[lxc-devel] [Lxc-users] Request for inclusion into mainline LXC utils

Michael H. Warfield mhw at WittsEnd.com
Mon Jan 25 06:01:46 UTC 2010 

Sorry...  Long quote of my own post with no snip.  Too much is
relevant...

On Sun, 2010-01-24 at 23:43 -0500, Michael H. Warfield wrote: 
> On Mon, 2010-01-25 at 02:18 +0100, Michael Holzt wrote:
> 
> : - snip
> 
> > I haven't played with ipv6 for some years, but i'm sure that your 
> > problems can be fixed without much work. For starters i would try
> > something like this:
> 
> > interface foo inet6 manual
> > 	pre-up ifconfig foo up
> 
> Well, it was a good shot.  But, unfortunately, all for naught.  It still
> no workie.
> 
> The Debian container:
> 
> eth0      Link encap:Ethernet  HWaddr 00:04:08:01:02:40  
>           inet addr:172.20.38.130  Bcast:172.20.38.255  Mask:255.255.255.0
>           inet6 addr: fe80::204:8ff:fe01:240/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:246 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:186 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:21383 (21.3 KB)  TX bytes:23934 (23.9 KB)
> 
> The Fedora container:
> 
> eth0      Link encap:Ethernet  HWaddr 00:04:08:01:02:0A  
>           inet addr:172.20.38.131  Bcast:172.20.38.255  Mask:255.255.255.0
>           inet6 addr: 2001:4830:3000:8202:204:8ff:fe01:20a/64 Scope:Global
>           inet6 addr: fe80::204:8ff:fe01:20a/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:127 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:12396 (12.1 KiB)  TX bytes:1008 (1008.0 b)

> I DON'T understand this.  It makes NO sense to me.  At that point
> EVERYTHING SHOULD BE under control of the kernel.  But...  Somehow the
> Debian configuration fails, even if I restart the routing daemon and
> re-advertise those routes.  At that point, everything should just
> autoconf with no action from the user space at all.

> There is one other very important weirdism.  IPv6 stateless autoconf, by
> design and by intent, is disabled if IPv6 forwarding is enabled in the
> kernel (remember too, this is a 2.6.30 kernel) and these containers are
> residing on a machine acting as an IPv6 router (recurse back to my
> earlier comments about very complex configurations and routing) although
> they, themselves are not routers.  The host machine is running a routing
> advertisement daemon (zebra) providing IPv6 routes.  That host routes to
> and from REAL IPv6 networks as well as these virtual containers as well.

> In the host sysctl.conf:

> net.ipv6.conf.all.forwarding = 1

> Confirmed by:

> [root at complex ~]# cat /proc/sys/net/ipv6/conf/all/forwarding
> 1

> In the Fedora container, I have not hat to set that to 0 but...

> [root at alcove ~]# cat /proc/sys/net/ipv6/conf/all/forwarding
> 0

> Like magic.  And there it works.

> In the Debian container, it was NOT showing up as 1 but 0.  So I set it
> in /etc/sysctl.conf.  Now...

> root at ubuntu:~# cat /proc/sys/net/ipv6/conf/all/forwarding
> 0

> And there it still doesn't work.  What is the difference?  Why doesn't
> it work properly with Debian?  These containers are running side by side
> in the same host environment (re-enforcing some relevance to the
> lxc-devel topic).

This has been frustrating me for ttttoooo long, and I had to get to the
bottom of it.  It's something on the kernel level and it had to be
resolvable, I just don't understand why it's peculiar to the Debian
containers.

FOUND IT!

[root at alcove ~]# cat /proc/sys/net/ipv6/conf/all/accept_ra
1

root at ubuntu:~# cat /proc/sys/net/ipv6/conf/all/accept_ra
0

That's what was killing me and blocking autoconf in Debian.  I set that
to 1 for all and for eth0 and it all magically starts working.

Leaves unresolved why this is required in the Debian containers and NOT
in the Fedora containers but someone else can worry about that while I
integrate this into my container "hacks".

This is what I had to add to the container /etc/sysctl.conf to make this
all work:

net.ipv6.conf.all.forwarding=0
net.ipv6.conf.all.accept_ra=1
net.ipv6.conf.default.accept_ra=1
net.ipv6.conf.eth0.accept_ra=1

Had to add all of them.  Leave any one of them out and it fails (which
probably means, if there is an eth1 or eth2, they need to be there as
well...  Gag...)

Which begs a question (not "begs the question" which is a logical
conundrum of a different sort)...  WHY is this necessary in Debian
containers and not at all in Fedora containers?

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20100125/1ca68165/attachment.pgp>

More information about the lxc-devel mailing list