Could be helpful to know what were the changes, for @Neoon (and others) to ask for at other upstream providers.
@MaxKVM did not specify on the support ticket what networking changes were applied, but they did mention that it was a change they tried previously but did not get applied correctly. My suspicion is disabling ebtables as they have mentioned previously.
I'm trying to setup ndppd on several KVM servers so that I can give some Docker containers public IPv6 address.
However, it works on some servers but not on others.
Nexril - SolusVM, works:
19:13:17.958191 IP6 2604:fbc0:2::1 > ff02::1:ff72:f:
ICMP6, neighbor solicitation, who has 2604:fbc0:2:xxxx:646f:636b:6572:f, length 32
19:13:17.958472 IP6 2604:fbc0:2:xxxx::2 > 2604:fbc0:2::1:
ICMP6, neighbor advertisement, tgt is 2604:fbc0:2:xxxx:646f:636b:6572:f, length 32
WebHorizon - Virtualizor, does not work:
00:07:53.617438 IP6 fe80::669d:99ff:feb1:55b8 > ff02::1:ff72:2:
ICMP6, neighbor solicitation, who has 2a03:cfc0:803f:xxxx:646f:636b:6572:2, length 32
00:07:53.617714 IP6 fe80::216:3eff:fedd:7c83 > fe80::669d:99ff:feb1:55b8:
ICMP6, neighbor advertisement, tgt is 2a03:cfc0:803f:xxxx:646f:636b:6572:2, length 32
Evolution Host - Virtualizor, does not work:
20:26:21.134809 IP6 fe80::e6c7:22ff:fe4f:1f3a > ff02::1:ffc3:d002:
ICMP6, neighbor solicitation, who has 2604:f440:2:0:eb26:xxxx:4dc3:d002, length 32
20:26:22.392771 IP6 fe80::216:3eff:fe43:dee1 > fe80::e6c7:22ff:fe4f:1f3a:
ICMP6, neighbor advertisement, tgt is 2604:f440:2:0:eb26:xxxx:4dc3:d002, length 32
I compared those to an IPv6 address assigned directly on the KVM machine, WebHorizon - Virtualizor:
00:29:39.378544 IP6 fe80::669d:99ff:feb1:55b8 > ff02::1:ff00:6666:
ICMP6, neighbor solicitation, who has 2a03:cfc0:803f:xxxx::6666, length 32
00:29:39.378581 IP6 2a03:cfc0:803f:xxxx::6666 > fe80::669d:99ff:feb1:55b8:
ICMP6, neighbor advertisement, tgt is 2a03:cfc0:803f:885::6666, length 32
What I can see is:
SolusVM host node sends neighbor solicitation from a global address. ndppd responds from a global address. Everything works.
Virtualizor host node sends neighbor solicitation from a link-local address. ndppd responds from a link-local address. The neighbor advertisement seems to be rejected.
If the solicited address is assigned to the KVM machine itself and not ndppd, the neighbor advertisement is sent from the global address, and Virtualizor would accept it.
Is there any way to make ndppd send neighbor advertisement from the solicited address?
Comments
Could be helpful to know what were the changes, for @Neoon (and others) to ask for at other upstream providers.
@MaxKVM did not specify on the support ticket what networking changes were applied, but they did mention that it was a change they tried previously but did not get applied correctly. My suspicion is disabling ebtables as they have mentioned previously.
I'm trying to setup ndppd on several KVM servers so that I can give some Docker containers public IPv6 address.
However, it works on some servers but not on others.
Nexril - SolusVM, works:
WebHorizon - Virtualizor, does not work:
Evolution Host - Virtualizor, does not work:
I compared those to an IPv6 address assigned directly on the KVM machine, WebHorizon - Virtualizor:
What I can see is:
Is there any way to make ndppd send neighbor advertisement from the solicited address?
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
@yoursunny Yes I have found that it will not work on some ISPs, but never got details why.
You should contact the developer with these findings: https://github.com/DanielAdolfsson/ndppd/issues