BenV's notes

Xen and routed IPv6

by on Sep.28, 2009, under Software

Xenbro has found its way into the Coloclue racks where it is now running with real IP addresses. The Coloclue network routes all IP space to the main IP address of the machine so that precious IP addresses are not ‘lost’ to reserved network and broadcast addresses. This means that my /29 has 8 usable addresses in stead of only 6. In order to set this up you simply change the network-script and vif-script to the -route variants in /etc/xen/xend-config.sxp so it looks like this:

(network-script network-route)
(vif-script vif-route)

Easy. Make sure ip forwarding is enabled though (check /proc/sys/net/ipv4/ip_forward, it should be 1) , and for IPv6 forwarding you need to enable /proc/sys/net/ipv6/conf/all/forwarding. Note that you must enable it on the -all- directory, only enabling it on a single interface won’t do what you’d expect (this took me a while to figure out ;)).
After requesting both a set of IPv4 and IPv6 addresses I stumbled upon Xen’s /etc/xen/scripts/vif-route script which doesn’t do anything with IPv6! Since I do want my IPv6 space routed to my domU (and probably to the others as well) I decided to molest the script a little. My modification assumes you provide both the IPv4 address and IPv6 range you want to use on the domU. Here’s the diff:
[Download not found]
Note that my patch adds some extra logging as well, you can hack that out yourself if it annoys you.
If patching is too difficult for you, here’s the patched vif-route script:
[Download not found]

Don’t forget to put your IP addresses in your domU’s config file:

# domU.cfg
vif = [ 'mac=00:16:11:11:2b:11, ip=2345::1/64 192.168.2.100' ]

After patching vif-route and enabling the script in xend-config.sxp you still have to set routes to the dom0 in your domU. Example for dom0 with 192.168.1.1 and 1234::1

# IPv4
root@domU# ifconfig eth0 192.168.2.10 netmask 255.255.255.255 # Your domU's IPv4 address here
root@domU# ip ro add 192.168.1.1 dev eth0
root@domU# ip ro add default via 192.168.1.1
# IPv6
root@domU# ip -6 addr add 2345::1/64 dev eth0 # Your domU's IPv6 range here
root@domU# ip -6 ro add 1234::1 dev eth0
root@domU# ip -6 ro add default via 1234::1

Now it works (unless you did something stupid of course) 🙂




:,

3 Comments for this entry

  • IainKay

    Hey BenV,
    thanks for an interesting read. I’ve given this a bash on my Xen Dom0 and so far I’m having 50% positive results. Xen will actually boot the domain now instead of complaining about the IPv6 address in the config file, but I can’t seem to get the IPv6 address pinging outside or the domU pinging the dom0 over IPv6.
    I’m using CentOS with Xen 3.0.3 and vif-route (your patched script).
    For IPv4 I have the IP address set to 94.23.159.153 and the gateway is also 94.23.159.153 with a netmask of 255.255.255.255. I don’t know why this works, but it does. I’ve tried a few variations for IPv6 gateway but haven’t got a clue really.
    Any ideas?
    All the IP addresses are publicly routed btw.

  • BenV

    Hej IainKay, thanks for commenting.
    It sounds like you either forgot to enable IPv6 forwarding on your dom0 (the stuff in yellow above, echo 1 > /proc/sys/net/ipv6/conf/all/forwarding), or maybe it’s a firewalling issue.
    Make sure ip6tables isn’t blocking anything.
    I haven’t tested my patched scripts on older Xen versions, so it could be that there’s a problem in those. When you ping your dom0 from your domU, can you see anything coming in when you run tcpdump on your dom0?

    It’s always hard to diagnose these problems without actually being able to check stuff on the machine 🙂
    Good luck!

  • Melody

    Hey BenV. Just wanted to say Thank You. 🙂 Works great and since I give out IPv6 prefixes via my DHCP server, I just had to forward and restart my VMs.

    Thanks again. 🙂

1 Trackback or Pingback for this entry

Leave a Reply

You must be logged in to post a comment.