iifname "incusbr0" udp dport 67 accept
        }

        chain out.incusbr0 {
                type filter hook output priority filter; policy accept;
                oifname "incusbr0" tcp sport 53 accept
                oifname "incusbr0" udp sport 53 accept
                oifname "incusbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
                oifname "incusbr0" udp sport 67 accept
        }
}

Everything also looks good on the host and in the container regarding networking:

Host (Alpine 3.20):

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:40:56:89 brd ff:ff:ff:ff:ff:ff
    inet SOMEIPV4/20 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2000:SOMEIPV6::1/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe40:5689/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
3: incusbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:04:95:59 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/9 scope global incusbr0
       valid_lft forever preferred_lft forever
    inet6 2000:SOMEIPV6::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe04:9559/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
5: vethf5ebd376@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master incusbr0 state UP group default qlen 1000
    link/ether 02:e9:ca:60:c7:bb brd ff:ff:ff:ff:ff:ff link-netnsid 0

# ip -6 r
2a02:c207:3005:8614::1 dev eth0 proto kernel metric 256 pref medium
2a02:c207:3005:8614::/64 dev incusbr0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev incusbr0 proto kernel metric 256 pref medium
default via fe80::1 dev eth0 metric 1 onlink pref medium

Container (Debian 12):

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:5a:68:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.48.71.247/9 metric 1024 brd 10.127.255.255 scope global dynamic eth0
       valid_lft 2880sec preferred_lft 2880sec
    inet6 2000:SOMEIPV6:216:3eff:fe5a:68fe/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe5a:68fe/64 scope link 
       valid_lft forever preferred_lft forever

# ip -6 r
2000:SOMEIPV6::/64 dev eth0 proto kernel metric 256 pref medium
2000:SOMEIPV6::/64 dev eth0 proto ra metric 1024 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::216:3eff:fe04:9559 dev eth0 proto ra metric 1024 expires 1507sec mtu 1500 pref medium

candlerb · October 11, 2024, 6:57pm

What do you see from traceroute6 -w1 -n 2001:4860:4860::8888 inside the container, and traceroute6 -w1 -n 2000:SOMEIPV6:216:3eff:fe5a:68fe from the host itself, from the upstream router, and from some host further upstream?

You haven’t shown the configuration on the upstream router. I’m guessing its IPv6 LL address on that network segment is fe80::1, and it has a static route to 2000:SOMEIPV6::/64 via fe80::250:56ff:fe40:5689 ?

I think it’s slightly dubious using public addresses from the same /64 block on both eth0 and incusbr0, although the eth0 one is a /128 so it’s probably OK. The upstream router can’t have its own interface configured with 2000:SOMEIPV6::/64 though, otherwise the incus host would have to do proxy-NDP nastiness.

michacassola · October 12, 2024, 10:35am

From the container I see, that it doesn’t go beyond the bridge:

# traceroute6 -w1 -n 2001:4860:4860::8888
traceroute to 2001:4860:4860::8888 (2001:4860:4860::8888), 30 hops max, 80 byte packets
 1  2000:SOMEIPV6::2  0.176 ms  0.013 ms  0.011 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

From the host I see:

# traceroute6 -w1 -n 2000:SOMEIPV6:216:3eff:fe5a:68fe
traceroute to 2000:SOMEIPV6:216:3eff:fe5a:68fe (2000:SOMEIPV6:216:3eff:fe5a:68fe), 30 hops max, 72 byte packets
 1  2000:SOMEIPV6:216:3eff:fe5a:68fe  0.010 ms  0.005 ms  0.005 ms

Unfortunately I cannot go further upstream as my cloud provider will not let me access that.
My cloud provider routes traffic to the MAC address of my VMs NIC and NDP was switched off in sysctl.conf.

I also have a very similar setup from a few years ago working perfectly with Ubuntu + LXD. It is running now. Back then @tomp helped me out greatly and I was able to contribute a tutorial about it: Getting universally routable IPv6 Addresses for your Linux Containers on Ubuntu 18.04 with LXD 4.0 on a VPS

I must be missing something that will make me want to hit myself once found out.

michacassola · October 12, 2024, 12:43pm

I seem to be getting closer, for some reason the veth interfaces have their ipv6 switched off (I created 3 containers by now):

sysctl -a | grep disable_ipv6
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error
net.ipv6.conf.eth0.disable_ipv6 = 0
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error
net.ipv6.conf.incusbr0.disable_ipv6 = 0
sysctl: error reading key 'net.ipv6.conf.incusbr0.stable_secret': I/O error
net.ipv6.conf.lo.disable_ipv6 = 0
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.veth66081fdf.stable_secret': I/O error
net.ipv6.conf.veth66081fdf.disable_ipv6 = 1
sysctl: error reading key 'net.ipv6.conf.vetha2f69d19.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.vethdffbf955.stable_secret': I/O error
net.ipv6.conf.vetha2f69d19.disable_ipv6 = 1
net.ipv6.conf.vethdffbf955.disable_ipv6 = 1

Edit:
Changing that with sysctl -w to 0 changed nothing unfortunately.

xlmnxp · October 12, 2024, 10:08pm

do you main router/modem has NDP enabled?

michacassola · October 13, 2024, 4:35pm

I have asked my cloud provider, but the other already working setup also has NDP disabled and is working.

Edit: My cloud provider does not use NDP.

michacassola · October 14, 2024, 4:33pm

I have installed an Ubuntu 24.04.1 server thinking it is an Alpine Linux thing, that it is not working, but Ubuntu does not work in the same way. An older Ubuntu 22.04 installation with LXD 5.0.2 is working with a setup that is (should be) the same.

I am starting to think something was changed in Incus? @stgraber

simos · October 14, 2024, 5:37pm

I don’t know what is happening in this case.

However, Brian wrote this and you have not addressed it. Is your way the proper way to get addressable public IPv6 addresses to system containers, when said containers reside on a managed private bridge? It looks like a managed(by Incus) bridge with additional nft ruleset (not managed by Incus).

michacassola · October 14, 2024, 5:52pm

I thought me stating that this setup is already working on a server with Ubuntu 22.04 with LXD 5.0.2 with a setup that should be the same answered that part. It worked then, why should it not work now? Same provider, same setup.

I can’t remove IPv6 from eth0/ens18 as the packets flow through the host interface first, if my thinking is correct. Feel free to correct me.
The provider routes the packets to an interface with one specific MAC address for both stacks.
And if I remove the IPv6 addresses from the host’s “physical” interface, what address do I give it? Will the kernel route the traffic to the bridge without the actual NIC having an IPv6? If my understanding is correct it won’t.