[pve-devel] [PATCH docs 1/3] remove obsolete note on link local addresses

Wolfgang Bumiller w.bumiller at proxmox.com
Mon Oct 3 10:44:13 CEST 2016


---
 pve-firewall.adoc | 63 -------------------------------------------------------
 1 file changed, 63 deletions(-)

diff --git a/pve-firewall.adoc b/pve-firewall.adoc
index ec0db30..a7c9d24 100644
--- a/pve-firewall.adoc
+++ b/pve-firewall.adoc
@@ -458,69 +458,6 @@ NFQUEUE=0
 ----
 
 
-Avoiding `link-local` Addresses on `tap` and `veth` Devices
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-With IPv6 enabled by default every interface gets a MAC-derived link local
-address. However, most devices on a typical {pve} setup are connected to a
-bridge and so the bridge is the only interface which really needs one.
-
-To disable a link local address on an interface you can set the interface's
-`disable_ipv6` sysconf variable. Despite the name, this does not prevent IPv6
-traffic from passing through the interface when routing or bridging, so the
-only noticeable effect will be the removal of the link local address.
-
-The easiest method of achieving this setting for all newly started VMs is to
-set it for the `default` interface configuration and enabling it explicitly on
-the interfaces which need it. This is also the case for other settings such as
-`forwarding`, `accept_ra` or `autoconf`.
-
-
-Here's a possible setup:
-
-.File `/etc/sysconf.d/90-ipv6.conf`
-----
-net.ipv6.conf.default.forwarding = 0
-net.ipv6.conf.default.proxy_ndp = 0
-net.ipv6.conf.default.autoconf = 0
-net.ipv6.conf.default.disable_ipv6 = 1
-net.ipv6.conf.default.accept_ra = 0
-
-net.ipv6.conf.lo.disable_ipv6 = 0
-----
-
-.File `/etc/network/interfaces`
-----
-(...)
-# Dual stack:
-iface vmbr0 inet static
-    address 1.2.3.4
-    netmask 255.255.255.128
-    gateway 1.2.3.5
-iface vmbr0 inet6 static
-    address fc00::31
-    netmask 16
-    gateway fc00::1
-    accept_ra 0
-    pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
-
-# With IPv6-only 'pre-up' is too early and 'up' is too late.
-# Work around this by creating the bridge manually
-iface vmbr1 inet manual
-    pre-up ip link add $IFACE type bridge
-    up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
-iface vmbr1 inet6 static
-    address fc00:b:3::1
-    netmask 96
-    bridge_ports none
-    bridge_stp off
-    bridge_fd 0
-    bridge_vlan_aware yes
-    accept_ra 0
-(...)
-----
-
-
 Notes on IPv6
 -------------
 
-- 
2.1.4





More information about the pve-devel mailing list