I have the problem that I don’t see a ipv6 address on my lxd Ubuntu 20.04 server with Ubuntu 20.04 container.
The suspect here is that in the past I had exactly this combination and I received an IPv6 address on the same system (before I reinstalled the server).
What I did was:
lxd init
Would you like to use LXD clustering? (yes/no) [default=no]: no
Do you want to configure a new storage pool? (yes/no) [default=yes]: yes
Name of the new storage pool [default=default]: zroot
Name of the storage backend to use (zfs, ceph, btrfs, dir, lvm) [default=zfs]: zfs
Create a new ZFS pool? (yes/no) [default=yes]: no
Name of the existing ZFS pool or dataset: zpool
Would you like to connect to a MAAS server? (yes/no) [default=no]: no
Would you like to create a new local network bridge? (yes/no) [default=yes]: yes
What should the new bridge be called? [default=lxdbr0]: lxdbr0
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
Would you like the LXD server to be available over the network? (yes/no) [default=no]: no
Would you like stale cached images to be updated automatically? (yes/no) [default=yes] yes
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: no
lxc launch ubuntu:20.04 Ubuntu2004-Master
Creating Ubuntu2004-Master
Starting Ubuntu2004-Master
lxc list
+-------------------+---------+----------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-------------------+---------+----------------------+------+-----------+-----------+
| Ubuntu2004-Master | RUNNING | 10.215.253.81 (eth0) | | CONTAINER | 0 |
+-------------------+---------+----------------------+------+-----------+-----------+
lxc info Ubuntu2004-Master
Name: Ubuntu2004-Master
Location: none
Remote: unix://
Architecture: x86_64
Created: 2021/07/13 18:37 UTC
Status: Running
Type: container
Profiles: default
Pid: 19995
Ips:
eth0: inet xxxxxxxxxx veth3cbe9341
eth0: inet6 fe80::xxxxxxxxxxx veth3cbe9341
lo: inet 127.0.0.1
lo: inet6 ::1
My host system receive an official IPv4 and ipv6 address
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 54:04:a6:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet xxxxxxxx/32 scope global enp4s0
valid_lft forever preferred_lft forever
inet6 2a01:xxxxxxxxc::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::xxxxxxxxx/64 scope link
valid_lft forever preferred_lft forever
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet xxxxxxxx/24 scope global lxdbr0
valid_lft forever preferred_lft forever
inet6 fd42:xxxxxxxx::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::xxxxxxxxx/64 scope link
valid_lft forever preferred_lft forever
Does anyone have an idea what could be the reason for this. As an additional information, I use an hetzner server.
I went the through the exact same thing, if you are not using just an additional subnet then just setup as follows and then use Macvlan, and this works perfectly.
If you are using an additional subnet and you want to use IPv6 at same time then you need to use a routed setup, from what i understand. Also @tomp posted another solution as well.
Can you show lxc network show lxdbr0 to make sure this is all good?
If it is, then most likely the issue would be some kind of firewall on the system preventing the router advertisement from reaching the container.
A few things to check around that:
ip6tables -L -n -v
And to make sure everything looks correct in the container:
The grep calls were meant to be run inside the container, not on the host.
Though in any case, the issue is firewalling. You can see that your default policy for INPUT, FORWARD and OUTPUT is DROP. There are some basic rules that LXD put in place to allow DNS and DHCP to make it through but your firewall isn’t even allowing basic ICMP6 multicast traffic so route advertisement won’t make it through.
Can you try:
ip6tables -I INPUT -i lxdbr0 -p icmpv6 -j ACCEPT
ip6tables -I OUTPUT -o lxdbr0 -p icmpv6 -j ACCEPT
This should allow sending and receiving ICMPv6 which should unblock the router advertisements. If that does the trick, I think I’ll send a tweak to LXD upstream so we add those rules automatically like we do DNS and DHCP.
After I added both ip6tables rules I received an IPv6 address. From what I understand the interface is only available internally and not from the internet.
Yes the IPv6 address allocated by default from lxdbr0 interface are not reachable from the external interface and are also designated as unique local addresses, so they are not routable on the wider internet either.