Xen users - Jul 2012 - Does anybody here uses IPv6 for DomU?

Hello all,

I am trying to do some tests with IPv6. I would like to configure a dual
stack for some services, such as DNS and Web Server.

First of all, to have IPv6 in DomU should I configure IPv6 in Dom0? I''m
not
sure, but I dont think so, since from Dom0 using loopback address I can
ping the IPv6 address from my router.

Well, thinking that it is not mandatory, I configured an IPv6 address in
DomU:

# The primary network interface
auto eth0
iface eth0 inet static
 address 10.0.0.100
 gateway 10.0.0.1
 netmask 255.255.255.0
 broadcast 10.0.0.255

iface eth0 inet6 static
 address 2001:xxxx:xxxx::6
 netmask 126
 gateway 2001:xxxx:xxxx::5

But I cant ping the IPv6 address from my gateway. My routes seems to be OK.
Should I configure something else? I was looking in google and saw some
people saying about to check /etc/sysctl.conf, specially the line
"net.ipv6.conf.all.forwarding=1", but this dont did any difference.

I''m using these packets into a Debian Squeeze:

# dpkg -l | grep xen
ii  libxenstore3.0                      4.0.1-5.2
 Xenstore communications library for Xen
ii  linux-image-2.6.32-5-xen-amd64      2.6.32-45                    Linux
2.6.32 for 64-bit PCs, Xen dom0 support
ii  xen-hypervisor-4.0-amd64            4.0.1-5.2                    The
Xen Hypervisor on AMD64
ii  xen-linux-system-2.6.32-5-xen-amd64 2.6.32-45                    Xen
system with Linux 2.6.32 on 64-bit PCs (meta-package)
ii  xen-tools                           4.2-1                        Tools
to manage Xen virtual servers
ii  xen-utils-4.0                       4.0.1-5.2                    XEN
administrative tools
ii  xen-utils-common                    4.0.0-1                      XEN
administrative tools - common files
ii  xenstore-utils                      4.0.1-5.2
 Xenstore utilities for Xen

And my xend-config.sxp is set to use:

(network-script ''network-bridge antispoof=yes'')
(vif-script vif-bridge)

I appreciate any help.

Regards,

-------------------------------
Carlos Eduardo Ribas


_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Carlos Ribas wrote:
>I am trying to do some tests with IPv6. I would like to configure a 
>dual stack for some services, such as DNS and Web Server.
>
>First of all, to have IPv6 in DomU should I configure IPv6 in Dom0? 
>I''m not sure, but I dont think so, since from Dom0 using loopback 
>address I can ping the IPv6 address from my router.
You don''t need any address of Dom0 (I''m assuming you are using
bridging ?)

I have one DomU running IPv6 for testing (DNS, Web server), Dom0 and 
the rest of the network is IPv4 only - well as much as you can when 
everything defaults to at least configuring link-local IPv6 addresses.
># The primary network interface
>auto eth0
>iface eth0 inet static
>  address 10.0.0.100
>  gateway 10.0.0.1
>  netmask 255.255.255.0
>  broadcast 10.0.0.255
>
>iface eth0 inet6 static
>  address 2001:xxxx:xxxx::6
>  netmask 126
>  gateway 2001:xxxx:xxxx::5
That looks OK, I''m running a Hurricane Electric tunnel so mine looks
different.
>But I cant ping the IPv6 address from my gateway. My routes seems to 
>be OK. Should I configure something else? I was looking in google 
>and saw some people saying about to check /etc/sysctl.conf, 
>specially the line "net.ipv6.conf.all.forwarding=1", but this dont
>did any difference.
I have "post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" in
the IPv6 stanza in my /etc/network/interfaces. But that is only 
needed to make the machine route packets between networks (ie act as 
a router for other devices'' traffic), it will still talk to other 
devices without this.
>(network-script ''network-bridge antispoof=yes'')
>(vif-script vif-bridge)
Standard advice now is not to use a network-script. It made sense a 
while back, but the scripts are deprecated and the host OS generally 
has better tools. For example, in Debian you can put something like 
this in /etc/network/interfaces :
auto br0
iface br0 inet static
	bridge_ports eth0
	address a.b.c.d
	netmask 255.255.255.0

One things I suggest it might be worth looking at is your subnet 
mask. Try using 64 instead of 126 and see if it makes any difference. 
While technically a 126 bit netmask ought to work on a P-P link, in 
practice I believe there are a lot of things that break if you go 
less than 64 bits for the host part of the address.

Also, "ip -6 neigh" will show you the known IPv6 neighbours (roughly 
equivalent to ARP cache for Ipv4). That may help in debugging.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

Hello Simon,

Yes, I''m using bridging. I put 126 as subnet mask because I configured
a
P-P link. Unfortunately use 64 makes no difference. However, the command
you said showed me that something is wrong:

# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0  FAILED
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE

I was cheking only with this command (and looking at red line, I thought
that it was all fine):

# route -A inet6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use
If
2001:xxxx:xxxx::4/126          ::                         Ue   256 0     4
eth0
fe80::/64                      ::                         U    256 0     0
eth0
*::/0                           2001:xxxx:xxxx::5          UG   1   0     0
eth0*
::/0                           fe80::224:38ff:fec9:8b00   UGDAe 1024 0
0 eth0
::/0                           ::                         !n   -1  1    73
lo
::1/128                        ::                         Un   0   1    23
lo
2001:xxxx:xxxx::6/128          ::                         Un   0   1    24
lo
fe80::216:3eff:fee2:3f3d/128   ::                         Un   0   1     0
lo
ff00::/8                       ::                         U    256 0     0
eth0
::/0                           ::                         !n   -1  1    73
lo

I will investigate further more. Do you think there are something wrong
with "network-script" that can cause this? I hope not! :)

Thanks,

-------------------------------
Carlos Eduardo Ribas





2012/7/18 Simon Hobson <linux@thehobsons.co.uk>
> Carlos Ribas wrote:
>
>  I am trying to do some tests with IPv6. I would like to configure a dual
>> stack for some services, such as DNS and Web Server.
>>
>> First of all, to have IPv6 in DomU should I configure IPv6 in Dom0?
I''m
>> not sure, but I dont think so, since from Dom0 using loopback address I
can
>> ping the IPv6 address from my router.
>>
>
> You don''t need any address of Dom0 (I''m assuming you are
using bridging ?)
>
> I have one DomU running IPv6 for testing (DNS, Web server), Dom0 and the
> rest of the network is IPv4 only - well as much as you can when everything
> defaults to at least configuring link-local IPv6 addresses.
>
>
>  # The primary network interface
>> auto eth0
>> iface eth0 inet static
>>  address 10.0.0.100
>>  gateway 10.0.0.1
>>  netmask 255.255.255.0
>>  broadcast 10.0.0.255
>>
>> iface eth0 inet6 static
>>  address 2001:xxxx:xxxx::6
>>  netmask 126
>>  gateway 2001:xxxx:xxxx::5
>>
>
> That looks OK, I''m running a Hurricane Electric tunnel so mine
looks
> different.
>
>
>  But I cant ping the IPv6 address from my gateway. My routes seems to be
>> OK. Should I configure something else? I was looking in google and saw
some
>> people saying about to check /etc/sysctl.conf, specially the line
>> "net.ipv6.conf.all.forwarding=**1", but this dont did any
difference.
>>
>
> I have "post-up echo 1 >
/proc/sys/net/ipv6/conf/all/**forwarding" in the
> IPv6 stanza in my /etc/network/interfaces. But that is only needed to make
> the machine route packets between networks (ie act as a router for other
> devices'' traffic), it will still talk to other devices without
this.
>
>
>  (network-script ''network-bridge antispoof=yes'')
>> (vif-script vif-bridge)
>>
>
> Standard advice now is not to use a network-script. It made sense a while
> back, but the scripts are deprecated and the host OS generally has better
> tools. For example, in Debian you can put something like this in
> /etc/network/interfaces :
> auto br0
> iface br0 inet static
>         bridge_ports eth0
>         address a.b.c.d
>         netmask 255.255.255.0
>
> One things I suggest it might be worth looking at is your subnet mask. Try
> using 64 instead of 126 and see if it makes any difference. While
> technically a 126 bit netmask ought to work on a P-P link, in practice I
> believe there are a lot of things that break if you go less than 64 bits
> for the host part of the address.
>
> Also, "ip -6 neigh" will show you the known IPv6 neighbours
(roughly
> equivalent to ARP cache for Ipv4). That may help in debugging.
>
> --
> Simon Hobson
>
> Visit
http://www.**magpiesnestpublishing.co.uk/<http://www.magpiesnestpublishing.co.uk/>for
books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Hi,

as Simon already wrote, try to use your provisioned "regular" ipv6
net.
This is usally
a /48 or /64.

Our dom0 don''t have ipv6 configured in any way, it''s just
enabled by
default.
Only the usual local-link (fe80...) addresses are bound to the
interfaces.
If you''re using bridges (peth0 -> eth0 -> vifX.X), you
don''t have to
touch any
forwarding settings. It''s "just working".

If you''re using fixed addresses, don''t forget to disable
autoconf which
is default.
E.g. :
iface eth0 inet6 static
    pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf
    address ...





Am Mittwoch, den 18.07.2012, 12:48 -0300 schrieb Carlos Ribas:
> Hello Simon,
> 
> 
> 
> Yes, I''m using bridging. I put 126 as subnet mask because I
configured
> a P-P link. Unfortunately use 64 makes no difference. However, the
> command you said showed me that something is wrong: 
> 
> 
> # ip -6 neigh
> 2001:xxxx:xxxx::5 dev eth0  FAILED
> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router
> STALE
> 
> 
> I was cheking only with this command (and looking at red line, I
> thought that it was all fine):
> 
> 
> # route -A inet6
> Kernel IPv6 routing table
> Destination                    Next Hop                   Flag Met Ref
> Use If
> 2001:xxxx:xxxx::4/126          ::                         Ue   256 0
> 4 eth0
> fe80::/64                      ::                         U    256 0
> 0 eth0
> ::/0                           2001:xxxx:xxxx::5          UG   1   0
> 0 eth0
> ::/0                           fe80::224:38ff:fec9:8b00   UGDAe 1024 0
> 0 eth0
> ::/0                           ::                         !n   -1  1
>    73 lo
> ::1/128                        ::                         Un   0   1
>    23 lo
> 2001:xxxx:xxxx::6/128          ::                         Un   0   1
>    24 lo
> fe80::216:3eff:fee2:3f3d/128   ::                         Un   0   1
> 0 lo
> ff00::/8                       ::                         U    256 0
> 0 eth0
> ::/0                           ::                         !n   -1  1
>    73 lo
> 
> 
> I will investigate further more. Do you think there are something
> wrong with "network-script" that can cause this? I hope not! :)
> 
> 
> Thanks,
> 
> 
> -------------------------------
> Carlos Eduardo Ribas
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 2012/7/18 Simon Hobson <linux@thehobsons.co.uk>
> 
>         Carlos Ribas wrote:
>         
>         
>                 I am trying to do some tests with IPv6. I would like
>                 to configure a dual stack for some services, such as
>                 DNS and Web Server.
>                 
>                 First of all, to have IPv6 in DomU should I configure
>                 IPv6 in Dom0? I''m not sure, but I dont think so,
since
>                 from Dom0 using loopback address I can ping the IPv6
>                 address from my router.
>         
>         
>         
>         
>         You don''t need any address of Dom0 (I''m assuming
you are using
>         bridging ?)
>         
>         I have one DomU running IPv6 for testing (DNS, Web server),
>         Dom0 and the rest of the network is IPv4 only - well as much
>         as you can when everything defaults to at least configuring
>         link-local IPv6 addresses.
>         
>         
>         
>         
>                 # The primary network interface
>                 auto eth0
>                 iface eth0 inet static
>                  address 10.0.0.100
>                  gateway 10.0.0.1
>                  netmask 255.255.255.0
>                  broadcast 10.0.0.255
>                 
>                 iface eth0 inet6 static
>                  address 2001:xxxx:xxxx::6
>                  netmask 126
>                  gateway 2001:xxxx:xxxx::5
>         
>         
>         
>         
>         That looks OK, I''m running a Hurricane Electric tunnel so
mine
>         looks different.
>         
>         
>         
>         
>                 But I cant ping the IPv6 address from my gateway. My
>                 routes seems to be OK. Should I configure something
>                 else? I was looking in google and saw some people
>                 saying about to check /etc/sysctl.conf, specially the
>                 line "net.ipv6.conf.all.forwarding=1", but this
dont
>                 did any difference.
>         
>         
>         
>         
>         I have "post-up echo 1
>         > /proc/sys/net/ipv6/conf/all/forwarding" in the IPv6
stanza
>         in my /etc/network/interfaces. But that is only needed to make
>         the machine route packets between networks (ie act as a router
>         for other devices'' traffic), it will still talk to other
>         devices without this.
>         
>         
>         
>         
>                 (network-script ''network-bridge
antispoof=yes'')
>                 (vif-script vif-bridge)
>         
>         
>         
>         
>         Standard advice now is not to use a network-script. It made
>         sense a while back, but the scripts are deprecated and the
>         host OS generally has better tools. For example, in Debian you
>         can put something like this in /etc/network/interfaces :
>         auto br0
>         iface br0 inet static
>                 bridge_ports eth0
>                 address a.b.c.d
>                 netmask 255.255.255.0
>         
>         One things I suggest it might be worth looking at is your
>         subnet mask. Try using 64 instead of 126 and see if it makes
>         any difference. While technically a 126 bit netmask ought to
>         work on a P-P link, in practice I believe there are a lot of
>         things that break if you go less than 64 bits for the host
>         part of the address.
>         
>         Also, "ip -6 neigh" will show you the known IPv6
neighbours
>         (roughly equivalent to ARP cache for Ipv4). That may help in
>         debugging.
>         
>         
>         _______________________________________________
>         Xen-users mailing list
>         Xen-users@lists.xen.org
>         http://lists.xen.org/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Hello Stephan,

    I tried to use my subnet, but didnt work. I tried to disable autoconf,
no success. I also tried to manually configure the forward in Dom0 using
"ip6tables -A FORWARD -s 2001:xxxx:xxxx::6 -m physdev --physdev-in vif21.0
-j ACCEPT" but once again, without success.

    It''s odd because if I try to ping the router from my DomU, it will
not
work, and this is the output from "ip -6 neigh":

# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0  FAILED
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE

    From my router I can''t ping my DomU, but then I got this message:

# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE

    And then it changed to:

# ip -6 neigh
2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE

    What seems to be ok, but it is not ok. Well, I''m still
investigating.

Thank you for your help,

-------------------------------
Carlos Eduardo Ribas





2012/7/19 Stephan Seitz <s.seitz@netzhaut.de>
> **
> Hi,
>
> as Simon already wrote, try to use your provisioned "regular"
ipv6 net.
> This is usally
> a /48 or /64.
>
> Our dom0 don''t have ipv6 configured in any way, it''s just
enabled by
> default.
> Only the usual local-link (fe80...) addresses are bound to the interfaces.
> If you''re using bridges (peth0 -> eth0 -> vifX.X), you
don''t have to touch
> any
> forwarding settings. It''s "just working".
>
> If you''re using fixed addresses, don''t forget to disable
autoconf which is
> default.
> E.g. :
> iface eth0 inet6 static
>     pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf
>     address ...
>
>
>
>
>
>   Am Mittwoch, den 18.07.2012, 12:48 -0300 schrieb Carlos Ribas:
>
>  Hello Simon,
>
>
>
>  Yes, I''m using bridging. I put 126 as subnet mask because I
configured a
> P-P link. Unfortunately use 64 makes no difference. However, the command
> you said showed me that something is wrong:
>
>
>
>  # ip -6 neigh
>
>  2001:xxxx:xxxx::5 dev eth0  FAILED
>
>  fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>
>
>
>  I was cheking only with this command (and looking at red line, I thought
> that it was all fine):
>
>
>
>  # route -A inet6
>
>  Kernel IPv6 routing table
>
>  Destination                    Next Hop                   Flag Met Ref
> Use If
>
>  2001:xxxx:xxxx::4/126          ::                         Ue   256 0
> 4 eth0
>
>  fe80::/64                      ::                         U    256 0
> 0 eth0
>
>  *::/0                           2001:xxxx:xxxx::5          UG   1   0
>   0 eth0*
>
>  ::/0                           fe80::224:38ff:fec9:8b00   UGDAe 1024 0
>   0 eth0
>
>  ::/0                           ::                         !n   -1  1
>  73 lo
>
>  ::1/128                        ::                         Un   0   1
>  23 lo
>
>  2001:xxxx:xxxx::6/128          ::                         Un   0   1
>  24 lo
>
>  fe80::216:3eff:fee2:3f3d/128   ::                         Un   0   1
> 0 lo
>
>  ff00::/8                       ::                         U    256 0
> 0 eth0
>
>  ::/0                           ::                         !n   -1  1
>  73 lo
>
>
>
>  I will investigate further more. Do you think there are something wrong
> with "network-script" that can cause this? I hope not! :)
>
>
>
>  Thanks,
>
>
>
>  -------------------------------
>
>  Carlos Eduardo Ribas
>
>
>
>
>
>
>
>
>  2012/7/18 Simon Hobson <linux@thehobsons.co.uk>
>
>  Carlos Ribas wrote:
>
>  I am trying to do some tests with IPv6. I would like to configure a dual
> stack for some services, such as DNS and Web Server.
>
> First of all, to have IPv6 in DomU should I configure IPv6 in Dom0?
I''m
> not sure, but I dont think so, since from Dom0 using loopback address I can
> ping the IPv6 address from my router.
>
>
>
>   You don''t need any address of Dom0 (I''m assuming you
are using bridging
> ?)
>
> I have one DomU running IPv6 for testing (DNS, Web server), Dom0 and the
> rest of the network is IPv4 only - well as much as you can when everything
> defaults to at least configuring link-local IPv6 addresses.
>
>
>
>  # The primary network interface
> auto eth0
> iface eth0 inet static
>  address 10.0.0.100
>  gateway 10.0.0.1
>  netmask 255.255.255.0
>  broadcast 10.0.0.255
>
> iface eth0 inet6 static
>  address 2001:xxxx:xxxx::6
>  netmask 126
>  gateway 2001:xxxx:xxxx::5
>
>
>
>   That looks OK, I''m running a Hurricane Electric tunnel so mine
looks
> different.
>
>
>
>  But I cant ping the IPv6 address from my gateway. My routes seems to be
> OK. Should I configure something else? I was looking in google and saw some
> people saying about to check /etc/sysctl.conf, specially the line
> "net.ipv6.conf.all.forwarding=1", but this dont did any
difference.
>
>
>
>   I have "post-up echo 1 >
/proc/sys/net/ipv6/conf/all/forwarding" in the
> IPv6 stanza in my /etc/network/interfaces. But that is only needed to make
> the machine route packets between networks (ie act as a router for other
> devices'' traffic), it will still talk to other devices without
this.
>
>
>
>  (network-script ''network-bridge antispoof=yes'')
> (vif-script vif-bridge)
>
>
>
>   Standard advice now is not to use a network-script. It made sense a
> while back, but the scripts are deprecated and the host OS generally has
> better tools. For example, in Debian you can put something like this in
> /etc/network/interfaces :
> auto br0
> iface br0 inet static
>         bridge_ports eth0
>         address a.b.c.d
>         netmask 255.255.255.0
>
> One things I suggest it might be worth looking at is your subnet mask. Try
> using 64 instead of 126 and see if it makes any difference. While
> technically a 126 bit netmask ought to work on a P-P link, in practice I
> believe there are a lot of things that break if you go less than 64 bits
> for the host part of the address.
>
> Also, "ip -6 neigh" will show you the known IPv6 neighbours
(roughly
> equivalent to ARP cache for Ipv4). That may help in debugging.
>
> _______________________________________________Xen-users mailing
listXen-users@lists.xen.orghttp://lists.xen.org/xen-users
>
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

What let me crazy is that from Dom0 (with local-link) I can ping the router
and from DomU with static IP I can''t!

Dom0:
# ping6 2001:xxxx:xxxx::5
PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
64 bytes from 2001:xxxx:xxxx::5: icmp_seq=1 ttl=64 time=4.56 ms
^C

DomU:
# ping6 2001:xxxx:xxxx::5
PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
^C
--- 2001:xxxx:xxxx::5 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms

Regards,

-------------------------------
Carlos Eduardo Ribas





2012/7/19 Carlos Ribas <carlos@ansp.br>
> Hello Stephan,
>
>     I tried to use my subnet, but didnt work. I tried to disable autoconf,
> no success. I also tried to manually configure the forward in Dom0 using
> "ip6tables -A FORWARD -s 2001:xxxx:xxxx::6 -m physdev --physdev-in
vif21.0
> -j ACCEPT" but once again, without success.
>
>     It''s odd because if I try to ping the router from my DomU, it
will not
> work, and this is the output from "ip -6 neigh":
>
> # ip -6 neigh
> 2001:xxxx:xxxx::5 dev eth0  FAILED
> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>
>     From my router I can''t ping my DomU, but then I got this
message:
>
> # ip -6 neigh
> 2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE
> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE
>
>     And then it changed to:
>
> # ip -6 neigh
> 2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>
>     What seems to be ok, but it is not ok. Well, I''m still
investigating.
>
> Thank you for your help,
>
> -------------------------------
> Carlos Eduardo Ribas
>
>
>
>
>
> 2012/7/19 Stephan Seitz <s.seitz@netzhaut.de>
>
>> **
>> Hi,
>>
>> as Simon already wrote, try to use your provisioned "regular"
ipv6 net.
>> This is usally
>> a /48 or /64.
>>
>> Our dom0 don''t have ipv6 configured in any way, it''s
just enabled by
>> default.
>> Only the usual local-link (fe80...) addresses are bound to the
interfaces.
>> If you''re using bridges (peth0 -> eth0 -> vifX.X), you
don''t have to
>> touch any
>> forwarding settings. It''s "just working".
>>
>> If you''re using fixed addresses, don''t forget to
disable autoconf which
>> is default.
>> E.g. :
>> iface eth0 inet6 static
>>     pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf
>>     address ...
>>
>>
>>
>>
>>
>>   Am Mittwoch, den 18.07.2012, 12:48 -0300 schrieb Carlos Ribas:
>>
>>  Hello Simon,
>>
>>
>>
>>  Yes, I''m using bridging. I put 126 as subnet mask because I
configured
>> a P-P link. Unfortunately use 64 makes no difference. However, the
command
>> you said showed me that something is wrong:
>>
>>
>>
>>  # ip -6 neigh
>>
>>  2001:xxxx:xxxx::5 dev eth0  FAILED
>>
>>  fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router
STALE
>>
>>
>>
>>  I was cheking only with this command (and looking at red line, I
>> thought that it was all fine):
>>
>>
>>
>>  # route -A inet6
>>
>>  Kernel IPv6 routing table
>>
>>  Destination                    Next Hop                   Flag Met Ref
>> Use If
>>
>>  2001:xxxx:xxxx::4/126          ::                         Ue   256 0
>> 4 eth0
>>
>>  fe80::/64                      ::                         U    256 0
>> 0 eth0
>>
>>  *::/0                           2001:xxxx:xxxx::5          UG   1   0
>>   0 eth0*
>>
>>  ::/0                           fe80::224:38ff:fec9:8b00   UGDAe 1024 0
>>   0 eth0
>>
>>  ::/0                           ::                         !n   -1  1
>>  73 lo
>>
>>  ::1/128                        ::                         Un   0   1
>>  23 lo
>>
>>  2001:xxxx:xxxx::6/128          ::                         Un   0   1
>>  24 lo
>>
>>  fe80::216:3eff:fee2:3f3d/128   ::                         Un   0   1
>> 0 lo
>>
>>  ff00::/8                       ::                         U    256 0
>> 0 eth0
>>
>>  ::/0                           ::                         !n   -1  1
>>  73 lo
>>
>>
>>
>>  I will investigate further more. Do you think there are something
wrong
>> with "network-script" that can cause this? I hope not! :)
>>
>>
>>
>>  Thanks,
>>
>>
>>
>>  -------------------------------
>>
>>  Carlos Eduardo Ribas
>>
>>
>>
>>
>>
>>
>>
>>
>>  2012/7/18 Simon Hobson <linux@thehobsons.co.uk>
>>
>>  Carlos Ribas wrote:
>>
>>  I am trying to do some tests with IPv6. I would like to configure a
dual
>> stack for some services, such as DNS and Web Server.
>>
>> First of all, to have IPv6 in DomU should I configure IPv6 in Dom0?
I''m
>> not sure, but I dont think so, since from Dom0 using loopback address I
can
>> ping the IPv6 address from my router.
>>
>>
>>
>>   You don''t need any address of Dom0 (I''m assuming
you are using
>> bridging ?)
>>
>> I have one DomU running IPv6 for testing (DNS, Web server), Dom0 and
the
>> rest of the network is IPv4 only - well as much as you can when
everything
>> defaults to at least configuring link-local IPv6 addresses.
>>
>>
>>
>>  # The primary network interface
>> auto eth0
>> iface eth0 inet static
>>  address 10.0.0.100
>>  gateway 10.0.0.1
>>  netmask 255.255.255.0
>>  broadcast 10.0.0.255
>>
>> iface eth0 inet6 static
>>  address 2001:xxxx:xxxx::6
>>  netmask 126
>>  gateway 2001:xxxx:xxxx::5
>>
>>
>>
>>   That looks OK, I''m running a Hurricane Electric tunnel so
mine looks
>> different.
>>
>>
>>
>>  But I cant ping the IPv6 address from my gateway. My routes seems to
be
>> OK. Should I configure something else? I was looking in google and saw
some
>> people saying about to check /etc/sysctl.conf, specially the line
>> "net.ipv6.conf.all.forwarding=1", but this dont did any
difference.
>>
>>
>>
>>   I have "post-up echo 1 >
/proc/sys/net/ipv6/conf/all/forwarding" in
>> the IPv6 stanza in my /etc/network/interfaces. But that is only needed
to
>> make the machine route packets between networks (ie act as a router for
>> other devices'' traffic), it will still talk to other devices
without this.
>>
>>
>>
>>  (network-script ''network-bridge antispoof=yes'')
>> (vif-script vif-bridge)
>>
>>
>>
>>   Standard advice now is not to use a network-script. It made sense a
>> while back, but the scripts are deprecated and the host OS generally
has
>> better tools. For example, in Debian you can put something like this in
>> /etc/network/interfaces :
>> auto br0
>> iface br0 inet static
>>         bridge_ports eth0
>>         address a.b.c.d
>>         netmask 255.255.255.0
>>
>> One things I suggest it might be worth looking at is your subnet mask.
>> Try using 64 instead of 126 and see if it makes any difference. While
>> technically a 126 bit netmask ought to work on a P-P link, in practice
I
>> believe there are a lot of things that break if you go less than 64
bits
>> for the host part of the address.
>>
>> Also, "ip -6 neigh" will show you the known IPv6 neighbours
(roughly
>> equivalent to ARP cache for Ipv4). That may help in debugging.
>>
>> _______________________________________________Xen-users mailing
listXen-users@lists.xen.orghttp://lists.xen.org/xen-users
>>
>>
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Can someone put here the output from the command "ip6tables -L -n"
from
Dom0?

Thanks,

-------------------------------
Carlos Eduardo Ribas



2012/7/19 Carlos Ribas <carlos@ansp.br>
> What let me crazy is that from Dom0 (with local-link) I can ping the
> router and from DomU with static IP I can''t!
>
> Dom0:
> # ping6 2001:xxxx:xxxx::5
> PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
> 64 bytes from 2001:xxxx:xxxx::5: icmp_seq=1 ttl=64 time=4.56 ms
> ^C
>
> DomU:
> # ping6 2001:xxxx:xxxx::5
> PING 2001:xxxx:xxxx::5(2001:xxxx:xxxx::5) 56 data bytes
> ^C
> --- 2001:xxxx:xxxx::5 ping statistics ---
> 5 packets transmitted, 0 received, 100% packet loss, time 3999ms
>
> Regards,
>
> -------------------------------
> Carlos Eduardo Ribas
>
>
>
>
>
> 2012/7/19 Carlos Ribas <carlos@ansp.br>
>
>> Hello Stephan,
>>
>>     I tried to use my subnet, but didnt work. I tried to disable
>> autoconf, no success. I also tried to manually configure the forward in
>> Dom0 using "ip6tables -A FORWARD -s 2001:xxxx:xxxx::6 -m physdev
>> --physdev-in vif21.0 -j ACCEPT" but once again, without success.
>>
>>     It''s odd because if I try to ping the router from my DomU,
it will
>> not work, and this is the output from "ip -6 neigh":
>>
>> # ip -6 neigh
>> 2001:xxxx:xxxx::5 dev eth0  FAILED
>> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>>
>>     From my router I can''t ping my DomU, but then I got this
message:
>>
>> # ip -6 neigh
>> 2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router REACHABLE
>> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router
>> REACHABLE
>>
>>     And then it changed to:
>>
>>  # ip -6 neigh
>> 2001:xxxx:xxxx::5 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>> fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router STALE
>>
>>     What seems to be ok, but it is not ok. Well, I''m still
investigating.
>>
>> Thank you for your help,
>>
>> -------------------------------
>> Carlos Eduardo Ribas
>>
>>
>>
>>
>>
>> 2012/7/19 Stephan Seitz <s.seitz@netzhaut.de>
>>
>>> **
>>> Hi,
>>>
>>> as Simon already wrote, try to use your provisioned
"regular" ipv6 net.
>>> This is usally
>>> a /48 or /64.
>>>
>>> Our dom0 don''t have ipv6 configured in any way,
it''s just enabled by
>>> default.
>>> Only the usual local-link (fe80...) addresses are bound to the
>>> interfaces.
>>> If you''re using bridges (peth0 -> eth0 -> vifX.X),
you don''t have to
>>> touch any
>>> forwarding settings. It''s "just working".
>>>
>>> If you''re using fixed addresses, don''t forget to
disable autoconf which
>>> is default.
>>> E.g. :
>>> iface eth0 inet6 static
>>>     pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf
>>>     address ...
>>>
>>>
>>>
>>>
>>>
>>>   Am Mittwoch, den 18.07.2012, 12:48 -0300 schrieb Carlos Ribas:
>>>
>>>  Hello Simon,
>>>
>>>
>>>
>>>  Yes, I''m using bridging. I put 126 as subnet mask because
I configured
>>> a P-P link. Unfortunately use 64 makes no difference. However, the
command
>>> you said showed me that something is wrong:
>>>
>>>
>>>
>>>  # ip -6 neigh
>>>
>>>  2001:xxxx:xxxx::5 dev eth0  FAILED
>>>
>>>  fe80::224:38ff:fec9:8b00 dev eth0 lladdr 00:24:38:c9:8b:00 router
STALE
>>>
>>>
>>>
>>>  I was cheking only with this command (and looking at red line, I
>>> thought that it was all fine):
>>>
>>>
>>>
>>>  # route -A inet6
>>>
>>>  Kernel IPv6 routing table
>>>
>>>  Destination                    Next Hop                   Flag Met
Ref
>>> Use If
>>>
>>>  2001:xxxx:xxxx::4/126          ::                         Ue   256
0
>>>   4 eth0
>>>
>>>  fe80::/64                      ::                         U    256
0
>>>   0 eth0
>>>
>>>  *::/0                           2001:xxxx:xxxx::5          UG   1 
0
>>>     0 eth0*
>>>
>>>  ::/0                           fe80::224:38ff:fec9:8b00   UGDAe
1024 0
>>>     0 eth0
>>>
>>>  ::/0                           ::                         !n   -1 
1
>>>  73 lo
>>>
>>>  ::1/128                        ::                         Un   0  
1
>>>  23 lo
>>>
>>>  2001:xxxx:xxxx::6/128          ::                         Un   0  
1
>>>  24 lo
>>>
>>>  fe80::216:3eff:fee2:3f3d/128   ::                         Un   0  
1
>>>   0 lo
>>>
>>>  ff00::/8                       ::                         U    256
0
>>>   0 eth0
>>>
>>>  ::/0                           ::                         !n   -1 
1
>>>  73 lo
>>>
>>>
>>>
>>>  I will investigate further more. Do you think there are something
>>> wrong with "network-script" that can cause this? I hope
not! :)
>>>
>>>
>>>
>>>  Thanks,
>>>
>>>
>>>
>>>  -------------------------------
>>>
>>>  Carlos Eduardo Ribas
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>  2012/7/18 Simon Hobson <linux@thehobsons.co.uk>
>>>
>>>  Carlos Ribas wrote:
>>>
>>>  I am trying to do some tests with IPv6. I would like to configure
a
>>> dual stack for some services, such as DNS and Web Server.
>>>
>>> First of all, to have IPv6 in DomU should I configure IPv6 in Dom0?
I''m
>>> not sure, but I dont think so, since from Dom0 using loopback
address I can
>>> ping the IPv6 address from my router.
>>>
>>>
>>>
>>>   You don''t need any address of Dom0 (I''m
assuming you are using
>>> bridging ?)
>>>
>>> I have one DomU running IPv6 for testing (DNS, Web server), Dom0
and the
>>> rest of the network is IPv4 only - well as much as you can when
everything
>>> defaults to at least configuring link-local IPv6 addresses.
>>>
>>>
>>>
>>>  # The primary network interface
>>> auto eth0
>>> iface eth0 inet static
>>>  address 10.0.0.100
>>>  gateway 10.0.0.1
>>>  netmask 255.255.255.0
>>>  broadcast 10.0.0.255
>>>
>>> iface eth0 inet6 static
>>>  address 2001:xxxx:xxxx::6
>>>  netmask 126
>>>  gateway 2001:xxxx:xxxx::5
>>>
>>>
>>>
>>>   That looks OK, I''m running a Hurricane Electric tunnel
so mine looks
>>> different.
>>>
>>>
>>>
>>>  But I cant ping the IPv6 address from my gateway. My routes seems
to be
>>> OK. Should I configure something else? I was looking in google and
saw some
>>> people saying about to check /etc/sysctl.conf, specially the line
>>> "net.ipv6.conf.all.forwarding=1", but this dont did any
difference.
>>>
>>>
>>>
>>>   I have "post-up echo 1 >
/proc/sys/net/ipv6/conf/all/forwarding" in
>>> the IPv6 stanza in my /etc/network/interfaces. But that is only
needed to
>>> make the machine route packets between networks (ie act as a router
for
>>> other devices'' traffic), it will still talk to other
devices without this.
>>>
>>>
>>>
>>>  (network-script ''network-bridge antispoof=yes'')
>>> (vif-script vif-bridge)
>>>
>>>
>>>
>>>   Standard advice now is not to use a network-script. It made sense
a
>>> while back, but the scripts are deprecated and the host OS
generally has
>>> better tools. For example, in Debian you can put something like
this in
>>> /etc/network/interfaces :
>>> auto br0
>>> iface br0 inet static
>>>         bridge_ports eth0
>>>         address a.b.c.d
>>>         netmask 255.255.255.0
>>>
>>> One things I suggest it might be worth looking at is your subnet
mask.
>>> Try using 64 instead of 126 and see if it makes any difference.
While
>>> technically a 126 bit netmask ought to work on a P-P link, in
practice I
>>> believe there are a lot of things that break if you go less than 64
bits
>>> for the host part of the address.
>>>
>>> Also, "ip -6 neigh" will show you the known IPv6
neighbours (roughly
>>> equivalent to ARP cache for Ipv4). That may help in debugging.
>>>
>>> _______________________________________________Xen-users mailing
listXen-users@lists.xen.orghttp://lists.xen.org/xen-users
>>>
>>>
>>
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

I dono if my problem is the same as yours, but I had a problem where
the linux bridge was not passing multicast (x3:xx:xx:xx:xx:xx) packets.

 http://wiki.prgmr.com/mediawiki/index.php/20120626_troubleshooting_ipv6

#cat /sys/class/net/vif0.0/brport/multicast_router
1
# echo "2">/sys/class/net/vif0.0/brport/multicast_router

essentially, I did this for all ports on the bridge, and it seemed 
to have worked.   

Sorry the documentation is absolutely horrible.  I haven''t had time
to sort it out and properly test it.