Anton Lindstrom (about, @twitter, @github)

Bridged IPv6 network on Hetzner box

Published:

A while back I found out about cheap dedicated servers in Germany from Hetzner. I decided to give it a shot as they had native IPv6 and customers are given /64 subnets. This was the ideal testbed for me to try out IPv6 and Xen together.

As I did not intended to use a public IPv4 subnet for my Xen domUs I was going to give them RFC1918 addresses and put them in another network. I concluded that my setup would use the topology described in the Xen wiki as Virtual Network. This will be the easiest way to combine both NAT for the IPv4 addresses and plain routing for the IPv6 addresses.

Xen Topology

Before you start any of the other steps, make sure you can reach your dom0 from IPv6 and install Xen and some domUs to test things out on.

First off, just include the dummy kernel module, either by modprobe dummy or editing /etc/modules. Then add the interface (if Debian) into /etc/network/interfaces just as a regular interface with the RFC1918 address (ex. 192.168.0.1). Then to enable it as a bridging interface in Xen, modify your /etc/xen/xend-config.sxp to enable the following network settings.

# -*- sh -*-

## Bridged
(network-script 'network-bridge netdev=dummy0')
(vif-script vif-bridge)

(dom0-min-mem 196)
(dom0-cpus 0)

Add the following into /etc/sysctl.conf:

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1

After that just boot your Xen domU up and assign an IPv6 address to it. The IPv6 address could be any IP in your /64 subnet. I chose ::20. Check if you can ping6 the address assigned to the domU from within the dom0. After that it is just a matter of advertising the address to the Hetzner boxes, this is done by using:

ip -6 neigh add proxy 2002:dead::beef::20 dev eth0

Check your neighbors with:

ip -6 neigh show