IPv6 shouldn’t be disabled by default in libvirt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt |
Fix Released
|
High
|
|||
libvirt (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
libvirt by default disables IPv6 as a result of this patch: https:/
This is incorrect behaviour. IPv6 should never be disabled by default, and the need for IPv6–enabled software grows greater every day.
Currently, libvirt both sets net.ipv6.
This can be fixed by only setting accept_ra=0, while not touching disable_ipv6. (If a sysadmin still wants IPv6 disabled, they can do so on the kernel command line, or set net.ipv6.
It is important that this is fixed, because Ubuntu 10.04 LTS is supported until 2015 — three years after the predicted exhaustion of the RIR IPv4 pool (and four years after the exhaustion of the IANA pool).
Related branches
tags: | added: patch |
Changed in libvirt (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in libvirt: | |
importance: | Unknown → High |
status: | Unknown → Fix Released |
Description of problem: conf.virbr1. disable_ ipv6=1)
A bridge interface generated by libvirt/qemu is IPv6 enabled by default. Ok, can be, but this should be made switchable by network.xml (e.g. net.ipv6.
The bad thing is that, it accepts router advertisements. I have a VM, which acts as an IPv6 router for an isolated network (testing purposes) and has a running radvd (only on this isolated network). Suddenly, virbr1 also gets an RA, configures a related IPv6 address and add a default route to this VM.
This destroys the IPv6 default routing for the host itself, if done e.g. later via aiccu.
Version-Release number of selected component (if applicable): virtinst- 0.400.3- 1.fc10. noarch 0.0.3-3. fc10.i386 0.2.9-6. fc10.i386 0.5.1-2. fc10.i386 0.6.0-5. fc10.i386 python- 0.5.1-2. fc10.i386 1.0.3-2. fc10.i386
# rpm -qa |grep virt
python-
virt-viewer-
virt-mem-
libvirt-
virt-manager-
libvirt-
virt-top-
How reproducible:
always
Steps to Reproduce:
1. setup a router VM with 2 nics, one on a NAT bridge shared with the host (virbr0) and one isolated bridge (virbr1)
2. Configure radvd on this router VM for isolated network only
3. Wait...
Actual results:
# ip -6 addr show dev virbr1 MULTICAST, UP,LOWER_ UP> mtu 1500 4c3:8bff: fe**:** **/64 scope site dynamic 8bff:fe* *:****/ 64 scope link
16: virbr1: <BROADCAST,
inet6 fec0::1:
valid_lft 2591985sec preferred_lft 604785sec
inet6 fe80::4c3:
valid_lft forever preferred_lft forever
# ip -6 route show dev virbr1 ff:fe** :**** proto kernel metric 1024 expires 0sec mtu 1500 advmss 1440 hoplimit 64
fe80::/64 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fec0:0:0:1::/64 proto kernel metric 256 expires 0sec mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::5652:
and starting then aiccu on the host results in:
# ip -6 route show |grep ^default ff:fe** :**** dev virbr1 proto kernel metric 1024 expires 0sec mtu 1500 advmss 1440 hoplimit 64 900:*** *::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 4294967295
default via fe80::5652:
default via 2001:6f8:
So now 2 default IPv6 routes are existing, but the first one didn't work.
Expected results:
Neither autoconfigured IPv6 address no autoconfigured default route on a bridge interface.
Additional info:
Imho, a bridge should be *IPv4- and IPv6-less* by default and get only such addresses by explicit configuration, because in Linux currently the isolation does not really exist.
Afair I have already detected this on a Xen installation more than one year before, same issue...don't remember whether I had already reported this.