[systemd-devel] systemd-nspawn and IPv6

[Dimitri John Ledkov]

On 27 April 2015 at 15:01, Lennart Poettering <lennart at poettering.net> wrote:
> On Sun, 26.04.15 16:50, Kai Krakow (hurikhan77 at gmail.com) wrote:
>
>> Hello!
>>
>> I've successfully created a Gentoo container on top of a Gentoo host. I can
>> start the container with machinectl. I can also login using SSH. So mission
>> almost accomblished (it should become a template for easy vserver cloning).
>>
>> But from within the IPv6-capable container I cannot access the IPv6 outside
>> world. Name resolution via IPv6 fails, as does pinging to IPv6. It looks
>> like systemd-nspawn does only setup IPv4 routes to access outside my gateway
>> boundary. IPv6 does not work.
>
> Well, networkd on the host automatically sets up IPv4 masquerading for
> each container. We simply don't do anything equivalent for IPv6
> currently.
>
> Ideally we wouldn't have to do NAT for IPv6 to make this work, and
> instead would pass on some ipv6 subnet we acquired from uplink without
> NAT to each container, but we currently don't have infrastructure for
> that in networkd, and I am not even sure how this could really work,
> my ipv6-fu is a bit too limited...
>
> or maybe we should do ipv6 nat after all, under the logic that
> containers are just an implementation detail of the local host rather
> than something to be made visible to the outside world. however code
> for this exists neither.
>
> Or in other words: ipv6 setup needs some manual networking setup on
> the host.

One should roll the dice and generate unique local address /48 prefix
and use that to setup local addressing, ideally with
autoconfigurations (e.g. derive a fake mac from container uuid and
using the "hosts's" ULA prefix auto-assign ipv6 address)

For giggles see http://unique-local-ipv6.com/

-- 
Regards,

Dimitri.
Pura Vida!

https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.