LXD is not assigning ipv6 addresses anymore

Some days (or weeks) ago LXD stopped giving out ipv6 addresses. This affected both my production and development servers:

ns pts/0#lxc list                                                                                     [/home/rm 23:55 Fri 7] 
|  NAME  |  STATE  |         IPV4          | IPV6 |   TYPE    | SNAPSHOTS |
| alp    | RUNNING | (eth0) |      | CONTAINER | 0         |
| cms    | RUNNING | (eth0) |      | CONTAINER | 0         |
| dd     | RUNNING | (eth0)  |      | CONTAINER | 0         |
| grr    | RUNNING | (eth0) |      | CONTAINER | 0         |
| main   | RUNNING | (eth0) |      | CONTAINER | 0         |
| static | RUNNING | (eth0)  |      | CONTAINER | 0         |
ns pts/0#lxc network show lxdbr0
  ipv4.nat: "true"
  ipv6.address: fd42:dad8:c4ad:e744::1/64
  ipv6.dhcp.stateful: "true"
  ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
- /1.0/instances/alp
- /1.0/instances/cms
- /1.0/instances/dd
- /1.0/instances/grr
- /1.0/instances/main
- /1.0/instances/static
- /1.0/profiles/default
managed: true
status: Created
- none

dnsmasq is still running:

lxd       1127  0.0  0.1  43632  1836 ?        Ss   Aug07   0:01 dnsmasq --keep-in-foreground --strict-order --bind-interfaces --except-interface=lo --pid-file= --no-ping --interface=lxdbr0 --quiet-dhcp --quiet-dhcp6 --quiet-ra --listen-address= --dhcp-no-override --dhcp-authoritative --dhcp-leasefile=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.leases --dhcp-hostsfile=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.hosts --dhcp-range,,1h --listen-address=fd42:dad8:c4ad:e744::1 --enable-ra --dhcp-range fd42:dad8:c4ad:e744::2,fd42:dad8:c4ad:e744:ffff:ffff:ffff:ffff,64,1h -s lxd -S /lxd/ --conf-file=/var/snap/lxd/common/lxd/networks/lxdbr0/dnsmasq.raw -u lxd

One of the containers:

ns pts/0#lxc config show alp --expanded
architecture: x86_64
  image.architecture: amd64
  image.description: Alpine 3.9 amd64 (20190321_13:00)
  image.os: Alpine
  image.release: "3.9"
  image.serial: "20190321_13:00"
  volatile.base_image: 0cbd911b5a203c7e475241b8b22cc5332d10fd30ae27916bae1558bcb118c9ce
  volatile.eth0.host_name: veth561c9ec6
  volatile.eth0.hwaddr: 00:16:3e:6b:04:12
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
    path: /                                                                [/home/rm 0:07 Sat 8] 
    pool: tank
    type: disk
ephemeral: false
- default
stateful: false
description: ""

Any ideas where to look for the source of the problem? I did not do anything with both servers during last weeks, the only thing that changed was snap updated lxd to 4.4…

Hmm, so a few things to check:

  • You’re using stateful DHCPv6 which isn’t the default, are you sure your containers are doing a stateful DHCP request for IPv6?
  • Any firewalling in place which would block the DHCPv6 request/reply?
  • Can you post the output of grep -i apparmor /var/log/kern.log?

Yes, turning off stateful for ipv6 returned ipv6 addresses.

In theory, if static ipv6 addresses require stateful option that it’s a problem: either I have to turn on stateful and then I have to assign ALL ipv6 addresses as static or I can’t use static v6 adresses without stateful.

In practice, I replied to that stalled thread (sorry, I forgot about it), I was able to set static v6 address without stateful option…

Note that the default stateless addresses ARE static, they are derived from the MAC of the instance and so are predictable and will never change.

If you do want your addresses to be DHCP assigned and get to use ipv6.address, then you need to make sure that all your instances perform stateful DHCPv6. This isn’t the default so you’ll have to modify some network config in all your instances.

With that done, LXD will give normal incrementing dynamic addresses to instances that do not have a ipv6.address specified.