Unable to SSH on IPv6
Hello all,
I am using Newton release of Openstack. Trying to create a setup with IPv6 here. My backbone/core network doesn't have IPv6 so I have kept one interface of IPv4 as well to login into VMs. Here are few details about the setup I am trying to create:
I am doing all this from Horizon itself.
1) IPv6 Network (ipv6-priv) 2) IPv6 Subnet (2001:db8::/64) 3) Have selected DHCPv6-Stateful DHCP configuration while creating Network. 4) Spawned 2 VMs to check ping, SSH and netcat. 5) VMs have 2 interfaces (eth0 which is ipv4 based and eth1 which is ipv6)
Following issues can be seen:
ISSUE #1: New VMs that get spawned don't come up with IPv6 attached to them if I check from CLI. I have to create a network config file eth1.cfg with following entries:
# The primary network interface
auto eth1
iface eth1 inet6 dhcp
After this, I run ifup eth1 and then I can see IPv6 allocated by Neutron on VMs.
Issue #2: Unable to ping each other from these VMs
I solved it by creating a route on both the VMs:
ip -6 route add 2001:db8::/64 dev eth1
After setting this route, I am able to ping6.
ISSUE #3: Unable to SSH:
I have set rules in security policy for all TCP, UDP and ICMP for IPv6 for ::/0. So this can't be a problem. After playing with tcpdump on VM1, 2 and HOST on which these VMs are spawned, I could see packets flowing like this:
VM1(initiated SSH from here) -----> HOST -----> VM2(SSH server) -----> HOST -----x
Packets are never received on VM1 hence SSH session never begins. I could see few fast re-transmits as well. Although, if I use netcat, it works absolutely fine.
Do I need to do additional configuration on the HOST machine to allow packets to flow to VM1?
TIA
Issue 1 & 2 isn't really a Openstack thing. You can create your own guest images with IPv6 default enabled. Issue 3 isn't clear to me. Is the host outside the of the tenant network? How does your network look like?
@Andreas Merk: Yes host is outside the tenant network. I have multiple tenants on the same host. Network topology:
1) IPv6 networks are part of tenant only. They are NOT shared across all tenants. 2) Host machine doesn't have IPv6 enabled/configured on it as my core network is IPv4 only.