LXD is not assigning ipv6 addresses anymore

burbilog · August 7, 2020, 9:09pm

Some days (or weeks) ago LXD stopped giving out ipv6 addresses. This affected both my production and development servers:

ns pts/0#lxc list                                                                                     [/home/rm 23:55 Fri 7] 
+--------+---------+-----------------------+------+-----------+-----------+
|  NAME  |  STATE  |         IPV4          | IPV6 |   TYPE    | SNAPSHOTS |
+--------+---------+-----------------------+------+-----------+-----------+
| alp    | RUNNING | 172.16.172.116 (eth0) |      | CONTAINER | 0         |
+--------+---------+-----------------------+------+-----------+-----------+
| cms    | RUNNING | 172.16.172.218 (eth0) |      | CONTAINER | 0         |
+--------+---------+-----------------------+------+-----------+-----------+
| dd     | RUNNING | 172.16.172.47 (eth0)  |      | CONTAINER | 0         |
+--------+---------+-----------------------+------+-----------+-----------+
| grr    | RUNNING | 172.16.172.113 (eth0) |      | CONTAINER | 0         |
+--------+---------+-----------------------+------+-----------+-----------+
| main   | RUNNING | 172.16.172.233 (eth0) |      | CONTAINER | 0         |
+--------+---------+-----------------------+------+-----------+-----------+
| static | RUNNING | 172.16.172.57 (eth0)  |      | CONTAINER | 0         |
+--------+---------+-----------------------+------+-----------+-----------+

ns pts/0#lxc network show lxdbr0
config:
  ipv4.address: 172.16.172.1/24
  ipv4.nat: "true"
  ipv6.address: fd42:dad8:c4ad:e744::1/64
  ipv6.dhcp.stateful: "true"
  ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/alp
- /1.0/instances/cms
- /1.0/instances/dd
- /1.0/instances/grr
- /1.0/instances/main
- /1.0/instances/static
- /1.0/profiles/default
managed: true
status: Created
locations:
- none

dnsmasq is still running:

lxd       1127  0.0  0.1  43632  1836 ?        Ss   Aug07   0:01 dnsmasq --keep-in-foreground --strict-order --bind-interfaces --except-interface=lo --pid-file= --no-ping --interface=lxdbr0 --quiet-dhcp --quiet-dhcp6 --quiet-ra --listen-address=172.16.172.1 --dhcp-no-override --dhcp-authoritative --dhcp-leasefile=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.leases --dhcp-hostsfile=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.hosts --dhcp-range 172.16.172.2,172.16.172.254,1h --listen-address=fd42:dad8:c4ad:e744::1 --enable-ra --dhcp-range fd42:dad8:c4ad:e744::2,fd42:dad8:c4ad:e744:ffff:ffff:ffff:ffff,64,1h -s lxd -S /lxd/ --conf-file=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.raw -u lxd

One of the containers:

ns pts/0#lxc config show alp --expanded
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Alpine 3.9 amd64 (20190321_13:00)
  image.os: Alpine
  image.release: "3.9"
  image.serial: "20190321_13:00"
  volatile.base_image: 0cbd911b5a203c7e475241b8b22cc5332d10fd30ae27916bae1558bcb118c9ce
  volatile.eth0.host_name: veth561c9ec6
  volatile.eth0.hwaddr: 00:16:3e:6b:04:12
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
devices:
  eth0:
    ipv4.address: 172.16.172.116
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
  root:
    path: /                                                                [/home/rm 0:07 Sat 8] 
    pool: tank
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Any ideas where to look for the source of the problem? I did not do anything with both servers during last weeks, the only thing that changed was snap updated lxd to 4.4…

stgraber · August 7, 2020, 9:43pm

Hmm, so a few things to check:

You’re using stateful DHCPv6 which isn’t the default, are you sure your containers are doing a stateful DHCP request for IPv6?
Any firewalling in place which would block the DHCPv6 request/reply?
Can you post the output of grep -i apparmor /var/log/kern.log?

burbilog · August 8, 2020, 1:48am

Yes, turning off stateful for ipv6 returned ipv6 addresses.

burbilog · August 8, 2020, 1:56am

In theory, if static ipv6 addresses require stateful option that it’s a problem: either I have to turn on stateful and then I have to assign ALL ipv6 addresses as static or I can’t use static v6 adresses without stateful.

In practice, I replied to that stalled thread (sorry, I forgot about it), I was able to set static v6 address without stateful option…

stgraber · August 8, 2020, 1:59am

Note that the default stateless addresses ARE static, they are derived from the MAC of the instance and so are predictable and will never change.

If you do want your addresses to be DHCP assigned and get to use ipv6.address, then you need to make sure that all your instances perform stateful DHCPv6. This isn’t the default so you’ll have to modify some network config in all your instances.

With that done, LXD will give normal incrementing dynamic addresses to instances that do not have a ipv6.address specified.