[ovirt-users] selectively disabling IPv6 on bridges

Dan Kenigsberg danken at redhat.com
Wed May 6 12:53:35 UTC 2015


On Wed, May 06, 2015 at 01:28:30PM +0200, Rik Theys wrote:
> Hi,
> 
> I'm looking for a way to selectively disable IPv6 on the bridge interfaces
> on the oVirt hosts.
> 
> When oVirt creates the bridges for all logical networks on the host, it
> keeps the default settings for IPv6 which means all bridges get a link-local
> address and accept router advertisements.
> 
> When a VM is created on the logical network, it can now reach the host over
> IPv6 (but not over IPv4 if no IP address has been assigned on the host). If
> it sends out a router advertisement it can even create a global IPv6 address
> (haven't tested this).
> 
> How can I prevent this?
> 
> I would like to prevent the guest from IPv6 access to the host but the guest
> itself still needs IPv6 access (global IPv6 addresses).
> 
> Is it sufficient to create a sysctl config file that says:
> 
> net.ipv6.conf.default.disable_ipv6 = 1

Yes, I believe that this would do the trick. For any newly-created
device on the system, regardless of ovirt bridges.

I now see that el7 has changed the default for IPV6INIT to "yes". We
should be more prudent and set IPV6INIT=no on all our devices.

Would you open a bug about this, so it is tracked?

Regards,
Dan.
> 
> ?
> 
> Regards,
> 
> Rik
> 
> 
> -- 
> Rik Theys
> System Engineer
> KU Leuven - Dept. Elektrotechniek (ESAT)
> Kasteelpark Arenberg 10 bus 2440  - B-3001 Leuven-Heverlee
> +32(0)16/32.11.07
> ----------------------------------------------------------------
> <<Any errors in spelling, tact or fact are transmission errors>>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users



More information about the Users mailing list