mirror of
https://git.proxmox.com/git/pve-docs
synced 2025-06-14 07:46:44 +00:00
remove obsolete note on link local addresses
This commit is contained in:
Wolfgang Bumiller
Dietmar Maurer
parent
bc1c71d47e
commit
b6ee2d0ebc
@ -458,69 +458,6 @@ NFQUEUE=0
|
||||
----
|
||||
|
||||
|
||||
Avoiding `link-local` Addresses on `tap` and `veth` Devices
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
With IPv6 enabled by default every interface gets a MAC-derived link local
|
||||
address. However, most devices on a typical {pve} setup are connected to a
|
||||
bridge and so the bridge is the only interface which really needs one.
|
||||
|
||||
To disable a link local address on an interface you can set the interface's
|
||||
`disable_ipv6` sysconf variable. Despite the name, this does not prevent IPv6
|
||||
traffic from passing through the interface when routing or bridging, so the
|
||||
only noticeable effect will be the removal of the link local address.
|
||||
|
||||
The easiest method of achieving this setting for all newly started VMs is to
|
||||
set it for the `default` interface configuration and enabling it explicitly on
|
||||
the interfaces which need it. This is also the case for other settings such as
|
||||
`forwarding`, `accept_ra` or `autoconf`.
|
||||
|
||||
|
||||
Here's a possible setup:
|
||||
|
||||
.File `/etc/sysconf.d/90-ipv6.conf`
|
||||
----
|
||||
net.ipv6.conf.default.forwarding = 0
|
||||
net.ipv6.conf.default.proxy_ndp = 0
|
||||
net.ipv6.conf.default.autoconf = 0
|
||||
net.ipv6.conf.default.disable_ipv6 = 1
|
||||
net.ipv6.conf.default.accept_ra = 0
|
||||
|
||||
net.ipv6.conf.lo.disable_ipv6 = 0
|
||||
----
|
||||
|
||||
.File `/etc/network/interfaces`
|
||||
----
|
||||
(...)
|
||||
# Dual stack:
|
||||
iface vmbr0 inet static
|
||||
address 1.2.3.4
|
||||
netmask 255.255.255.128
|
||||
gateway 1.2.3.5
|
||||
iface vmbr0 inet6 static
|
||||
address fc00::31
|
||||
netmask 16
|
||||
gateway fc00::1
|
||||
accept_ra 0
|
||||
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
|
||||
|
||||
# With IPv6-only 'pre-up' is too early and 'up' is too late.
|
||||
# Work around this by creating the bridge manually
|
||||
iface vmbr1 inet manual
|
||||
pre-up ip link add $IFACE type bridge
|
||||
up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
|
||||
iface vmbr1 inet6 static
|
||||
address fc00:b:3::1
|
||||
netmask 96
|
||||
bridge_ports none
|
||||
bridge_stp off
|
||||
bridge_fd 0
|
||||
bridge_vlan_aware yes
|
||||
accept_ra 0
|
||||
(...)
|
||||
----
|
||||
|
||||
|
||||
Notes on IPv6
|
||||
-------------
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user