Problemas com o IPv6 no host KVM com bridge (Centos 7)

0

Problemas com o IPv6 no host KVM com ponte no Centos 7

Eu tenho ip6tables que são limpos com:

#> ip6tables -F

ND deve ser permitido

Então, se eu fizer:

#> ip -6 neigh
2a0d:2407:14::1 dev vmbr0  router FAILED

O roteador está em estado de falha

Informação SYSctl

#> sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1
net.ipv6.conf.vmbr0.disable_ipv6 = 0
net.ipv6.conf.vmbr0.autoconf = 1
net.ipv6.conf.vmbr0.accept_ra = 1
net.ipv6.conf.vmbr0.accept_ra_defrtr = 1
net.ipv6.conf.em1.disable_ipv6 = 0
net.ipv6.conf.em1.autoconf = 1
net.ipv6.conf.em1.accept_ra = 1
net.ipv6.conf.em1.accept_ra_defrtr = 1

Adicionando um IP IPv6

ip -6 addr add 2a0d:2407:14:b::a1/48 dev vmbr0
ip -6 route add 2a0d:2407:14::1 dev vmbr0
ip -6 route add default via 2a0d:2407:14::1 dev vmbr0

ou através de um arquivo

IPV6INIT=yes
IPV6ADDR=2a0d:2407:14:b::a1/48
IPV6FORWARDING=yes
IPV6_DEFAULTGW=2a0d:2407:14::1
IPV6_DEFROUTE="yes"
IPV6_AUTOCONF="yes"

/ etc / sysconfig / network

NETWORKING_IPV6=yes
NETWORKING=yes
IPV6FORWARDING=yes

Bridge está funcionando como esperado

vmbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet X.224.131.100  netmask 255.255.255.255  broadcast X.224.131.100
        inet6 2a0d:2407:14:b::a1  prefixlen 48  scopeid 0x0<global>
        inet6 2a07:a907:50a::1001  prefixlen 48  scopeid 0x0<global>
        inet6 fe80::222:19ff:fe69:e605  prefixlen 64  scopeid 0x20<link>
        ether 00:22:19:69:e6:05  txqueuelen 1000  (Ethernet)
        RX packets 743076424  bytes 313370954751 (291.8 GiB)
        RX errors 0  dropped 18329  overruns 0  frame 0
        TX packets 185499485  bytes 141916131563 (132.1 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Ping6 google.com

ping6 ipv6.google.com
PING ipv6.google.com(ams15s21-in-x0e.1e100.net (2a00:1450:400e:800::200e)) 56 data bytes
From fe80::222:19ff:fe69:e605%vmbr0 (fe80::222:19ff:fe69:e605%vmbr0) icmp_seq=1 Destination unreachable: Address unreachable
From fe80::222:19ff:fe69:e605%vmbr0 (fe80::222:19ff:fe69:e605%vmbr0) icmp_seq=2 Destination unreachable: Address unreachable
From fe80::222:19ff:fe69:e605%vmbr0 (fe80::222:19ff:fe69:e605%vmbr0) icmp_seq=3 Destination unreachable: Address unreachable
From fe80::222:19ff:fe69:e605%vmbr0 (fe80::222:19ff:fe69:e605%vmbr0) icmp_seq=4 Destination unreachable: Address unreachable
^C
--- ipv6.google.com ping statistics ---
6 packets transmitted, 0 received, +4 errors, 100% packet loss, time 5000ms

Pinging Gate (Fun começa) Depois de alguns pings (geralmente 5-6) o gate pára de responder e os pings consecutivos não passam.

#> ping6 2a0d:2407:14::1
PING 2a0d:2407:14::1(2a0d:2407:14::1) 56 data bytes
64 bytes from 2a0d:2407:14::1: icmp_seq=1 ttl=64 time=20.8 ms
^C
--- 2a0d:2407:14::1 ping statistics ---
7 packets transmitted, 1 received, 85% packet loss, time 6000ms
rtt min/avg/max/mdev = 20.877/20.877/20.877/0.000 ms

Rota 6

#> ip -6 route
unreachable ::/96 dev lo metric 1024 error -113
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -113
unreachable 2002:a00::/24 dev lo metric 1024 error -113
unreachable 2002:7f00::/24 dev lo metric 1024 error -113
unreachable 2002:a9fe::/32 dev lo metric 1024 error -113
unreachable 2002:ac10::/28 dev lo metric 1024 error -113
unreachable 2002:c0a8::/32 dev lo metric 1024 error -113
unreachable 2002:e000::/19 dev lo metric 1024 error -113
2a0d:2407:14::1 dev vmbr0 proto static metric 425
2a0d:2407:14::1 dev vmbr0 metric 1024
2a0d:2407:14::/48 dev vmbr0 proto kernel metric 256
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -113
default via 2a0d:2407:14::1 dev vmbr0 metric 1024

O que mais estou faltando na configuração que permitiria conectividade IPv6 na máquina?

De antemão obrigado pelo seu tempo olhando para isso.

Igor
fonte
Confirme com o seu datacenter o endereço correto de rede e gateway IPv6 atribuído ao seu servidor. Se eles estiverem corretos, isso pode ser um problema com seu equipamento.
Michael Hampton