Disabled IPV6 and 802.1Q VLANs

rvalle · November 17, 2017, 9:27pm

Hi!

We don’t use/configure IPV6 so we have it disabled in our servers.

I am trying to setup VLAN based Virtual Networks. I obviously only assign IPV4 addresses.

However when I try to start VMs I get IPV6 error messages:

Mon Nov 13 06:44:16 2017 [Z0][VMM][I]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Address family not supported by protocol
Mon Nov 13 06:44:16 2017 [Z0][VMM][I]: Perhaps ip6tables or your kernel needs to be upgraded.
Mon Nov 13 06:44:16 2017 [Z0][VMM][E]: post: Command Error: sudo ip6tables -S
Mon Nov 13 06:44:16 2017 [Z0][VMM][E]: post: ["/var/tmp/one/vnm/command.rb:62:in `block in run!'",

My guess is that it is trying to apply default IPV6 rules for when no IPV6 is configured.

However, what can I do if IPV6 is disabled completely?

feldsam · November 20, 2017, 8:27pm

Looks like you have to install ip6tables on compute nodes or update vnm driver to not run ip6tables command.

There is no check about network have/not have ipv6 configured in security groups.

github.com

OpenNebula/one/blob/one-5.4/src/vnm_mad/remotes/lib/security_groups_iptables.rb

# -------------------------------------------------------------------------- #
# Copyright 2002-2017, OpenNebula Project, OpenNebula Systems                #
#                                                                            #
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
# not use this file except in compliance with the License. You may obtain    #
# a copy of the License at                                                   #
#                                                                            #
# http://www.apache.org/licenses/LICENSE-2.0                                 #
#                                                                            #
# Unless required by applicable law or agreed to in writing, software        #
# distributed under the License is distributed on an "AS IS" BASIS,          #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
# See the License for the specific language governing permissions and        #
# limitations under the License.                                             #
#--------------------------------------------------------------------------- #

module VNMMAD

# This module implements the SecurityGroup abstraction on top of iptables
module SGIPTables

This file has been truncated. show original

You can open issue on dev.opennebula.org or update that file on frontend node and them onehost sync --force to update that file (by removing ip6tables cmds) on compute nodes also

rvalle · November 26, 2017, 5:12pm

ip6tables is installed.

I basically turn off the IPv6 stack by providing a kernel switch at boot time. So, any attempt to deal with ipv6 kernel objects just fails.

I am not experiencing any issues with the BRIDGE network driver.

But the VLAN driver will mess ipv6 tables even if you don’t setup ipv6 addressing.

I will open an issue…

feldsam · November 26, 2017, 5:48pm

Hello, I understand. So you have to temporary update that driver by deleting ip6 sections and open issue on github, because redmine was discontinued few days ago

Topic		Replies	Views
FILTER_IP_SPOOFING not working on IPv6 interface Development	1	990	November 29, 2016
Fixed IPv6 address for VM Community Support	3	1109	April 23, 2020
Bug in attach nic using IPv4+IPv6 Vnet with KVM host - Opennebula 5.6.2 Community Support	2	582	May 22, 2019
IPv6 network setup Community Support	6	1403	November 17, 2016
IPv6 addresses are missing in OpenNebula 5.12 and 6.0.0.2 General	1	242	September 3, 2021

Disabled IPV6 and 802.1Q VLANs

Related topics