mirror of
https://git.proxmox.com/git/pve-docs
synced 2025-06-14 20:57:41 +00:00
remove obsolete note on link local addresses
This commit is contained in:
Wolfgang Bumiller
Dietmar Maurer
parent
bc1c71d47e
commit
b6ee2d0ebc
@ -458,69 +458,6 @@ NFQUEUE=0
|
|||||||
----
|
----
|
||||||
|
|
||||||
|
|
||||||
Avoiding `link-local` Addresses on `tap` and `veth` Devices
|
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
With IPv6 enabled by default every interface gets a MAC-derived link local
|
|
||||||
address. However, most devices on a typical {pve} setup are connected to a
|
|
||||||
bridge and so the bridge is the only interface which really needs one.
|
|
||||||
|
|
||||||
To disable a link local address on an interface you can set the interface's
|
|
||||||
`disable_ipv6` sysconf variable. Despite the name, this does not prevent IPv6
|
|
||||||
traffic from passing through the interface when routing or bridging, so the
|
|
||||||
only noticeable effect will be the removal of the link local address.
|
|
||||||
|
|
||||||
The easiest method of achieving this setting for all newly started VMs is to
|
|
||||||
set it for the `default` interface configuration and enabling it explicitly on
|
|
||||||
the interfaces which need it. This is also the case for other settings such as
|
|
||||||
`forwarding`, `accept_ra` or `autoconf`.
|
|
||||||
|
|
||||||
|
|
||||||
Here's a possible setup:
|
|
||||||
|
|
||||||
.File `/etc/sysconf.d/90-ipv6.conf`
|
|
||||||
----
|
|
||||||
net.ipv6.conf.default.forwarding = 0
|
|
||||||
net.ipv6.conf.default.proxy_ndp = 0
|
|
||||||
net.ipv6.conf.default.autoconf = 0
|
|
||||||
net.ipv6.conf.default.disable_ipv6 = 1
|
|
||||||
net.ipv6.conf.default.accept_ra = 0
|
|
||||||
|
|
||||||
net.ipv6.conf.lo.disable_ipv6 = 0
|
|
||||||
----
|
|
||||||
|
|
||||||
.File `/etc/network/interfaces`
|
|
||||||
----
|
|
||||||
(...)
|
|
||||||
# Dual stack:
|
|
||||||
iface vmbr0 inet static
|
|
||||||
address 1.2.3.4
|
|
||||||
netmask 255.255.255.128
|
|
||||||
gateway 1.2.3.5
|
|
||||||
iface vmbr0 inet6 static
|
|
||||||
address fc00::31
|
|
||||||
netmask 16
|
|
||||||
gateway fc00::1
|
|
||||||
accept_ra 0
|
|
||||||
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
|
|
||||||
|
|
||||||
# With IPv6-only 'pre-up' is too early and 'up' is too late.
|
|
||||||
# Work around this by creating the bridge manually
|
|
||||||
iface vmbr1 inet manual
|
|
||||||
pre-up ip link add $IFACE type bridge
|
|
||||||
up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
|
|
||||||
iface vmbr1 inet6 static
|
|
||||||
address fc00:b:3::1
|
|
||||||
netmask 96
|
|
||||||
bridge_ports none
|
|
||||||
bridge_stp off
|
|
||||||
bridge_fd 0
|
|
||||||
bridge_vlan_aware yes
|
|
||||||
accept_ra 0
|
|
||||||
(...)
|
|
||||||
----
|
|
||||||
|
|
||||||
|
|
||||||
Notes on IPv6
|
Notes on IPv6
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user