[systemd-devel] systemd-nspawn and IPv6
Alexander E. Patrakov
patrakov at gmail.com
Wed Apr 29 00:05:33 PDT 2015
29.04.2015 11:15, Jörg Thalheim wrote:
>> Well, would that enable automatic, correcting routing between the
>> container and the host's external network? That's kinda what this all
>> is about...
>>
>> Lennart
>>
>
> In case we know, which interface provides the external network, it is also possible to use proxy ndp
> to give containers routeable ips:
>
> sysctl -w net.ipv6.conf.<if>.proxy_ndp=0
> ip -6 neigh add proxy <ip> dev <if>
>
> where <if> is the external interface and <ip> is the container ip.
> Proxy NDP will reply with Neighbor Advertisement on the interface in
> question if somebody has sended a Neighbor Solicitation messages for an added ip (similar to ARP Requests/Response).
>
> To give a container an ip from the subnet advertised on the external interface, it would be required to proxy router advertisements between external interface and bridge (or veth pair).
> Afaik their is no such proxy for router advertisements, so it would required to bridge the external interface with the bridge (or the host side of the veth pair),
> which would break the isolation between external and internal network. (Maybe somebody has a better solution on how to get an ip via router advertisement)
Such proxy exists, it is a part of odhcpd, which is used in OpenWRT.
https://github.com/sbyx/odhcpd
--
Alexander E. Patrakov
More information about the systemd-devel
mailing list