Re: [libvirt] IPv6 subnet on virbr0
On Thu, Jun 04, 2009 at 07:26:05PM +0200, Bernie Innocenti wrote:
Hello,
in a common scenario where there aren't enough public IPv4 addresses for
all domains, I have elaborated this workaround:
- the host operates a sixxs.net IPv6 tunnel with aiccu.
- the virbr0 interface is manually configured an IPv6 address
within a /64 subnet delegated by sixxs.net. (I do this from
/etc/rc.local for lack of a better place)
- radvd runs on the host to autoconfigure IPv6 for the guests
on virbr0 and advertise the host as a gateway
With this setup, all machines are globally addressable from the IPv6
internet, which is still quite useful for backstage services such as a
build farm.
In order to automate this setup, libvirt should support configuring an
IPv6 address on bridged interfaces, and possibly multiple addresses for
dual stack setups. Automatically running radvd would make a nice goodie.
I'm not sure that we should automatically run radvd, because this has
potential implications for the host as a whole. It is hard to restrict
scope to just the virbr0 interface, as we do with IPv4 using NAT.
We should definitely allow multiple <ip> elements, and allow both IPv4
and IPv6 and configure interfaces accordingly. Annoyingly we used the
attribute 'netmask'. We really should have used 'prefix', since netmask
as a concept is deprecated in IPv6 world. I'd suggest we allow continued
use of netmask for IPv4 addresses, but recommend use of 'prefix' in the
future. If they give a netmask, then automatically generate a prefix
attribute, and vica-verca.
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254" />
</dhcp>
</ip>
<ip address="2001:200:0:8002:203:47ff:fea5:3083"
prefix="64'/>
In theory we should also allow <dhcp> for IPv6, but I'm not sure that the
dnsmasq daemon supports offering of DHCPv6 addresses.
Todo this properly we'll need to
- Extend the parser to allow multiple addresses
- Change the string -> address code to use getaddrinfo, not inet_aton
- Change interface bring up code to add multiple addresses IPv4 & 6
- Add support for ip6tables
- Add rules for ip6tables as appropriate for the <forward/> rule
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|