Ah, there was a 30 days edit limit on non-admin too, I removed that.
2 Likes
Thanks! It’s working now!
Sorry guys, but that didn’t seem to fix it. Still getting a 522 Error on Cloudflare every once in a while.
I will post the tcpdump from inside the container in the private thread again.
What else can it be?
There is again an expires on the lxdbr0:
user@server:~$ ip -6 r
2a02:c207:1234:1234::1 dev eth0 proto kernel metric 256 pref medium
2a02:c207:1234:1234::/64 dev lxdbr0 proto kernel metric 256 expires 3344sec pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev lxdbr0 proto kernel metric 256 pref medium
default via fe80::1 dev eth0 proto static metric 1024 pref medium
Although ip a and lxc network show lxdbr0 show that ::2 and not ::1 is set. And ::1 is on eth0.
What could it still be?
What about DHCP as stated in that post, will that solve my problem? What else could conflict with my routes? Do I still have to set the IPv6 in the container or somewhere else?
Or could this be the issue?
user@server:/etc/sysctl.d$ cat 10-ipv6-privacy.conf
# IPv6 Privacy Extensions (RFC 4941)
# ---
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
# to use in autoconfiguration. Privacy extensions allow using a randomly
# generated IPv6 address, which increases privacy.
#
# Acceptable values:
# 0 - don’t use privacy extensions.
# 1 - generate privacy addresses
# 2 - prefer privacy addresses and use them over the normal addresses.
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
Or anyhwere here the problem? I see that NDP proxy is not set although I did put the values in sysctl.conf to 1.
user@server:$ sudo sysctl -a | grep ipv6
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
sysctl: reading key "net.ipv6.conf.lxdbr0.stable_secret"
net.ipv6.conf.eth0.accept_dad = 1
net.ipv6.conf.eth0.accept_ra = 0
net.ipv6.conf.eth0.accept_ra_defrtr = 1
net.ipv6.conf.eth0.accept_ra_from_local = 0
net.ipv6.conf.eth0.accept_ra_min_hop_limit = 1
net.ipv6.conf.eth0.accept_ra_mtu = 1
net.ipv6.conf.eth0.accept_ra_pinfo = 1
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.eth0.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.accept_source_route = 0
net.ipv6.conf.eth0.addr_gen_mode = 0
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.eth0.dad_transmits = 1
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_policy = 0
net.ipv6.conf.eth0.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.eth0.drop_unsolicited_na = 0
net.ipv6.conf.eth0.enhanced_dad = 1
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth0.force_tllao = 0
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth0.hop_limit = 64
net.ipv6.conf.eth0.ignore_routes_with_linkdown = 0
net.ipv6.conf.eth0.keep_addr_on_down = 0
net.ipv6.conf.eth0.max_addresses = 16
net.ipv6.conf.eth0.max_desync_factor = 600
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.eth0.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.eth0.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.eth0.mtu = 1500
net.ipv6.conf.eth0.ndisc_notify = 0
net.ipv6.conf.eth0.ndisc_tclass = 0
net.ipv6.conf.eth0.proxy_ndp = 0
net.ipv6.conf.eth0.regen_max_retry = 3
net.ipv6.conf.eth0.router_probe_interval = 60
net.ipv6.conf.eth0.router_solicitation_delay = 1
net.ipv6.conf.eth0.router_solicitation_interval = 4
net.ipv6.conf.eth0.router_solicitation_max_interval = 3600
net.ipv6.conf.eth0.router_solicitations = -1
net.ipv6.conf.eth0.seg6_enabled = 0
net.ipv6.conf.eth0.seg6_require_hmac = 0
net.ipv6.conf.eth0.suppress_frag_ndisc = 1
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.use_oif_addrs_only = 0
net.ipv6.conf.eth0.use_tempaddr = 0
sysctl: reading key "net.ipv6.conf.veth2eb16a43.stable_secret"
sysctl: reading key "net.ipv6.conf.veth52067d1b.stable_secret"
sysctl: reading key "net.ipv6.conf.vethb65e4188.stable_secret"
sysctl: reading key "net.ipv6.conf.vethbbe434e1.stable_secret"
sysctl: reading key "net.ipv6.conf.vethc6f1c36a.stable_secret"
net.ipv6.neigh.eth0.anycast_delay = 100
net.ipv6.neigh.eth0.app_solicit = 0
net.ipv6.neigh.eth0.base_reachable_time_ms = 30000
net.ipv6.neigh.eth0.delay_first_probe_time = 5
net.ipv6.neigh.eth0.gc_stale_time = 60
net.ipv6.neigh.eth0.locktime = 0
net.ipv6.neigh.eth0.mcast_resolicit = 0
net.ipv6.neigh.eth0.mcast_solicit = 3
net.ipv6.neigh.eth0.proxy_delay = 80
net.ipv6.neigh.eth0.proxy_qlen = 64
net.ipv6.neigh.eth0.retrans_time_ms = 1000
net.ipv6.neigh.eth0.ucast_solicit = 3
net.ipv6.neigh.eth0.unres_qlen = 101
net.ipv6.neigh.eth0.unres_qlen_bytes = 212992
mc@s1:/etc/sysctl.d$ sudo sysctl -a | grep ipv6
sysctl: reading key "net.ipv6.conf.all.stable_secret"
net.ipv6.anycast_src_echo_reply = 0
net.ipv6.auto_flowlabels = 1
net.ipv6.bindv6only = 0
net.ipv6.calipso_cache_bucket_size = 10
net.ipv6.calipso_cache_enable = 1
net.ipv6.conf.all.accept_dad = 0
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.all.accept_ra_defrtr = 1
net.ipv6.conf.all.accept_ra_from_local = 0
net.ipv6.conf.all.accept_ra_min_hop_limit = 1
net.ipv6.conf.all.accept_ra_mtu = 1
net.ipv6.conf.all.accept_ra_pinfo = 1
net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.all.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.all.accept_ra_rtr_pref = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.addr_gen_mode = 0
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.dad_transmits = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.all.disable_policy = 0
net.ipv6.conf.all.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.all.drop_unsolicited_na = 0
net.ipv6.conf.all.enhanced_dad = 1
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.force_tllao = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.ignore_routes_with_linkdown = 0
net.ipv6.conf.all.keep_addr_on_down = 0
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.all.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.all.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.ndisc_notify = 0
net.ipv6.conf.all.ndisc_tclass = 0
net.ipv6.conf.all.proxy_ndp = 1
net.ipv6.conf.all.regen_max_retry = 3
net.ipv6.conf.all.router_probe_interval = 60
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitation_max_interval = 3600
net.ipv6.conf.all.router_solicitations = -1
net.ipv6.conf.all.seg6_enabled = 0
net.ipv6.conf.all.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.default.stable_secret"
net.ipv6.conf.all.suppress_frag_ndisc = 1
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.use_oif_addrs_only = 0
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.accept_dad = 1
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.default.accept_ra_defrtr = 1
net.ipv6.conf.default.accept_ra_from_local = 0
net.ipv6.conf.default.accept_ra_min_hop_limit = 1
net.ipv6.conf.default.accept_ra_mtu = 1
net.ipv6.conf.default.accept_ra_pinfo = 1
net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.default.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 1
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.default.addr_gen_mode = 0
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.dad_transmits = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.default.disable_policy = 0
net.ipv6.conf.default.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.default.drop_unsolicited_na = 0
net.ipv6.conf.default.enhanced_dad = 1
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.default.force_tllao = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.default.hop_limit = 64
net.ipv6.conf.default.ignore_routes_with_linkdown = 0
net.ipv6.conf.default.keep_addr_on_down = 0
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.max_desync_factor = 600
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.default.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.default.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.default.ndisc_notify = 0
net.ipv6.conf.default.ndisc_tclass = 0
net.ipv6.conf.default.proxy_ndp = 0
net.ipv6.conf.default.regen_max_retry = 3
net.ipv6.conf.default.router_probe_interval = 60
net.ipv6.conf.default.router_solicitation_delay = 1
net.ipv6.conf.default.router_solicitation_interval = 4
net.ipv6.conf.default.router_solicitation_max_interval = 3600
net.ipv6.conf.default.router_solicitations = -1
net.ipv6.conf.default.seg6_enabled = 0
net.ipv6.conf.default.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
net.ipv6.conf.default.suppress_frag_ndisc = 1
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.default.use_oif_addrs_only = 0
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth0.accept_dad = 1
net.ipv6.conf.eth0.accept_ra = 0
net.ipv6.conf.eth0.accept_ra_defrtr = 1
net.ipv6.conf.eth0.accept_ra_from_local = 0
net.ipv6.conf.eth0.accept_ra_min_hop_limit = 1
net.ipv6.conf.eth0.accept_ra_mtu = 1
net.ipv6.conf.eth0.accept_ra_pinfo = 1
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.eth0.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.accept_source_route = 0
net.ipv6.conf.eth0.addr_gen_mode = 0
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.eth0.dad_transmits = 1
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_policy = 0
net.ipv6.conf.eth0.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.eth0.drop_unsolicited_na = 0
net.ipv6.conf.eth0.enhanced_dad = 1
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth0.force_tllao = 0
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth0.hop_limit = 64
net.ipv6.conf.eth0.ignore_routes_with_linkdown = 0
net.ipv6.conf.eth0.keep_addr_on_down = 0
net.ipv6.conf.eth0.max_addresses = 16
net.ipv6.conf.eth0.max_desync_factor = 600
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.eth0.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.eth0.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.eth0.mtu = 1500
net.ipv6.conf.eth0.ndisc_notify = 0
net.ipv6.conf.eth0.ndisc_tclass = 0
net.ipv6.conf.eth0.proxy_ndp = 0
net.ipv6.conf.eth0.regen_max_retry = 3
net.ipv6.conf.eth0.router_probe_interval = 60
net.ipv6.conf.eth0.router_solicitation_delay = 1
net.ipv6.conf.eth0.router_solicitation_interval = 4
net.ipv6.conf.eth0.router_solicitation_max_interval = 3600
net.ipv6.conf.eth0.router_solicitations = -1
net.ipv6.conf.eth0.seg6_enabled = 0
net.ipv6.conf.eth0.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
net.ipv6.conf.eth0.suppress_frag_ndisc = 1
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.use_oif_addrs_only = 0
net.ipv6.conf.eth0.use_tempaddr = 0
net.ipv6.conf.lo.accept_dad = -1
net.ipv6.conf.lo.accept_ra = 2
net.ipv6.conf.lo.accept_ra_defrtr = 1
net.ipv6.conf.lo.accept_ra_from_local = 0
net.ipv6.conf.lo.accept_ra_min_hop_limit = 1
net.ipv6.conf.lo.accept_ra_mtu = 1
net.ipv6.conf.lo.accept_ra_pinfo = 1
net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.lo.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.lo.accept_ra_rtr_pref = 1
net.ipv6.conf.lo.accept_redirects = 1
net.ipv6.conf.lo.accept_source_route = 0
net.ipv6.conf.lo.addr_gen_mode = 0
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.lo.dad_transmits = 1
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.lo.disable_policy = 0
net.ipv6.conf.lo.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.lo.drop_unsolicited_na = 0
net.ipv6.conf.lo.enhanced_dad = 1
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.lo.force_tllao = 0
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.lo.hop_limit = 64
net.ipv6.conf.lo.ignore_routes_with_linkdown = 0
net.ipv6.conf.lo.keep_addr_on_down = 0
net.ipv6.conf.lo.max_addresses = 16
net.ipv6.conf.lo.max_desync_factor = 600
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.lo.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.lo.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.lo.mtu = 65536
net.ipv6.conf.lo.ndisc_notify = 0
net.ipv6.conf.lo.ndisc_tclass = 0
net.ipv6.conf.lo.proxy_ndp = 0
net.ipv6.conf.lo.regen_max_retry = 3
net.ipv6.conf.lo.router_probe_interval = 60
net.ipv6.conf.lo.router_solicitation_delay = 1
net.ipv6.conf.lo.router_solicitation_interval = 4
net.ipv6.conf.lo.router_solicitation_max_interval = 3600
net.ipv6.conf.lo.router_solicitations = -1
net.ipv6.conf.lo.seg6_enabled = 0
net.ipv6.conf.lo.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.lxdbr0.stable_secret"
net.ipv6.conf.lo.suppress_frag_ndisc = 1
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.temp_valid_lft = 604800
net.ipv6.conf.lo.use_oif_addrs_only = 0
net.ipv6.conf.lo.use_tempaddr = -1
net.ipv6.conf.lxdbr0.accept_dad = 0
net.ipv6.conf.lxdbr0.accept_ra = 2
net.ipv6.conf.lxdbr0.accept_ra_defrtr = 1
net.ipv6.conf.lxdbr0.accept_ra_from_local = 0
net.ipv6.conf.lxdbr0.accept_ra_min_hop_limit = 1
net.ipv6.conf.lxdbr0.accept_ra_mtu = 1
net.ipv6.conf.lxdbr0.accept_ra_pinfo = 1
net.ipv6.conf.lxdbr0.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.lxdbr0.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.lxdbr0.accept_ra_rtr_pref = 1
net.ipv6.conf.lxdbr0.accept_redirects = 0
net.ipv6.conf.lxdbr0.accept_source_route = 0
net.ipv6.conf.lxdbr0.addr_gen_mode = 0
net.ipv6.conf.lxdbr0.autoconf = 0
net.ipv6.conf.lxdbr0.dad_transmits = 1
net.ipv6.conf.lxdbr0.disable_ipv6 = 0
net.ipv6.conf.lxdbr0.disable_policy = 0
net.ipv6.conf.lxdbr0.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.lxdbr0.drop_unsolicited_na = 0
net.ipv6.conf.lxdbr0.enhanced_dad = 1
net.ipv6.conf.lxdbr0.force_mld_version = 0
net.ipv6.conf.lxdbr0.force_tllao = 0
net.ipv6.conf.lxdbr0.forwarding = 1
net.ipv6.conf.lxdbr0.hop_limit = 64
net.ipv6.conf.lxdbr0.ignore_routes_with_linkdown = 0
net.ipv6.conf.lxdbr0.keep_addr_on_down = 0
net.ipv6.conf.lxdbr0.max_addresses = 16
net.ipv6.conf.lxdbr0.max_desync_factor = 600
net.ipv6.conf.lxdbr0.mc_forwarding = 0
net.ipv6.conf.lxdbr0.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.lxdbr0.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.lxdbr0.mtu = 1500
net.ipv6.conf.lxdbr0.ndisc_notify = 0
net.ipv6.conf.lxdbr0.ndisc_tclass = 0
net.ipv6.conf.lxdbr0.proxy_ndp = 0
net.ipv6.conf.lxdbr0.regen_max_retry = 3
net.ipv6.conf.lxdbr0.router_probe_interval = 60
net.ipv6.conf.lxdbr0.router_solicitation_delay = 1
net.ipv6.conf.lxdbr0.router_solicitation_interval = 4
net.ipv6.conf.lxdbr0.router_solicitation_max_interval = 3600
net.ipv6.conf.lxdbr0.router_solicitations = -1
net.ipv6.conf.lxdbr0.seg6_enabled = 0
net.ipv6.conf.lxdbr0.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.veth2eb16a43.stable_secret"
net.ipv6.conf.lxdbr0.suppress_frag_ndisc = 1
net.ipv6.conf.lxdbr0.temp_prefered_lft = 86400
net.ipv6.conf.lxdbr0.temp_valid_lft = 604800
net.ipv6.conf.lxdbr0.use_oif_addrs_only = 0
net.ipv6.conf.lxdbr0.use_tempaddr = 2
net.ipv6.conf.veth2eb16a43.accept_dad = 1
net.ipv6.conf.veth2eb16a43.accept_ra = 0
net.ipv6.conf.veth2eb16a43.accept_ra_defrtr = 1
net.ipv6.conf.veth2eb16a43.accept_ra_from_local = 0
net.ipv6.conf.veth2eb16a43.accept_ra_min_hop_limit = 1
net.ipv6.conf.veth2eb16a43.accept_ra_mtu = 1
net.ipv6.conf.veth2eb16a43.accept_ra_pinfo = 1
net.ipv6.conf.veth2eb16a43.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.veth2eb16a43.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.veth2eb16a43.accept_ra_rtr_pref = 1
net.ipv6.conf.veth2eb16a43.accept_redirects = 0
net.ipv6.conf.veth2eb16a43.accept_source_route = 0
net.ipv6.conf.veth2eb16a43.addr_gen_mode = 0
net.ipv6.conf.veth2eb16a43.autoconf = 1
net.ipv6.conf.veth2eb16a43.dad_transmits = 1
net.ipv6.conf.veth2eb16a43.disable_ipv6 = 1
net.ipv6.conf.veth2eb16a43.disable_policy = 0
net.ipv6.conf.veth2eb16a43.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.veth2eb16a43.drop_unsolicited_na = 0
net.ipv6.conf.veth2eb16a43.enhanced_dad = 1
net.ipv6.conf.veth2eb16a43.force_mld_version = 0
net.ipv6.conf.veth2eb16a43.force_tllao = 0
net.ipv6.conf.veth2eb16a43.forwarding = 1
net.ipv6.conf.veth2eb16a43.hop_limit = 64
net.ipv6.conf.veth2eb16a43.ignore_routes_with_linkdown = 0
net.ipv6.conf.veth2eb16a43.keep_addr_on_down = 0
net.ipv6.conf.veth2eb16a43.max_addresses = 16
net.ipv6.conf.veth2eb16a43.max_desync_factor = 600
net.ipv6.conf.veth2eb16a43.mc_forwarding = 0
net.ipv6.conf.veth2eb16a43.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.veth2eb16a43.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.veth2eb16a43.mtu = 1500
net.ipv6.conf.veth2eb16a43.ndisc_notify = 0
net.ipv6.conf.veth2eb16a43.ndisc_tclass = 0
net.ipv6.conf.veth2eb16a43.proxy_ndp = 0
net.ipv6.conf.veth2eb16a43.regen_max_retry = 3
net.ipv6.conf.veth2eb16a43.router_probe_interval = 60
net.ipv6.conf.veth2eb16a43.router_solicitation_delay = 1
net.ipv6.conf.veth2eb16a43.router_solicitation_interval = 4
net.ipv6.conf.veth2eb16a43.router_solicitation_max_interval = 3600
net.ipv6.conf.veth2eb16a43.router_solicitations = -1
net.ipv6.conf.veth2eb16a43.seg6_enabled = 0
net.ipv6.conf.veth2eb16a43.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.veth52067d1b.stable_secret"
net.ipv6.conf.veth2eb16a43.suppress_frag_ndisc = 1
net.ipv6.conf.veth2eb16a43.temp_prefered_lft = 86400
net.ipv6.conf.veth2eb16a43.temp_valid_lft = 604800
net.ipv6.conf.veth2eb16a43.use_oif_addrs_only = 0
net.ipv6.conf.veth2eb16a43.use_tempaddr = 2
net.ipv6.conf.veth52067d1b.accept_dad = 1
net.ipv6.conf.veth52067d1b.accept_ra = 0
net.ipv6.conf.veth52067d1b.accept_ra_defrtr = 1
net.ipv6.conf.veth52067d1b.accept_ra_from_local = 0
net.ipv6.conf.veth52067d1b.accept_ra_min_hop_limit = 1
net.ipv6.conf.veth52067d1b.accept_ra_mtu = 1
net.ipv6.conf.veth52067d1b.accept_ra_pinfo = 1
net.ipv6.conf.veth52067d1b.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.veth52067d1b.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.veth52067d1b.accept_ra_rtr_pref = 1
net.ipv6.conf.veth52067d1b.accept_redirects = 0
net.ipv6.conf.veth52067d1b.accept_source_route = 0
net.ipv6.conf.veth52067d1b.addr_gen_mode = 0
net.ipv6.conf.veth52067d1b.autoconf = 1
net.ipv6.conf.veth52067d1b.dad_transmits = 1
net.ipv6.conf.veth52067d1b.disable_ipv6 = 1
net.ipv6.conf.veth52067d1b.disable_policy = 0
net.ipv6.conf.veth52067d1b.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.veth52067d1b.drop_unsolicited_na = 0
net.ipv6.conf.veth52067d1b.enhanced_dad = 1
net.ipv6.conf.veth52067d1b.force_mld_version = 0
net.ipv6.conf.veth52067d1b.force_tllao = 0
net.ipv6.conf.veth52067d1b.forwarding = 1
net.ipv6.conf.veth52067d1b.hop_limit = 64
net.ipv6.conf.veth52067d1b.ignore_routes_with_linkdown = 0
net.ipv6.conf.veth52067d1b.keep_addr_on_down = 0
net.ipv6.conf.veth52067d1b.max_addresses = 16
net.ipv6.conf.veth52067d1b.max_desync_factor = 600
net.ipv6.conf.veth52067d1b.mc_forwarding = 0
net.ipv6.conf.veth52067d1b.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.veth52067d1b.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.veth52067d1b.mtu = 1500
net.ipv6.conf.veth52067d1b.ndisc_notify = 0
net.ipv6.conf.veth52067d1b.ndisc_tclass = 0
net.ipv6.conf.veth52067d1b.proxy_ndp = 0
net.ipv6.conf.veth52067d1b.regen_max_retry = 3
net.ipv6.conf.veth52067d1b.router_probe_interval = 60
net.ipv6.conf.veth52067d1b.router_solicitation_delay = 1
net.ipv6.conf.veth52067d1b.router_solicitation_interval = 4
net.ipv6.conf.veth52067d1b.router_solicitation_max_interval = 3600
net.ipv6.conf.veth52067d1b.router_solicitations = -1
net.ipv6.conf.veth52067d1b.seg6_enabled = 0
net.ipv6.conf.veth52067d1b.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.vethb65e4188.stable_secret"
net.ipv6.conf.veth52067d1b.suppress_frag_ndisc = 1
net.ipv6.conf.veth52067d1b.temp_prefered_lft = 86400
net.ipv6.conf.veth52067d1b.temp_valid_lft = 604800
net.ipv6.conf.veth52067d1b.use_oif_addrs_only = 0
net.ipv6.conf.veth52067d1b.use_tempaddr = 2
net.ipv6.conf.vethb65e4188.accept_dad = 1
net.ipv6.conf.vethb65e4188.accept_ra = 0
net.ipv6.conf.vethb65e4188.accept_ra_defrtr = 1
net.ipv6.conf.vethb65e4188.accept_ra_from_local = 0
net.ipv6.conf.vethb65e4188.accept_ra_min_hop_limit = 1
net.ipv6.conf.vethb65e4188.accept_ra_mtu = 1
net.ipv6.conf.vethb65e4188.accept_ra_pinfo = 1
net.ipv6.conf.vethb65e4188.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.vethb65e4188.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.vethb65e4188.accept_ra_rtr_pref = 1
net.ipv6.conf.vethb65e4188.accept_redirects = 0
net.ipv6.conf.vethb65e4188.accept_source_route = 0
net.ipv6.conf.vethb65e4188.addr_gen_mode = 0
net.ipv6.conf.vethb65e4188.autoconf = 1
net.ipv6.conf.vethb65e4188.dad_transmits = 1
net.ipv6.conf.vethb65e4188.disable_ipv6 = 1
net.ipv6.conf.vethb65e4188.disable_policy = 0
net.ipv6.conf.vethb65e4188.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.vethb65e4188.drop_unsolicited_na = 0
net.ipv6.conf.vethb65e4188.enhanced_dad = 1
net.ipv6.conf.vethb65e4188.force_mld_version = 0
net.ipv6.conf.vethb65e4188.force_tllao = 0
net.ipv6.conf.vethb65e4188.forwarding = 1
net.ipv6.conf.vethb65e4188.hop_limit = 64
net.ipv6.conf.vethb65e4188.ignore_routes_with_linkdown = 0
net.ipv6.conf.vethb65e4188.keep_addr_on_down = 0
net.ipv6.conf.vethb65e4188.max_addresses = 16
net.ipv6.conf.vethb65e4188.max_desync_factor = 600
net.ipv6.conf.vethb65e4188.mc_forwarding = 0
net.ipv6.conf.vethb65e4188.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.vethb65e4188.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.vethb65e4188.mtu = 1500
net.ipv6.conf.vethb65e4188.ndisc_notify = 0
net.ipv6.conf.vethb65e4188.ndisc_tclass = 0
net.ipv6.conf.vethb65e4188.proxy_ndp = 0
net.ipv6.conf.vethb65e4188.regen_max_retry = 3
net.ipv6.conf.vethb65e4188.router_probe_interval = 60
net.ipv6.conf.vethb65e4188.router_solicitation_delay = 1
net.ipv6.conf.vethb65e4188.router_solicitation_interval = 4
net.ipv6.conf.vethb65e4188.router_solicitation_max_interval = 3600
net.ipv6.conf.vethb65e4188.router_solicitations = -1
net.ipv6.conf.vethb65e4188.seg6_enabled = 0
net.ipv6.conf.vethb65e4188.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.vethbbe434e1.stable_secret"
net.ipv6.conf.vethb65e4188.suppress_frag_ndisc = 1
net.ipv6.conf.vethb65e4188.temp_prefered_lft = 86400
net.ipv6.conf.vethb65e4188.temp_valid_lft = 604800
net.ipv6.conf.vethb65e4188.use_oif_addrs_only = 0
net.ipv6.conf.vethb65e4188.use_tempaddr = 2
net.ipv6.conf.vethbbe434e1.accept_dad = 1
net.ipv6.conf.vethbbe434e1.accept_ra = 0
net.ipv6.conf.vethbbe434e1.accept_ra_defrtr = 1
net.ipv6.conf.vethbbe434e1.accept_ra_from_local = 0
net.ipv6.conf.vethbbe434e1.accept_ra_min_hop_limit = 1
net.ipv6.conf.vethbbe434e1.accept_ra_mtu = 1
net.ipv6.conf.vethbbe434e1.accept_ra_pinfo = 1
net.ipv6.conf.vethbbe434e1.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.vethbbe434e1.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.vethbbe434e1.accept_ra_rtr_pref = 1
net.ipv6.conf.vethbbe434e1.accept_redirects = 0
net.ipv6.conf.vethbbe434e1.accept_source_route = 0
net.ipv6.conf.vethbbe434e1.addr_gen_mode = 0
net.ipv6.conf.vethbbe434e1.autoconf = 1
net.ipv6.conf.vethbbe434e1.dad_transmits = 1
net.ipv6.conf.vethbbe434e1.disable_ipv6 = 1
net.ipv6.conf.vethbbe434e1.disable_policy = 0
net.ipv6.conf.vethbbe434e1.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.vethbbe434e1.drop_unsolicited_na = 0
net.ipv6.conf.vethbbe434e1.enhanced_dad = 1
net.ipv6.conf.vethbbe434e1.force_mld_version = 0
net.ipv6.conf.vethbbe434e1.force_tllao = 0
net.ipv6.conf.vethbbe434e1.forwarding = 1
net.ipv6.conf.vethbbe434e1.hop_limit = 64
net.ipv6.conf.vethbbe434e1.ignore_routes_with_linkdown = 0
net.ipv6.conf.vethbbe434e1.keep_addr_on_down = 0
net.ipv6.conf.vethbbe434e1.max_addresses = 16
net.ipv6.conf.vethbbe434e1.max_desync_factor = 600
net.ipv6.conf.vethbbe434e1.mc_forwarding = 0
net.ipv6.conf.vethbbe434e1.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.vethbbe434e1.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.vethbbe434e1.mtu = 1500
net.ipv6.conf.vethbbe434e1.ndisc_notify = 0
net.ipv6.conf.vethbbe434e1.ndisc_tclass = 0
net.ipv6.conf.vethbbe434e1.proxy_ndp = 0
net.ipv6.conf.vethbbe434e1.regen_max_retry = 3
net.ipv6.conf.vethbbe434e1.router_probe_interval = 60
net.ipv6.conf.vethbbe434e1.router_solicitation_delay = 1
net.ipv6.conf.vethbbe434e1.router_solicitation_interval = 4
net.ipv6.conf.vethbbe434e1.router_solicitation_max_interval = 3600
net.ipv6.conf.vethbbe434e1.router_solicitations = -1
net.ipv6.conf.vethbbe434e1.seg6_enabled = 0
net.ipv6.conf.vethbbe434e1.seg6_require_hmac = 0
sysctl: reading key "net.ipv6.conf.vethc6f1c36a.stable_secret"
net.ipv6.conf.vethbbe434e1.suppress_frag_ndisc = 1
net.ipv6.conf.vethbbe434e1.temp_prefered_lft = 86400
net.ipv6.conf.vethbbe434e1.temp_valid_lft = 604800
net.ipv6.conf.vethbbe434e1.use_oif_addrs_only = 0
net.ipv6.conf.vethbbe434e1.use_tempaddr = 2
net.ipv6.conf.vethc6f1c36a.accept_dad = 1
net.ipv6.conf.vethc6f1c36a.accept_ra = 0
net.ipv6.conf.vethc6f1c36a.accept_ra_defrtr = 1
net.ipv6.conf.vethc6f1c36a.accept_ra_from_local = 0
net.ipv6.conf.vethc6f1c36a.accept_ra_min_hop_limit = 1
net.ipv6.conf.vethc6f1c36a.accept_ra_mtu = 1
net.ipv6.conf.vethc6f1c36a.accept_ra_pinfo = 1
net.ipv6.conf.vethc6f1c36a.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.vethc6f1c36a.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.vethc6f1c36a.accept_ra_rtr_pref = 1
net.ipv6.conf.vethc6f1c36a.accept_redirects = 0
net.ipv6.conf.vethc6f1c36a.accept_source_route = 0
net.ipv6.conf.vethc6f1c36a.addr_gen_mode = 0
net.ipv6.conf.vethc6f1c36a.autoconf = 1
net.ipv6.conf.vethc6f1c36a.dad_transmits = 1
net.ipv6.conf.vethc6f1c36a.disable_ipv6 = 1
net.ipv6.conf.vethc6f1c36a.disable_policy = 0
net.ipv6.conf.vethc6f1c36a.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.vethc6f1c36a.drop_unsolicited_na = 0
net.ipv6.conf.vethc6f1c36a.enhanced_dad = 1
net.ipv6.conf.vethc6f1c36a.force_mld_version = 0
net.ipv6.conf.vethc6f1c36a.force_tllao = 0
net.ipv6.conf.vethc6f1c36a.forwarding = 1
net.ipv6.conf.vethc6f1c36a.hop_limit = 64
net.ipv6.conf.vethc6f1c36a.ignore_routes_with_linkdown = 0
net.ipv6.conf.vethc6f1c36a.keep_addr_on_down = 0
net.ipv6.conf.vethc6f1c36a.max_addresses = 16
net.ipv6.conf.vethc6f1c36a.max_desync_factor = 600
net.ipv6.conf.vethc6f1c36a.mc_forwarding = 0
net.ipv6.conf.vethc6f1c36a.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.vethc6f1c36a.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.vethc6f1c36a.mtu = 1500
net.ipv6.conf.vethc6f1c36a.ndisc_notify = 0
net.ipv6.conf.vethc6f1c36a.ndisc_tclass = 0
net.ipv6.conf.vethc6f1c36a.proxy_ndp = 0
net.ipv6.conf.vethc6f1c36a.regen_max_retry = 3
net.ipv6.conf.vethc6f1c36a.router_probe_interval = 60
net.ipv6.conf.vethc6f1c36a.router_solicitation_delay = 1
net.ipv6.conf.vethc6f1c36a.router_solicitation_interval = 4
net.ipv6.conf.vethc6f1c36a.router_solicitation_max_interval = 3600
net.ipv6.conf.vethc6f1c36a.router_solicitations = -1
net.ipv6.conf.vethc6f1c36a.seg6_enabled = 0
net.ipv6.conf.vethc6f1c36a.seg6_require_hmac = 0
net.ipv6.conf.vethc6f1c36a.suppress_frag_ndisc = 1
net.ipv6.conf.vethc6f1c36a.temp_prefered_lft = 86400
net.ipv6.conf.vethc6f1c36a.temp_valid_lft = 604800
net.ipv6.conf.vethc6f1c36a.use_oif_addrs_only = 0
net.ipv6.conf.vethc6f1c36a.use_tempaddr = 2
net.ipv6.flowlabel_consistency = 1
net.ipv6.flowlabel_reflect = 0
net.ipv6.flowlabel_state_ranges = 0
net.ipv6.fwmark_reflect = 0
net.ipv6.icmp.ratelimit = 1000
net.ipv6.idgen_delay = 1
net.ipv6.idgen_retries = 3
net.ipv6.ip6frag_high_thresh = 262144
net.ipv6.ip6frag_low_thresh = 196608
net.ipv6.ip6frag_secret_interval = 0
net.ipv6.ip6frag_time = 60
net.ipv6.ip_nonlocal_bind = 0
net.ipv6.max_dst_opts_length = 2147483647
net.ipv6.max_dst_opts_number = 8
net.ipv6.max_hbh_length = 2147483647
net.ipv6.max_hbh_opts_number = 8
net.ipv6.mld_max_msf = 64
net.ipv6.mld_qrv = 2
net.ipv6.neigh.default.anycast_delay = 100
net.ipv6.neigh.default.app_solicit = 0
net.ipv6.neigh.default.base_reachable_time_ms = 30000
net.ipv6.neigh.default.delay_first_probe_time = 5
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
net.ipv6.neigh.default.gc_thresh1 = 128
net.ipv6.neigh.default.gc_thresh2 = 512
net.ipv6.neigh.default.gc_thresh3 = 1024
net.ipv6.neigh.default.locktime = 0
net.ipv6.neigh.default.mcast_resolicit = 0
net.ipv6.neigh.default.mcast_solicit = 3
net.ipv6.neigh.default.proxy_delay = 80
net.ipv6.neigh.default.proxy_qlen = 64
net.ipv6.neigh.default.retrans_time_ms = 1000
net.ipv6.neigh.default.ucast_solicit = 3
net.ipv6.neigh.default.unres_qlen = 101
net.ipv6.neigh.default.unres_qlen_bytes = 212992
net.ipv6.neigh.eth0.anycast_delay = 100
net.ipv6.neigh.eth0.app_solicit = 0
net.ipv6.neigh.eth0.base_reachable_time_ms = 30000
net.ipv6.neigh.eth0.delay_first_probe_time = 5
net.ipv6.neigh.eth0.gc_stale_time = 60
net.ipv6.neigh.eth0.locktime = 0
net.ipv6.neigh.eth0.mcast_resolicit = 0
net.ipv6.neigh.eth0.mcast_solicit = 3
net.ipv6.neigh.eth0.proxy_delay = 80
net.ipv6.neigh.eth0.proxy_qlen = 64
net.ipv6.neigh.eth0.retrans_time_ms = 1000
net.ipv6.neigh.eth0.ucast_solicit = 3
net.ipv6.neigh.eth0.unres_qlen = 101
net.ipv6.neigh.eth0.unres_qlen_bytes = 212992
net.ipv6.neigh.lo.anycast_delay = 100
net.ipv6.neigh.lo.app_solicit = 0
net.ipv6.neigh.lo.base_reachable_time_ms = 30000
net.ipv6.neigh.lo.delay_first_probe_time = 5
net.ipv6.neigh.lo.gc_stale_time = 60
net.ipv6.neigh.lo.locktime = 0
net.ipv6.neigh.lo.mcast_resolicit = 0
net.ipv6.neigh.lo.mcast_solicit = 3
net.ipv6.neigh.lo.proxy_delay = 80
net.ipv6.neigh.lo.proxy_qlen = 64
net.ipv6.neigh.lo.retrans_time_ms = 1000
net.ipv6.neigh.lo.ucast_solicit = 3
net.ipv6.neigh.lo.unres_qlen = 101
net.ipv6.neigh.lo.unres_qlen_bytes = 212992
net.ipv6.neigh.lxdbr0.anycast_delay = 100
net.ipv6.neigh.lxdbr0.app_solicit = 0
net.ipv6.neigh.lxdbr0.base_reachable_time_ms = 30000
net.ipv6.neigh.lxdbr0.delay_first_probe_time = 5
net.ipv6.neigh.lxdbr0.gc_stale_time = 60
net.ipv6.neigh.lxdbr0.locktime = 0
net.ipv6.neigh.lxdbr0.mcast_resolicit = 0
net.ipv6.neigh.lxdbr0.mcast_solicit = 3
net.ipv6.neigh.lxdbr0.proxy_delay = 80
net.ipv6.neigh.lxdbr0.proxy_qlen = 64
net.ipv6.neigh.lxdbr0.retrans_time_ms = 1000
net.ipv6.neigh.lxdbr0.ucast_solicit = 3
net.ipv6.neigh.lxdbr0.unres_qlen = 101
net.ipv6.neigh.lxdbr0.unres_qlen_bytes = 212992
net.ipv6.neigh.veth2eb16a43.anycast_delay = 100
net.ipv6.neigh.veth2eb16a43.app_solicit = 0
net.ipv6.neigh.veth2eb16a43.base_reachable_time_ms = 30000
net.ipv6.neigh.veth2eb16a43.delay_first_probe_time = 5
net.ipv6.neigh.veth2eb16a43.gc_stale_time = 60
net.ipv6.neigh.veth2eb16a43.locktime = 0
net.ipv6.neigh.veth2eb16a43.mcast_resolicit = 0
net.ipv6.neigh.veth2eb16a43.mcast_solicit = 3
net.ipv6.neigh.veth2eb16a43.proxy_delay = 80
net.ipv6.neigh.veth2eb16a43.proxy_qlen = 64
net.ipv6.neigh.veth2eb16a43.retrans_time_ms = 1000
net.ipv6.neigh.veth2eb16a43.ucast_solicit = 3
net.ipv6.neigh.veth2eb16a43.unres_qlen = 101
net.ipv6.neigh.veth2eb16a43.unres_qlen_bytes = 212992
net.ipv6.neigh.veth52067d1b.anycast_delay = 100
net.ipv6.neigh.veth52067d1b.app_solicit = 0
net.ipv6.neigh.veth52067d1b.base_reachable_time_ms = 30000
net.ipv6.neigh.veth52067d1b.delay_first_probe_time = 5
net.ipv6.neigh.veth52067d1b.gc_stale_time = 60
net.ipv6.neigh.veth52067d1b.locktime = 0
net.ipv6.neigh.veth52067d1b.mcast_resolicit = 0
net.ipv6.neigh.veth52067d1b.mcast_solicit = 3
net.ipv6.neigh.veth52067d1b.proxy_delay = 80
net.ipv6.neigh.veth52067d1b.proxy_qlen = 64
net.ipv6.neigh.veth52067d1b.retrans_time_ms = 1000
net.ipv6.neigh.veth52067d1b.ucast_solicit = 3
net.ipv6.neigh.veth52067d1b.unres_qlen = 101
net.ipv6.neigh.veth52067d1b.unres_qlen_bytes = 212992
net.ipv6.neigh.vethb65e4188.anycast_delay = 100
net.ipv6.neigh.vethb65e4188.app_solicit = 0
net.ipv6.neigh.vethb65e4188.base_reachable_time_ms = 30000
net.ipv6.neigh.vethb65e4188.delay_first_probe_time = 5
net.ipv6.neigh.vethb65e4188.gc_stale_time = 60
net.ipv6.neigh.vethb65e4188.locktime = 0
net.ipv6.neigh.vethb65e4188.mcast_resolicit = 0
net.ipv6.neigh.vethb65e4188.mcast_solicit = 3
net.ipv6.neigh.vethb65e4188.proxy_delay = 80
net.ipv6.neigh.vethb65e4188.proxy_qlen = 64
net.ipv6.neigh.vethb65e4188.retrans_time_ms = 1000
net.ipv6.neigh.vethb65e4188.ucast_solicit = 3
net.ipv6.neigh.vethb65e4188.unres_qlen = 101
net.ipv6.neigh.vethb65e4188.unres_qlen_bytes = 212992
net.ipv6.neigh.vethbbe434e1.anycast_delay = 100
net.ipv6.neigh.vethbbe434e1.app_solicit = 0
net.ipv6.neigh.vethbbe434e1.base_reachable_time_ms = 30000
net.ipv6.neigh.vethbbe434e1.delay_first_probe_time = 5
net.ipv6.neigh.vethbbe434e1.gc_stale_time = 60
net.ipv6.neigh.vethbbe434e1.locktime = 0
net.ipv6.neigh.vethbbe434e1.mcast_resolicit = 0
net.ipv6.neigh.vethbbe434e1.mcast_solicit = 3
net.ipv6.neigh.vethbbe434e1.proxy_delay = 80
net.ipv6.neigh.vethbbe434e1.proxy_qlen = 64
net.ipv6.neigh.vethbbe434e1.retrans_time_ms = 1000
net.ipv6.neigh.vethbbe434e1.ucast_solicit = 3
net.ipv6.neigh.vethbbe434e1.unres_qlen = 101
net.ipv6.neigh.vethbbe434e1.unres_qlen_bytes = 212992
net.ipv6.neigh.vethc6f1c36a.anycast_delay = 100
net.ipv6.neigh.vethc6f1c36a.app_solicit = 0
net.ipv6.neigh.vethc6f1c36a.base_reachable_time_ms = 30000
net.ipv6.neigh.vethc6f1c36a.delay_first_probe_time = 5
net.ipv6.neigh.vethc6f1c36a.gc_stale_time = 60
net.ipv6.neigh.vethc6f1c36a.locktime = 0
net.ipv6.neigh.vethc6f1c36a.mcast_resolicit = 0
net.ipv6.neigh.vethc6f1c36a.mcast_solicit = 3
net.ipv6.neigh.vethc6f1c36a.proxy_delay = 80
net.ipv6.neigh.vethc6f1c36a.proxy_qlen = 64
net.ipv6.neigh.vethc6f1c36a.retrans_time_ms = 1000
net.ipv6.neigh.vethc6f1c36a.ucast_solicit = 3
net.ipv6.neigh.vethc6f1c36a.unres_qlen = 101
net.ipv6.neigh.vethc6f1c36a.unres_qlen_bytes = 212992
net.ipv6.route.gc_elasticity = 9
net.ipv6.route.gc_interval = 30
net.ipv6.route.gc_min_interval = 0
net.ipv6.route.gc_min_interval_ms = 500
net.ipv6.route.gc_thresh = 1024
net.ipv6.route.gc_timeout = 60
net.ipv6.route.max_size = 4096
net.ipv6.route.min_adv_mss = 1220
net.ipv6.route.mtu_expires = 600
net.ipv6.xfrm6_gc_thresh = 32768
net.netfilter.nf_log.10 = nf_log_ipv6
Maybe the problem is net.ipv6.conf.all.accept_ra = 2(and net.ipv6.conf.default.accept_ra = 2), as forwarding is turned on but the 2 according to this means that the forwarding is overruled.
Maybe it is because net.ipv6.conf.all.proxy_ndp = 1 may be set to 1 but net.ipv6.conf.default.proxy_ndp = 0 was forgotten to be set to 1 and therefore all other devices including eth0 and lxdbr0 are set to 0?
Also, why are the veth devices set to disable_ipv6 = 1? Because they are just in-betweens?
What system are you using to configure eth0 on the host? Is it networkd, /etc/network/interfaces or netplan?
Please can you show the configure you are using, and confirm that no other ones are also in use (potentially configuring conflicting settings).
If your ISP is routing your /64 directly to your host’s IP without the need for NDP, then you won’t need proxy NDP enabled at all (and I believe if you’re using netplan then that configures with networkd and will disable the accept_ra and proxy_ndp settings anyway).
Your ISP uses static routes for default gateway, so you should not need accept_ra enabled on the host anyway (only the containers).
You could set these to off as well as you won’t use them (but as your ISP doesn’t send RAs they wont be being used anyway).
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
I am using netplan as shown in our tutorial. I have not actively set up anything else. In the netplan config networkd is specified as the renderer.
I only have the configuration mentioned here in my netplan. I have no other networking configurations. I am happy to check if you tell me what to look for. But ifupdown is not installed.
So eth0 and lxdbr0 should be set to accept_ra = 0 ?
How do I check if there is a problem with the built in dnsmasq of lxdbr0?
Could net.ipv6.icmp.ratelimit = 1000 be too small?
So LXD sets accept_ra to 2 on all interfaces (https://github.com/lxc/lxd/blob/182567f046e0debb5cae4f98f3cd50292628b43f/lxd/network/network.go#L591-L607), this is to allow the host to continue to receive route advertisements when LXD switches the node into routed mode (which is does by default as routing is enabled).
Have you got any router advertisements daemons running inside any of your containers by any chance (dnsmasq or radvd come to mind)?
It would be interesting if you shut your containers down, restart the node, and see if the expiring route 2a02:c207:1234:1234::/64 dev lxdbr0 proto kernel metric 256 expires 3344sec pref medium appears if none of the containers have ever started (just LXD to bring up the interface).
Okay, thanks for the explanation about accept_ra.
I have dnsmasq in the container yes:
root@s1c5:~# ps aux | grep dnsmasq
root 16066 0.0 0.0 16176 1036 ? S+ 15:13 0:00 grep --color=auto dnsmasq
I since made a restart of the host and the expires option does not appear on the lxdbr0 route. But last time I did the same and it came back, so I guess it is only a matter of time and as you are indicating a matter of something happening in the container?
It will be interesting to see if after some time it doesn’t appear if the containers aren’t running, and if it goes onto appear once the containers are running.
1 Like
Let me let the containers run for a while. Maybe it happens only under load, as I was mostly working on the WordPress sites running inside the containers. Or when the resource limits get to 100% too much or too many network requests overall?
Had another short outage. This time the routes stayed stable, ip -6 r showed no expires on lxdbr0, also the container didn’t lose it’s address or route. So I guess the container does not respond due to overload? How can I check this?
I also noticed that maybe trying to access the container not only on 443 with https but on another port with another https connection could be part of the issue?
Would you like to see more tcpdumps? As far as my little knowledge goes I do not see anything unusual.
Could missing Keep-Alive be the issue? I use Cloudflare and get 522 errors when this kind of outage occurs.
- I used https://www.giftofspeed.com/check-keep-alive/ to check keep-alive and it is turned on on https connection to the WordPress instance inside the container and on the https connection to Webmin also running inside the container but on a different port. So that is not it.
Are you seeing the same thing with ping rather than http?
Sorry, but I do not understand the question.
I am having expires problems again on lxdbr0. 
This time a beefier container went down when I added a wordpress user. Before that I did updates on the OS and WP and created a new WP site.
Maybe this container has problems as its name was changed after creation from c1 to s1c1?
I have really no idea why they keep going down.
Should I switch to DHCP6?
Could it be a cgroup issue that there are too many iops when the database gets going?
Try setting the networking inside the containers to use a static ipv6 gateway (the address of the lxdbr0 bridge) and a static IPv6 address to avoid router advertisement issues.
Its still strange why your lxdbr0 subnet route on the host has an expiry, something indeed is very odd on your host.
I meant do you only see HTTP timeouts or do you see ping timeouts too?
1 Like
Thanks!
So setting up netplan inside the container or running some lxc commands?
Last time I pinged a container when it was down in https it answered.
lxc seems not aware of any eth0 on a container:
user@s1:~$ sudo lxc config device get s1c1 eth0 ipv6.address
Error: The device doesn't exist
Could this old issue hold an answer?
I setup netplan inside the container to have the static ipv6 and the ipv6 of the lxdbr0 as gateway6.
Also the same nameservers of cloudflare inside the container.
And I set accept-ra: no also.
This eliminated the expriring of the ipv6 address inside the container (ip -6 r).
Now I will restart the host and hope for the best.
(ipv4 still has valid_lft 2896sec preferred_lft 2896sec what the ipv6 also had)
@michacassola ip -r doesn’t show addresses, it shows routes, so you must have been getting an expired route rather than address (which may have also removed the address).
I understood that the expiring route was on the LXD host, not in the container, as here Network issues - How to troubleshoot? you posted the output of ip -r with a default gateway of fe80::1 which is what your ISP requires on the host.
The line:
2a02:c207:1234:1234::/64 dev lxdbr0 proto kernel metric 256 expires 3344sec pref medium is not normal, as it suggests, the route has been learned through RA or DHCPv6, but it should be static (as it is the network of your bridge.
If you can get me a login to the host I could take a look and see what is wrong.
Then the expiry of the route. The routes did show some time limits inside the container.
And also lxdbr0’s route did always have the expires with it when a container went down.
Everything I wrote before is regarding the routes.
That is why I set accept-ra to no inside the conatiners netplan configs now, hoping that it will keep the routes static.
Thank you very much! I will make a user and key for you and send you a private message.
Hey @tomp, hope you are fine these days!
I am sad to say, but still experience short network outages every once in a while.
A friend of mine who also checks out one of the wordpress sites in the containers also notices the outages. It’s a Cloudflare 522 Error, Host not reachable.
Just a short recap of all the things I do to be able to check them off one by one.
- My ISP statically routes the ipv6/64 subnet to the host (they told me that)
- I use IPv6 only on my WordPress site sin the containers, meaning AAAA records in DNS, on my containers and let Cloudflare handle the IPv4 compatibility
- I implement Networking with netplan(networkd) and with the LXD built in lxdbr0.
- I use the bridge lxdbr0 to have ingress and egress limits on the containers
- Here all limits from mysudo lxd init --preseed < EOFfor my smallest plan- config:
limits.cpu: “1”
limits.cpu.allowance: 50%
limits.disk.priority: “1”
limits.memory: 1792MB
limits.memory.swap: “false”
description: “”
devices:
eth0:
limits.max: 50Mbit
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: default
size: 20GiB
type: disk
- config:
- I use ufw on the host and in the containers to block ports besides the http/s ports and some others (used to think the problem is due to UDP being blocked, but still persists with UDP enabled)
- I run WordOps (wordops.net) on ports 80 and 443 (although I use my own ufw script after install) but through Cloudflare
- I run Webmin (www.webmin.com) on port 8443 also through Cloudflare
What could it be?
- Should I not use one of the cgroups limits? @stgraber Maybe the container just drops the traffic becaus of one of those rules? How would I monitor/troubleshoot for that? Maybe when Cloudflare loads stuff into it’s cache it gets dropped as the traffic is limited?
- Is it a possible issue with networkd and netplan? How would I check that out?
- What could impact lxdbr0 in the way that the route gets the expires header it always gets after some time?
- Maybe the routed NIC type would be better? Maybe the bridge has too much to do? Could you guys implement the “limits.max” for that NIC type please? @stgraber
- How can I troubleshoot the upper level apps like wordops (its a very fancy lemp stack with dual nginx which is also used as a reverse proxy as well as the webserver) or webmin, how can I make sure it’s LXD related or upper level apps related?
Thanks in advance for all the help and a special thank you for all the help already given!