Re: IPv6 and XEN scripts

To: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Cc: debian-ipv6 <debian-ipv6@lists.debian.org>
Subject: Re: IPv6 and XEN scripts
From: Michael Richardson <mcr@sandelman.ca>
Date: Tue, 15 Jun 2010 10:26:31 -0400
Message-id: <13440.1276611991@marajade.sandelman.ca.sandelman.ca>
In-reply-to: <4C16E65E.5040409@linux-ipv6.org>
References: <10476.1276565780@marajade.sandelman.ca.sandelman.ca> <4C16E65E.5040409@linux-ipv6.org>

>>>>> "YOSHIFUJI" == YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> writes:
    >> I have a number of XEN Dom0 machines running lenny.
    >> 
    >> When they boot, the XEN bridge scripts basically toast the IPv6
    >> configuration.
    >> 
    >> I'm looking for some thoughts on what the "right" answer might
    >> be, so that I can work on a proper solution.

    YOSHIFUJI> It depends on your requirements.  Topology: Wired
    YOSHIFUJI> network? Host? Router?  Address assignment? Security? 
    YOSHIFUJI> ....?

Basic requirement:
      - if I put an IPv6 into /etc/network/interfaces, or 
      - I get an address via autoconf

the XEN "bridify" scripts should not break it.

The problem is threefold:
    a) we have no way to turn off autoconf on an interface-by-interface
       basis.  This means that we can get a DAD fail once the physical
       interface has been into a bridge, because the bridge device
       will have the same MAC address as the physical address.
       In practice, this often doesn't occur because...

    b) once a physical device is part of a bridge, it no longer sends
       packets up it's stack, so any network configuration that existed
       (such as IPv6 addresses and plumbing) are rendered
       non-functional.

    c) the XEN bridgify process involves an ifconfig FOO down on the 
       devices, and so any configuration that occured on the physical
       device is lost.

One remedy I can see if to introduce some kind of "--redo" option to
ifup that causes it to run through the ifup process again, and use this 
in the XENify scripts once the plumbing has been adjusted.
Maybe the ifup -f option does enough, but it doesn't cause autoconf to
be redone. (/usr/sbin/ndisc6 can do that)

Once the above is done, then the dom0 won't lose IPv6 when XEN is
enabled.  

Guest machines will then be bridged on the "wire" and can already do
IPv6 on that wire if they like.

Advanced configurations might include:
         - use DHCPv6 get-a-subnet option to get a /64
         - use a non-bridged XEN configuration and become a router.

But, *I* at least don't have need of this now.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition.

Reply to:

Follow-Ups:
- Re: IPv6 and XEN scripts
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>

References:
- IPv6 and XEN scripts
  - From: Michael Richardson <mcr@sandelman.ca>
- Re: IPv6 and XEN scripts
  - From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

Prev by Date: Re: IPv6 and XEN scripts
Next by Date: Re: IPv6 and XEN scripts
Previous by thread: Re: IPv6 and XEN scripts
Next by thread: Re: IPv6 and XEN scripts
Index(es):
- Date
- Thread