SOLVED IPv6 in VM works with SLAAC but not DHCPv6

[hexadecagram]

Hi all,

I've got a Linuxux VM which, as one might surmise based on the title of this thread, will request and reply to ICMP6 echoes only if SLAAC is enabled. If the guest is configured to use DHCPv6, I have no such luck.

My question is, why might this be? I seem to recall having to # sysrc ipv6_activate_all_interfaces="YES" on a distinct FreeBSD machine, so I have configured that as a tuneable in the TrueNAS WebGUI.

Is there a way to restart networking? Issuing # service netif restart on the host CLI tells me that "onerestart" is necessary so I am reluctant to try that, and rebooting seems the only option.

To enable the guest to use SLAAC, /etc/systemd/network/en.network inside the guest look like this, the crucial line being IPv6AcceptRA=yes:

Code:

[Match]
Name=en*

[Network]
DHCP=yes
IPv6AcceptRA=yes

[DHCP]
UseDomains=yes

[IPv6AcceptRA]
UseDomains=yes

 

[Patrick M. Hausen]

Please post the output of ifconfig on your TrueNAS host.

 

[hexadecagram]

Hi Patrick, thanks for responding. Here is the output of % ifconfig.

Code:

ix0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: connected to sw-electrical-room-core (544)
        options=a538b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
        ether 3c:ec:ef:0d:5e:7e
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
ix1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: connected to sw-electrical-room-core (542)
        options=a538b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
        ether 3c:ec:ef:0d:5e:7e
        hwaddr 3c:ec:ef:0d:5e:7f
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
        groups: pflog
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lagg0
        options=a538b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
        ether 3c:ec:ef:0d:5e:7e
        inet6 fe80::3eec:efff:fe0d:5e7e%lagg0 prefixlen 64 scopeid 0x5
        inet6 fde8:aa0f:543d:f031:3eec:efff:fe0d:5e7e prefixlen 64 autoconf
        inet 192.168.0.65 netmask 0xffffff00 broadcast 192.168.0.255
        laggproto lacp lagghash l2,l3,l4
        laggport: ix0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
        laggport: ix1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
        groups: lagg
        media: Ethernet autoselect
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:88:dc:d7:4c:00
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 7 priority 128 path cost 2000000
        member: lagg0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 5 priority 128 path cost 10000
        groups: bridge
        nd6 options=1<PERFORMNUD>
vnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether fe:a0:98:5c:7a:c1
        hwaddr 58:9c:fc:10:ff:c6
        groups: tap
        media: Ethernet autoselect
        status: active
        nd6 options=1<PERFORMNUD>
        Opened by PID 56390

 

[Patrick M. Hausen]

Having any IP address configuration (v4 or v6) on a bridge member interface is unsupported in FreeBSD. Unfortunately TrueNAS automatically creates a bridge interface without adjusting the layer 3 address configuration whenever you create a VM or a jail.

What you need to do:

• Reboot with autostart of your VM set to "off". This gets rid of the automatically created bridge.
• Manually create a "bridge0" interface (type "BRIDGE", obviously).
• Make lagg0 the only member of that bridge interface.
• Remove all IP addresses including (if applicable) IPv6 autoconf from your lagg0.
• Assign the same IP address configuration to your bridge0 instead.

Thanks to the two step "test" and "save" process for network changes you should be able to do all that without losing connectivity.
Then reboot just to make sure and check with ifconfig that there is NO IP ADDRESS on lagg0.
Then assign "bridge0" to your VM instead of "lagg0" and start the VM.

I am not 100% sure this will help but I do know that your current setup will not work. Let me know how it goes. I only use SLAAC ...

 

[hexadecagram]

Thanks for the assistance. I will have to schedule a reboot and get back to you. It may take a few weeks.

 

[Patrick M. Hausen]

If the VM service is less business critical than e.g. filesharing, i.e. if you can shut down the VM without scheduling a maintenance window, you can try to:

• shutdown VM
• ifconfig bridge0 destroy

Then proceed like above - manually create the bridge etc.

OTOH it might be advisable to schedule maintenance, anyway, because there is a chance you lose network connectivity if anything goes wrong.

 

[hexadecagram]

Thanks again. Patrick. Are there any other benefits to setting up VMs this way? If I had just a little more to share with those that need convincing, I think I could take the risk.

 

[Patrick M. Hausen]

Having an IP address on a bridge member interface instead of on the bridge interface breaks multicast. The FreeBSD documentation clearly states that the IP configuration MUST go on the bridge.

I don't understand what you mean by other benefits. This is the only supported way to set up bridge interfaces if the host needs an IP address in that same network.

 

[hexadecagram]

I was looking for anything at all that might convince a non-technically minded person to endure the downtime but fortunately it was easy enough to talk them into it by simply stating that we are currently taking a risk by using an unsupported feature as-is and that I could complete the transition in a matter of minutes, which I did, and now (stateless) DHCPv6 is working in my VM! Thanks!

 

[Patrick M. Hausen]

Great to read it worked

 

[Patrick M. Hausen]

@Kris Moore this is not my first ticket on this problem but definitely my last. If this does not finally get the attention it deserves, I give up.
Bridged networking has been fundamentally broken in TN CORE for years.

https://jira.ixsystems.com/browse/NAS-114755