LXD host routes ipv6 via lxd managed bridge but ipv6.address is set to none?

idef1x · December 18, 2018, 2:04pm

I have a LXD VPS running in the cloud with a lxdbr0 interface to host the containers (both ipv4 and ipv6). This lxdbr0 bridge is bridged with a local running LXD host, but the local host has no ipv6 address assigned in the network configuration. I.e :

lxc network show vps-net
config:
  ipv4.address: none
  ipv6.address: none
  tunnel.as1.local: 192.168.10.1
  tunnel.as1.protocol: gre
  tunnel.as1.remote: 10.23.96.6
description: ""
name: vps-net
type: bridge

I can’t ping from the local LXD host to the ipv4 address space on the vps-net bridge (expected behavior), but I can ping6 to the ipv6 subnet on that interface (not expected)? Because of this my local LXD host has ipv6 access to the internet as well, since its default for ipv6 is set to the remote LXD host.

NB: the tunnel between the LXD hosts runs via an openvpn VPN.
NB2: I know ipv6 auto configures an interface, but should it not switch off ipv6 when you set ipv6.address to none?

bodleytunes · December 18, 2018, 7:24pm

is it using link local? fe80?

what does lxc network info vps-net show

idef1x · December 18, 2018, 7:42pm

lxc network info vps-net
Name: vps-net
MAC address: 42:7e:bc:1c:b6:13
MTU: 1400
State: up

Ips:
inet6 fd42:24e5:bf84:13f3:407e:bcff:fe1c:b613
inet6 fe80::1c62:c2ff:fee7:777f

Network usage:
Bytes received: 376.33kB
Bytes sent: 21.73kB
Packets received: 1681
Packets sent: 236

So yes a default fe80 one and a ula one fd42, which it gets/determines via the vps in the cloud. These fd42 addresses will be NAT-ed to the global IPv6 address of the VPS, which has ipv6 access to the internet.