[ovirt-users] selectively disabling IPv6 on bridges
Dan Kenigsberg
danken at redhat.com
Wed May 6 12:53:35 UTC 2015
On Wed, May 06, 2015 at 01:28:30PM +0200, Rik Theys wrote:
> Hi,
>
> I'm looking for a way to selectively disable IPv6 on the bridge interfaces
> on the oVirt hosts.
>
> When oVirt creates the bridges for all logical networks on the host, it
> keeps the default settings for IPv6 which means all bridges get a link-local
> address and accept router advertisements.
>
> When a VM is created on the logical network, it can now reach the host over
> IPv6 (but not over IPv4 if no IP address has been assigned on the host). If
> it sends out a router advertisement it can even create a global IPv6 address
> (haven't tested this).
>
> How can I prevent this?
>
> I would like to prevent the guest from IPv6 access to the host but the guest
> itself still needs IPv6 access (global IPv6 addresses).
>
> Is it sufficient to create a sysctl config file that says:
>
> net.ipv6.conf.default.disable_ipv6 = 1
Yes, I believe that this would do the trick. For any newly-created
device on the system, regardless of ovirt bridges.
I now see that el7 has changed the default for IPV6INIT to "yes". We
should be more prudent and set IPV6INIT=no on all our devices.
Would you open a bug about this, so it is tracked?
Regards,
Dan.
>
> ?
>
> Regards,
>
> Rik
>
>
> --
> Rik Theys
> System Engineer
> KU Leuven - Dept. Elektrotechniek (ESAT)
> Kasteelpark Arenberg 10 bus 2440 - B-3001 Leuven-Heverlee
> +32(0)16/32.11.07
> ----------------------------------------------------------------
> <<Any errors in spelling, tact or fact are transmission errors>>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list