OS: Ubuntu 22.04 LTS, kernel 6.10.6
Container: default ubuntu jammy from https://images.linuxcontainers.org/ “Currently available images” section.
Goal: create a local IPv6 network of containers, where containers talk to the host and do not communicate with each other.
Host bridge:
ip link add dev swarm0 type bridge
echo 0 >/proc/sys/net/ipv6/conf/swarm0/accept_dad
echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv6/conf/swarm0/autoconf
ip -6 addr add dev swarm0 fddd::1/64
ip link set dev swarm0 address 00:16:3e:00:00:00
ip link set dev swarm0 up
ip6tables -w -t nat -A POSTROUTING -s fddd::/64 '!' -d fddd::/64 -j MASQUERADE
LXC configuration (/var/lib/lxc/ubuntu/config)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64
# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/ubuntu/rootfs
lxc.uts.name = ubuntu
# Network configuration
lxc.net.0.type = veth
lxc.net.0.veth.mode = router
lxc.net.0.link = swarm0
lxc.net.0.flags = up
lxc.net.0.ipv6.address = fddd::2/64
lxc.net.0.ipv6.gateway = fddd::1
Problem:
lxc-stop ubuntu; lxc-start ubuntu && lxc-attach ubuntu -- /bin/bash -c "set -x; ip a; ping fddd::1"
+ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
3: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether d2:dc:ab:aa:68:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fddd::2/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::d0dc:abff:feaa:6801/64 scope link tentative
valid_lft forever preferred_lft forever
+ ping fddd::1
PING fddd::1(fddd::1) 56 data bytes
From ::1 icmp_seq=1 Destination unreachable: Address unreachable
From ::1 icmp_seq=2 Destination unreachable: Address unreachable
^C
Removing tentative doesn’t solve the ipv6 issue (don’t know how to make it more elegant):
grep lxc.net config
lxc.net.0.type = veth
lxc.net.0.veth.mode = router
lxc.net.0.link = swarm0
#lxc.net.0.flags = up
#lxc.net.0.ipv6.address = fddd::2/64
#lxc.net.0.ipv6.gateway = fddd::1
lxc-stop ubuntu; lxc-start ubuntu && lxc-attach ubuntu -- /bin/bash -c "set -x; echo 0 >/proc/sys/net/ipv6/conf/eth0/accept_dad; ip -6 addr add dev eth0 fddd::2/64; ip link set dev eth0 up; ip -6 route add default via fddd::1; ip a; ip -6 route show; ip -6 neigh show; ping fddd::1"
+ echo 0
+ ip -6 addr add dev eth0 fddd::2/64
+ ip link set dev eth0 up
+ ip -6 route add default via fddd::1
+ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
3: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 42:1b:88:53:2b:13 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fddd::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::401b:88ff:fe53:2b13/64 scope link
valid_lft forever preferred_lft forever
+ ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
fddd::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fddd::1 dev eth0 metric 1024 pref medium
+ ip -6 neigh show
+ ping fddd::1
PING fddd::1(fddd::1) 56 data bytes
From fddd::2 icmp_seq=1 Destination unreachable: Address unreachable
From fddd::2 icmp_seq=2 Destination unreachable: Address unreachable
From fddd::2 icmp_seq=3 Destination unreachable: Address unreachable
P.S. IPv4 works pretty fine, IPv6 + lxc.net.0.veth.mode=bridge works too. Why do I have problems with a router mode ?
