[ovirt-users] selectively disabling IPv6 on bridges

Rik Theys Rik.Theys at esat.kuleuven.be
Thu May 7 07:40:20 UTC 2015


Hi,

On 05/06/2015 02:53 PM, Dan Kenigsberg wrote:
> On Wed, May 06, 2015 at 01:28:30PM +0200, Rik Theys wrote:
>> I'm looking for a way to selectively disable IPv6 on the bridge interfaces
>> on the oVirt hosts.
>>
>> When oVirt creates the bridges for all logical networks on the host, it
>> keeps the default settings for IPv6 which means all bridges get a link-local
>> address and accept router advertisements.
>>
>> When a VM is created on the logical network, it can now reach the host over
>> IPv6 (but not over IPv4 if no IP address has been assigned on the host). If
>> it sends out a router advertisement it can even create a global IPv6 address
>> (haven't tested this).
>>
>> How can I prevent this?
>>
>> I would like to prevent the guest from IPv6 access to the host but the guest
>> itself still needs IPv6 access (global IPv6 addresses).
>>
>> Is it sufficient to create a sysctl config file that says:
>>
>> net.ipv6.conf.default.disable_ipv6 = 1
>
> Yes, I believe that this would do the trick. For any newly-created
> device on the system, regardless of ovirt bridges.
>
> I now see that el7 has changed the default for IPV6INIT to "yes". We
> should be more prudent and set IPV6INIT=no on all our devices.
>
> Would you open a bug about this, so it is tracked?

I've opened bug 1219363 for this.

Regards,

Rik


-- 
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440  - B-3001 Leuven-Heverlee
+32(0)16/32.11.07
----------------------------------------------------------------
<<Any errors in spelling, tact or fact are transmission errors>>



More information about the Users mailing list