You are not logged in.

Pages: 1

#1 2013-05-21 11:34:11

raunz
Member
Registered: 2008-11-27
Posts: 36

netctl vlan for IPv6

Hello dear archlinux community.

Recently I converted to netctl and had some trouble with it.
With the new system I also tried a new thing (and there is not much to find on google):
I wanted to use vlans on my archlinux vserver to listen on multiple IPv6 addresses.
The eth0 interface is reachable via IPv4&6 from outside but the virtual eth0.10 is not.

Do I have the config right? Any logic problems?

Description='uplink ipv4/6'
Interface=eth0
Connection=ethernet
IP=dhcp
## for IPv6
#IP6=dhcp
IP6=static
Address6=('my:ip:v:6::1/64')

and for the vlan

Description='vlan10 on interface eth0'
Interface=eth0.10
Connection=vlan
BindsToInterfaces=eth0
VLANID=10
#IP=no
#IP=static
#Adress=('127.0.0.1/8')
IP6=static
Address6=('my:ip:v:6::10/64')

For some diagnostics
ip -6 route

my:ip:v:6::/64 dev eth0  proto kernel  metric 256
my:ip:v:6::/64 dev eth0.10  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev eth0.10  proto kernel  metric 256
default via fe80::4 dev eth0  metric 202

ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
    inet my.ip.v.4/22 brd 37.221.195.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 my:ip:v:6::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 x::x:x:x:x/64 scope link
       valid_lft forever preferred_lft forever
3: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
    inet6 my:ip:v:6::10/64 scope global
       valid_lft forever preferred_lft forever
    inet6 x::x:x:x:x/64 scope link
       valid_lft forever preferred_lft forever

/edit
Had to append two lines to /etc/sysctl.conf to get IPv6 working on eth0 in the first place

net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.eth0.accept_ra = 0

Excuse my bad english ^^
Hope to see some replies soon smile

Last edited by raunz (2013-05-21 11:46:32)

Offline

#2 2013-05-21 22:06:39

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,224
Website

Re: netctl vlan for IPv6

You're using the same subnet in both VLAN's? That's possibly causing asymmetric routing (ie, packet comes in eth0.10, your kernel routes it back via eth0). Not a huge issue in itself, although an upstream firewall might not like it.

The upstream router probably has the same issue; it sees my:ip:v:6::1/64 is on it's eth0 interface, so it routes traffic for my:ip:v:6::10 via eth0 instead of eth0.10 although IIRC Linux does answer for any address it owns on any interface, but that might have changed for IPv6, I haven't tested it.

May I ask why you have the same subnet in multiple Layer 2 networks?

EDIT: by the way, to make the obfuscation of your IP address easier to read, in future just replace the first couple of Chazwazzas* with 2001:db8:: so 2001:87aa:2822:ab34::10 becomes 2001:db8::2822:ab34::10 (yes, it's an invalid address, but it makes it easier to read as an IPv6 address still)

* There's still no accepted name for the 'parts' of an IPv6 address: http://tools.ietf.org/html/draft-denog- … ection-4.1

Last edited by fukawi2 (2013-05-21 22:12:10)

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#3 2013-05-27 07:01:47

raunz
Member
Registered: 2008-11-27
Posts: 36

Re: netctl vlan for IPv6

Yes I do because my vserver provider is giving me a full range of adresses: 2001:db8:2:14c::/64
How am I supposed to use all of these addresses?

I tried to assign different SSL Certs to the interfaces.

rgds

Offline

#4 2013-05-27 23:02:58

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,224
Website

Re: netctl vlan for IPv6

You need to describe your setup in more detail for us.

At the moment, my understanding is that you have the below arrangement; is this correct?

+------------------------+
|     INTERNET           |
+---------+--------------+
          |
          |
          |eth0
+---------v--------------+
|      VSERVER           |
+---------+--------------+
          |eth0.10
          |
          |
          |
+---------v--------------+
|   Some other network   |
+------------------------+

(Created with http://www.asciiflow.com/)

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#5 2013-05-28 07:45:02

raunz
Member
Registered: 2008-11-27
Posts: 36

Re: netctl vlan for IPv6

More something like this:

+------------------------+
|     INTERNET           |
+---------+---------+----+
          |         |
          |         |
          |eth0     |eth0.10 / eth0.20 / eth0.21 / ...
+---------v---------v----+
|      VSERVER           |
+------------------------+

I got one IPv4 address and several IPv6 addresses which I want to make reachable from the internet.

... if thats even possible

Last edited by raunz (2013-05-28 07:50:12)

Offline

#6 2013-05-28 23:08:52

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,224
Website

Re: netctl vlan for IPv6

Is that how your provider sets it up or have you created that setup?

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

Pages: 1

Board footer

Powered by FluxBB