Configure ipv6 for Debian

I’m trying to setup ipv6 for a debian node with openvz kernel. First step is setting up the host node to use ipv6. The next step is to create ipv6-only containers. For my experiment, I chose Dacentec dedicated server. Dacentec is a great provider with a lot of choices in the budget dedicated server segment.

A /48 ipv6 block is an optional free addon for the server.
After opening a support ticket, I received the following details:

Network 2607:5400:048d:0000::/48
Gateway 2607:5400:048d:0000::1/48

ssh into the server and check the interfaces file:

cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth2
iface eth2 inet static
        address 148.126.187.10
        netmask 255.255.255.248
        network 148.126.187.8
        broadcast 148.126.187.15
        gateway 148.126.187.9
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 199.255.156.3
        dns-search droidzone.in
        up ip addr add 148.126.187.14 dev eth2
        up ip addr add 148.126.187.12 dev eth2
        up ip addr add 148.126.187.13 dev eth2

Here, 148.126.187.10 is the primary address of the host node. 148.126.187.12, 148.126.187.13 and 148.126.187.14 are additional IPv4s that I purchased to set up containers. Anyway this is not relevant, as we’re currently attempting to create ipv6-only containers.

Dacentec provided me the following /48 ipv6 block:

Network 2107:5200:058d:0000::/48
Gateway 2107:5200:058d:0000::1/48

I then modified my file:

emacs /etc/network/interfaces

and added the following:

iface eth2 inet6 static
	address 2107:5200:058d:0000::2
	netmask 64
	  up ip -6 route add default via 2107:5200:058d:0000::1 dev eth2
	  down ip -6 route del default via 2107:5200:058d:0000::1 dev eth2	

The final file looks like this:

auto lo
iface lo inet loopback
allow-hotplug eth2
iface eth2 inet static
        address 148.126.187.10
        netmask 255.255.255.248
        network 148.126.187.8
        broadcast 148.126.187.15
        gateway 148.126.187.9
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 199.255.156.3
        dns-search droidzone.in
        up ip addr add 148.126.187.14 dev eth2
        up ip addr add 148.126.187.12 dev eth2
        up ip addr add 148.126.187.13 dev eth2
iface eth2 inet6 static
	address 2107:5200:058d:0000::2
	netmask 64
	  up ip -6 route add default via 2107:5200:058d:0000::1 dev eth2
	  down ip -6 route del default via 2107:5200:058d:0000::1 dev eth2

Now do the following:

ipdown eth2 && ifup eth2

If you do just a ipdown eth2, you’ll find that your ssh shell exists, and you’ll no longer be able to connect to it. Only a restart will solve it, unless you have a KVM or IPMI to bring back the interface online.

Next up:
Creating ipv6-only containers

Creating ipv6-only containers
With the above configuration, I then added the ip address pool from 2107:5200:058d:0000::4 to 2107:5200:058d:0000::10, to the OpenVZ web panel. Alternately, you can use Promox or the command line vzctl tool.

Then I created a vps, assigning the ip: 2107:5200:058d:0000::4.
I entered the container from the node with:

vzctl enter 2

Edited resolv.conf to have the following:

nameserver 2001:4860:4860::8888

I found that I could not ping ipv4 addresses any more, but could ping ipv6 with ease:

# ping6 ipv6.google.com
PING ipv6.google.com(yv-in-x71.1e100.net) 56 data bytes
64 bytes from yv-in-x71.1e100.net: icmp_seq=1 ttl=54 time=9.77 ms
64 bytes from yv-in-x71.1e100.net: icmp_seq=2 ttl=54 time=9.74 ms
64 bytes from yv-in-x71.1e100.net: icmp_seq=3 ttl=54 time=9.74 ms

To add ipv6 addresses to containers,
Edit /etc/sysctl.conf so that it contains:

net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1

The final file contains:

net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

Activate the new configuration with:

sysctl -p

Now you can assign ipv6 to containers with:

vzctl set <VEID> --ipadd 2107:xxx:xxx::xxx --save

You can enter the vm with

vzctl enter <VEID>

Now, add an ipv6 dns to resolv.conf:

vi /etc/resolv.conf
nameserver 2001:4860:4860::8888