PDA

View Full Version : Tutorial: How to use IPv6 on OpenVZ server (VPS assign)



Fli
05-01-2013, 09:25 AM
IPv4 tooo expensive. How nice it would be to use free IPv6 IPs instead.. Here is my journey and discovery setting UP OpenVZ server to work with IPv6. So i can assign IPv6 to VPSs.
And i was successfull to assign IPv6 to a VPS, and be able to ping6 from that VPS.

PS1: If you have an experience with IPv6 setup, please contribute.

OpenVZ node IPv6 Networking configuration

On the node (server where are VPSs) i have these files:

vi /etc/sysconfig/network:

...
NETWORKING_IPV6=yes
IPV6FORWARDING=yes
IPV6_DEFAULTDEV=eth0
IPV6_DEFAULTGW=2001:****:0002:****:0000:0000:0000: 0000 (openvz shows that it should end by ::1)
IPV6_AUTOCONF=no
...

vi /etc/sysconfig/network-scripts/ifcfg-eth0

...
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6ADDR=2001:****:2:****::1/64 (openvz shows that this ip should be without /64, but OVH.com says with, for me it worked even this is empty "IPV6ADDR=")
...

vi /etc/sysctl.conf

...
# Disable IPv6 autoconf
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
net.ipv4.ip_conntrack_max=32760
#these are new
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.proxy_ndp = 1
net.ipv6.bindv6only = 1
net.ipv4.conf.default.proxy_arp=0
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.send_redirects=1
net.ipv4.conf.all.send_redirects=0
...

(so these are the places where IPv6 should be enabled on Your OpenVZ host server. Backup these files and if you are sure, try to do similar edittings. Only use your own IPV6_DEFAULTGW and IPV6ADDR which was assigned to your Dedicated server by datacenter. Example IPv6 address: 2001:41d0:2:2f6f::/64 .Use subnet calculator (http://www.webdnstools.com/dnstools/ipcalc)to play with it)

After setting up above services, maybe restarting network by command: service network restart (im not sure if it cant cause your server unreachable..), you should try pinging some IPv6 site to see if it works. Example command:


ping6 ipv6.google.com

If it succeeded, it should return something like: "64 bytes from lhr14s20-in-x13.1e100.net: icmp_seq=1 ttl=53 time=12.9 ms", if NOT succeeded, it can say "Destination Unreachable", In my case, i got this Unreachable error and i needed to set some "route" to broadcast IPv6:

My IPv6 gateway (1) and My IPv6 broadcast (2):
(1) 2001:****:*:****::1
(2) 2001:****:*:6fff:ff:ff:ff:ff

This command solved the "Destination unreachable: Address unreachable" error:


route -A inet6 add default gw 2001:****:*:6fff:ff:ff:ff:ff dev eth0

I now can ping6 from host even from VPSs by command "ping6 ipv6.google.com", and it returns reply "64 bytes from lhr14s20-in-x11.1e100.net: icmp_seq=0 ttl=53 time=13.4 ms"

Assigning an IPv6 to a OpenVZ VPS/VM

from node, do command: vzctl set VMID --ipadd IPv6IP --save (example: vzctl set 460 --ipadd 2001:41x1:3:1f3f::5 --save)
How to determine which IPv6 to assign? see: http://internetlifeforum.com/networking/909-how-determine-assigned-ipv6-addresses/ .
To delete an IPv6 from VPS/VM, do --ipdel instead of --ipadd

Pinging from VPS

ping6 ipv6.google.com

should go thru, NOT saying:
"From 2001:41x1:3:1f3f::5 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:41x1:3:1f3f::5 icmp_seq=3 Destination unreachable: Address unreachable"

Should say like:
"PING ipv6.google.com(lhr14s20-in-x11.1e100.net) 56 data bytes64 bytes from lhr14s20-in-x11.1e100.net: icmp_seq=0 ttl=53 time=214 ms
64 bytes from lhr14s20-in-x11.1e100.net: icmp_seq=1 ttl=53 time=13.4 ms"

If saying unreachable, then there is SOME issue. It might be on the host node as described above. You ensure datacenter really assigned IPv6 to a server, then ensure config files mentioned above are configuret to allow IPv6, then there is an route as described above.
It should ping the gateway at least:

ping6 2001:****:*:****::1

if you found the solution for IPv6 in VPS, please kindly share your tutorial in this topic.

Additional Server software IPv6 configuration

1) Configure SSH to respond to IPv6 addresses:
vi /etc/ssh/sshd_config

Uncomment the #AddressFamily and #ListenAddress :: lines so it looks like this:
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

AddressFamilly values can be any, inet or inet6 (dpending if you want to allow ipv4, ipv6 or both. :: listen address is for ipv6.


This will bind sshd to every address on machine.

2) Configure DNS (named) to listen
vi /etc/*named*.conf

listen-on-v6 port 53 { any; };

3) Configure Apache

vi /etc/httpd/conf/httpd.conf

Listen [::]:80
and
<VirtualHost [3ffe:ffff:1234::baf]:80 60.70.80.90:80>
ServerName www.mydomain.com (http://www.mydomain.com)
[...]
</VirtualHost>

service httpd restart

Domain registar configuration

DNS Registrars allows to add AAAA (IPv6) glue: http://www.sixxs.net/faq/dns/?faq=ipv6glue
Example:

www IN A 65.75.85.95
www IN AAAA 3ffr:ffff:1234::baf



========================================

Another resources

IPv6 calculators:
Example IPv6 address: 2001:41d0:2:2f6f::/64
Use subnet clculator (http://www.webdnstools.com/dnstools/subnet) or other IP calculators (http://www.webdnstools.com/dnstools/ipcalc)

SERVER & OpenVZ tutorials
Enable for OpenVZ and Add IPv6 to a VPS: http://www.mariusv.com/openvz-and-ipv6-configuration/
OpenVZ guide on enabling, adding IPv6: http://openvz.org/IPv6
Centos setup & Assign/Remove IPv6 from VM: http://www.mariusv.com/openvz-and-ipv6-configuration/
OpenVZ Venet IPv6 extended: http://kbeezie.com/ipv6-openvz-venet/
Cyberciti.niz IPv6 setup (good one, without OpenVZ!): http://www.cyberciti.biz/faq/rhel-redhat-fedora-centos-ipv6-network-configuration/
IPv6 by OVH: http://help.ovh.co.uk/Ipv4Ipv6 (česky (http://prirucky.ovh.cz/Ipv4Ipv6))