[ovirt-users] selectively disabling IPv6 on bridges
Rik Theys
Rik.Theys at esat.kuleuven.be
Thu May 7 07:09:15 EDT 2015
Hi,
On 05/07/2015 12:46 PM, Dan Kenigsberg wrote:
> On Wed, May 06, 2015 at 01:53:35PM +0100, Dan Kenigsberg wrote:
>> On Wed, May 06, 2015 at 01:28:30PM +0200, Rik Theys wrote:
>>> Hi,
>>>
>>> I'm looking for a way to selectively disable IPv6 on the bridge interfaces
>>> on the oVirt hosts.
>>>
>>> When oVirt creates the bridges for all logical networks on the host, it
>>> keeps the default settings for IPv6 which means all bridges get a link-local
>>> address and accept router advertisements.
>>>
>>> When a VM is created on the logical network, it can now reach the host over
>>> IPv6 (but not over IPv4 if no IP address has been assigned on the host). If
>>> it sends out a router advertisement it can even create a global IPv6 address
>>> (haven't tested this).
>>>
>>> How can I prevent this?
>>>
>>> I would like to prevent the guest from IPv6 access to the host but the guest
>>> itself still needs IPv6 access (global IPv6 addresses).
>>>
>>> Is it sufficient to create a sysctl config file that says:
>>>
>>> net.ipv6.conf.default.disable_ipv6 = 1
>>
>> Yes, I believe that this would do the trick. For any newly-created
>> device on the system, regardless of ovirt bridges.
>>
>> I now see that el7 has changed the default for IPV6INIT to "yes". We
>> should be more prudent and set IPV6INIT=no on all our devices.
>
> Lukáš, it seems that setting IPV6INIT=no is not enough:
>
> IPV6INIT=yes|no
> Enable or disable IPv6 static, DHCP, or autoconf configuration for this interface
> Default: yes
>
> The bridge still gets a link-local ipv6 address anyway. Is there an initscript
> means to disable this completely, or should we resort to
> /proc/sys/net/ipv6/conf/<bridge-name>/disable_ipv6 ?
I think you also have to disable this on the physical interface that's
part of the bridge to fully disable this?
Regards,
Rik
--
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440 - B-3001 Leuven-Heverlee
+32(0)16/32.11.07
----------------------------------------------------------------
<<Any errors in spelling, tact or fact are transmission errors>>
More information about the Users
mailing list