As I have mentioned in other messages, I am interested in having full
support for IPv6 in libvirt. To me this includes having dhcp6 for IPV6
address assignment and using RA (radvd) to establish the default route.
This is what I am using on my real LANs.
Before starting into adding dhcp6 support to libvirt, I wanted to see
just how it works with the current software. First of all, it appears
that, when nat or routed are specified for IPv4, the IPv6 is routed. If
it is an isolated/private network, then it can only work with other
guests on that network. The iptables and ip6tables settings
corresponded and were as expected. On the virtualization host, both
IPv4 and IPv6 forwarding are enabled.
While I can easily do stuff like ping6 and ssh -6 from virtual guests to
the virtualization host, I have been unable to do anything with external
hosts ... unless I add a static route for the virtual IPv6 network on
the target host back to the virtualization host. This is the only way I
have gotten anything to work. To complicate things, it seem that
"everything" wants the IPv6 network to have prefix=64 or things do not
work correctly.
The real systems use fd00:dead:beef:17::/64 for their network. The
virtual networks all use fd00:face:17:xx::/64 for their networks.
The network traffic on the virtualization host is forwarded to the
target host ... I can see the packets with wireshark on the target host.
On the target host I tried specifying a static route for network
fd00:face:17::/48 ... well, that really screwed things up, resulted in
some "redirects" from the virtualization host saying the that it was
sent a malformed packed ... it took a reboot to clean things up.
OK, so leave the fd00:face:17:6::/64 static route on the target host but
subnetwork this network on the virtualization host using networks like
fd00:face:17:6:8::/80 and fd00:face:6:9::/80. This works if I manually
configure IPv6 on the virtual guest. Since radvd is "upset" by a
non-prefix=64 network, I was not surprised when the guest's automatic
IPv6 address/network was not configured.
OK, what am I missing? What don't I understand?
If IPv6 is going to be useful in virtualization, then there must be some
"easy" way to have other systems understand that the virtualization host
is acting as a router for the virtual IPv6 networks it runs. While
being able to go between the virtualization hosts and the virtual guests
is very useful, I do not consider this sufficient.
I have googled and found some stuff as well as reading more RFCs than I
wanted to but I cannot find anything to address this issue.
IIRC, I did find something under a libvirt document that indicates
"routed" will be used for some kind of subnetworking.
Does libvirt need an IPv6 "NAT" to make this work?
Comments? Suggestions?
Gene