[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian VMs on a routed libvirt IPv6 ULA network are not exchanging neighbor sollicitations with the host

Hello,

we have the following setup:
- a libvirt/KVM virtualization physical host running Debian 10
- Debian 10 and RHEL 8/CentOS 8 VMs as guests

Guest VMs usually have two (virtio) network interfaces:
- a static public interface (IPv4+IPv6 or IPv6 only, usually enp1s0), which access internet via a bridge (br0) on the host
- an internal interface (IPv6 only, usually enp2s0) connected to a routed libvirt virtual network with a /64 ULA network

The problematic behaviour is that, after a while, the Debian guests lose their internal ULA IPv6 address.
I could observe that it happens after the expiry of valid_lft, preferred_lft, as can be seen in the 'ip a' output.
Running 'ip neigh' shows that there is no REACHABLE router (but some STALE ones).

On the other hand, the CentOS VM do not show this behaviour and their addresses and routes are refreshed regularly.
But when I was debugging other issues with them, I realized that Network Manager is taking charge of these configurations.

In order to debug further, I ran tcpdump on the host, a Debian guest, and a CentOS guest:
- On the host (using the bridge created by libvirt for this routed virtual network, virbr2)
sudo tcpdump -n -i virbr2 icmp6
- On the guest
tcpdump -n -i enp2s0 icmp6

What I can observe is that:
- Neighbor sollicitations between the host and the CentOS VMs are being exchanged regularly
- With the Debian guest:
 - Neighbor sollicitations are exchanged when the VM is rebooted
 - Afterwards they are not exchanged...
 - ... unless one explicitly pings the guest from the host on this internal ULA address
 (then, one can see the echo packets, but also some routerneighbor sollicitations)

So, I am not sure how to analyze further, and I would be grateful for some hints.
It seems that a kind of regular "trigger" for the sollicitations is missing here.

Please find below some more configurations.
Thanks in advance!

Mathieu


## host network config
auto lo
iface lo inet loopback

auto br0 
iface enp1s0f0 inet manual 
iface enp1s0f0 inet6 manual 

iface br0 inet6 static
 bridge_ports enp1s0f0
 address 2001:XXXX:XXXX:XXXX::/56
 gateway 2001:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:ff

iface br0 inet static
 bridge_ports enp1s0f0 
 address XX.XX.XX.XX/24
 gateway XX.XX.XX.254
...

## guest network config
auto lo enp1s0 enp2s0 
iface lo inet loopback

iface enp1s0 inet static
  address YY.YY.YY.YY 
  netmask 255.255.255.255
  broadcast YY.YY.YY.YY
  post-up ip route add YY.YY.YY.254 dev enp1s0
  post-up ip route add default via YY.YY.YY.254
  pre-down ip route del YY.YY.YY.254 dev enp1s0
  pre-down ip route del default via YY.YY.YY.254

iface enp1s0 inet6 static
  address 2001:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY/64
  post-up ip route add YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:ff dev enp1s0
  post-up ip route add 2000::/3 via 2001:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:ff dev enp1s0
  pre-down ip route del 2001:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:ff dev enp1s0
  pre-down ip route del 2000::/3 via 2001:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:ff dev enp1s0

iface enp2s0 inet6 auto

## host sysctl options
net.ipv6.conf.all.accept_ra = 2
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.br0.send_redirects = 0
net.ipv4.conf.br0.rp_filter = 0
Reply to: