forgejo/lxc-helpers
13
2
Fork 2
Code Issues 8 Pull requests 3 Actions Activity

LXC drops the default IPv6 route #19

New issue
Open
opened 2023-12-03 18:42:13 +00:00 by earl-warren · 4 comments
earl-warren commented 2023-12-03 18:42:13 +00:00
Owner
Copy link

Steps to reproduce:

  • Configure LXC to be IPv6 capable /etc/default/lxc-net
USE_LXC_BRIDGE="true"

# Honor system's dnsmasq configuration
#LXC_DHCP_CONFILE=/etc/dnsmasq.conf
LXC_ADDR="10.6.83.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.6.83.0/24"
LXC_DHCP_RANGE="10.6.83.2,10.6.83.254"
LXC_DHCP_MAX="253"
LXC_IPV6_ADDR="fc16::216:3eff:fe00:1"
LXC_IPV6_MASK="64"
LXC_IPV6_NETWORK="fc16::/64"
LXC_IPV6_NAT="true"
  • Create an LXC container debian:bookworm
  • Attach in the container and run
root@try7:/# ip -6 r
fc16::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::216:3eff:fe00:0 dev eth0 proto ra metric 1024 expires 1784sec hoplimit 64 pref medium
root@try7:/# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
root@try7:/# ip -6 r
fc16::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

This happens when installing docker and configuring it to be IPv6 capable or when installing a nested LXC container to be IPv6 capable.

Steps to reproduce: * Configure LXC to be IPv6 capable `/etc/default/lxc-net` ``` USE_LXC_BRIDGE="true" # Honor system's dnsmasq configuration #LXC_DHCP_CONFILE=/etc/dnsmasq.conf LXC_ADDR="10.6.83.1" LXC_NETMASK="255.255.255.0" LXC_NETWORK="10.6.83.0/24" LXC_DHCP_RANGE="10.6.83.2,10.6.83.254" LXC_DHCP_MAX="253" LXC_IPV6_ADDR="fc16::216:3eff:fe00:1" LXC_IPV6_MASK="64" LXC_IPV6_NETWORK="fc16::/64" LXC_IPV6_NAT="true" ```` * Create an LXC container debian:bookworm * Attach in the container and run ```sh root@try7:/# ip -6 r fc16::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::216:3eff:fe00:0 dev eth0 proto ra metric 1024 expires 1784sec hoplimit 64 pref medium root@try7:/# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding root@try7:/# ip -6 r fc16::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium ``` This happens when installing docker and configuring it to be IPv6 capable or when installing a nested LXC container to be IPv6 capable.
earl-warren commented 2023-12-03 20:17:22 +00:00
Author
Owner
Copy link

Asked for help in the LXC forum. https://discuss.linuxcontainers.org/t/ipv6-default-route-is-removed-when-installing-a-nested-lxc/18408

Asked for help in the LXC forum. https://discuss.linuxcontainers.org/t/ipv6-default-route-is-removed-when-installing-a-nested-lxc/18408
earl-warren commented 2023-12-03 20:31:41 +00:00
Author
Owner
Copy link

Looking at https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html there does not seem to be anything that should be added to the config in addition to what is already there:

lxc.net.0.type = veth
lxc.net.0.hwaddr = 00:16:3e:da:d1:3f
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
Looking at https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html there does not seem to be anything that should be added to the config in addition to what is already there: ``` lxc.net.0.type = veth lxc.net.0.hwaddr = 00:16:3e:da:d1:3f lxc.net.0.link = lxcbr0 lxc.net.0.flags = up ```
earl-warren commented 2023-12-03 20:37:13 +00:00
Author
Owner
Copy link

It can be fixed by echo 0 > /proc/sys/net/ipv6/conf/all/forwarding and systemctl restart networking

root@try2:/# systemctl restart networking
root@try2:/# ip -6 r                     
fc16::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::216:3eff:fe00:0 dev eth0 proto ra metric 1024 expires 1795sec hoplimit 64 pref medium
root@try2:/# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding            
root@try2:/# ip -6 r                                        
fc16::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
root@try2:/# systemctl restart networking                   
root@try2:/# ip -6 r                     
fe80::/64 dev eth0 proto kernel metric 256 pref medium
root@try2:/# echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
root@try2:/# ip -6 r                                        
fe80::/64 dev eth0 proto kernel metric 256 pref medium
root@try2:/# systemctl restart networking                   
root@try2:/# ip -6 r                                        
fc16::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::216:3eff:fe00:0 dev eth0 proto ra metric 1024 expires 1793sec hoplimit 64 pref medium
It can be fixed by `echo 0 > /proc/sys/net/ipv6/conf/all/forwarding` and `systemctl restart networking` ```sh root@try2:/# systemctl restart networking root@try2:/# ip -6 r fc16::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::216:3eff:fe00:0 dev eth0 proto ra metric 1024 expires 1795sec hoplimit 64 pref medium root@try2:/# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding root@try2:/# ip -6 r fc16::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium root@try2:/# systemctl restart networking root@try2:/# ip -6 r fe80::/64 dev eth0 proto kernel metric 256 pref medium root@try2:/# echo 0 > /proc/sys/net/ipv6/conf/all/forwarding root@try2:/# ip -6 r fe80::/64 dev eth0 proto kernel metric 256 pref medium root@try2:/# systemctl restart networking root@try2:/# ip -6 r fc16::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::216:3eff:fe00:0 dev eth0 proto ra metric 1024 expires 1793sec hoplimit 64 pref medium ```
earl-warren commented 2023-12-04 16:35:25 +00:00
Author
Owner
Copy link

It appears to be a Debian only issue: there is a report that the reproducer does not fail on Ubuntu.

Mh after playing around with your reproduction steps it seems to be an issue related to the debian Container, with an Ubuntu Container it all works fine, we discovered that under debian the route sometimes magically gets fixed after some indefinite time. We will stop for today and will have another look tomorrow.

It appears to be a Debian only issue: [there is a report that the reproducer does not fail on Ubuntu](https://matrix.to/#/!zpNKWqkiEOyljSMQDK:matrix.org/$CS5nnEHq8weeviY46VxN__nRe3WZN3BZZGcERbl20Kg?via=exozy.me&via=matrix.org&via=aria-net.org). > Mh after playing around with your reproduction steps it seems to be an issue related to the debian Container, with an Ubuntu Container it all works fine, we discovered that under debian the route sometimes magically gets fixed after some indefinite time. We will stop for today and will have another look tomorrow.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Reference: forgejo/lxc-helpers#19
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?