On Thu, Jun 04, 2009 at 07:26:05PM +0200, Bernie Innocenti wrote:
Hello,
in a common scenario where there aren't enough public IPv4 addresses for all domains, I have elaborated this workaround:
- the host operates a sixxs.net IPv6 tunnel with aiccu.
- the virbr0 interface is manually configured an IPv6 address within a /64 subnet delegated by sixxs.net. (I do this from /etc/rc.local for lack of a better place)
- radvd runs on the host to autoconfigure IPv6 for the guests on virbr0 and advertise the host as a gateway
With this setup, all machines are globally addressable from the IPv6 internet, which is still quite useful for backstage services such as a build farm.
In order to automate this setup, libvirt should support configuring an IPv6 address on bridged interfaces, and possibly multiple addresses for dual stack setups. Automatically running radvd would make a nice goodie.
I'm not sure that we should automatically run radvd, because this has potential implications for the host as a whole. It is hard to restrict scope to just the virbr0 interface, as we do with IPv4 using NAT. We should definitely allow multiple <ip> elements, and allow both IPv4 and IPv6 and configure interfaces accordingly. Annoyingly we used the attribute 'netmask'. We really should have used 'prefix', since netmask as a concept is deprecated in IPv6 world. I'd suggest we allow continued use of netmask for IPv4 addresses, but recommend use of 'prefix' in the future. If they give a netmask, then automatically generate a prefix attribute, and vica-verca. <ip address="192.168.122.1" netmask="255.255.255.0"> <dhcp> <range start="192.168.122.2" end="192.168.122.254" /> </dhcp> </ip> <ip address="2001:200:0:8002:203:47ff:fea5:3083" prefix="64'/> In theory we should also allow <dhcp> for IPv6, but I'm not sure that the dnsmasq daemon supports offering of DHCPv6 addresses. Todo this properly we'll need to - Extend the parser to allow multiple addresses - Change the string -> address code to use getaddrinfo, not inet_aton - Change interface bring up code to add multiple addresses IPv4 & 6 - Add support for ip6tables - Add rules for ip6tables as appropriate for the <forward/> rule Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|