LXD is claiming a device address is not in the bridge's IPv6 subnet. Why?

Objective: Have an IPv6 address on the container that does not change so that I can have stable proxy devices.

Subobjective: Set a static IPv6 address on a container.

I have a host with the following bridge configuration:

$ lxc network show lxdbr0
config:
  ipv4.address: 10.248.30.1/24
  ipv4.nat: "true"
  ipv6.address: fd42:8c31:4e11:e52b::1/64
  ipv6.dhcp.stateful: "true"
  ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/serv
- /1.0/profiles/default
managed: true
status: Created
locations:
- none
$ ip a show dev lxdbr0
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:63:58:65 brd ff:ff:ff:ff:ff:ff
    inet 10.248.30.1/24 scope global lxdbr0
       valid_lft forever preferred_lft forever
    inet6 fd42:8c31:4e11:e52b::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe63:5865/64 scope link
       valid_lft forever preferred_lft forever
$ lxc list
+-------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| NAME  |  STATE  |        IPV4         |                     IPV6                      |   TYPE    | SNAPSHOTS |
+-------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| serv  | RUNNING | 10.248.30.20 (eth0) | fd42:8c31:4e11:e52b:d5a4:53b9:52a:aabb (eth0) | CONTAINER | 2         |
+-------+---------+---------------------+-----------------------------------------------+-----------+-----------+

When I try to add an address to the container, however, I get an error message:

$ lxc config device set serv eth0 ipv6.address=[fd42:8c31:4e11:e52b::10]
Error: Invalid devices: Device validation failed for "eth0": Device IP address "[fd42:8c31:4e11:e52b::10]" not within network "lxdbr0" subnet

This doesn’t make sense to me. Checks with third-party networking tools confirm that the address fd42:8c31:4e11:e52b::10 is clearly within the lxdbr0 subnet, the lxdbr0 interface address is fd42:8c31:4e11:e52b::1/64 and the prefix address is fd42:8c31:4e11:e52b::. Is there something wrong with my syntax? Am I using the wrong network or address type? What else might I have missed?

Is it just getting freaked out by the []?

1 Like

Indeed. When I removed them, it worked!

I had tried it with quotation marks before, and that made no difference.

But then the documentation needs to be updated. See here:

https://linuxcontainers.org/lxd/docs/stable-4.0/instances/#type-proxy

When configuring a proxy device with nat=true, you will need to ensure that the target instance has a static IP configured in LXD on its NIC device. E.g.


lxc config device set <instance> <nic> ipv4.address=<ipv4.address> ipv6.address=<ipv6.address>

then below:

When defining IPv6 addresses use square bracket notation, e.g.

connect=tcp:[2001:db8::1]:80

It is probably friendlier to just have it accept square brackets, this is pretty standard IPv6 address notation.