From nobody Mon Nov 25 15:38:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1597195344; cv=none; d=zohomail.com; s=zohoarc; b=DEW8SqjMOKiHG1Njru1XnucgCBdwYHTgPix8AMnkZzTFD9CDcgN5cDqVqFESAod4yvoocbq4W0tnK8ogfzF33WLQxTGhiYk9DESYGDNczRu+o44IKMRGDodtzIn/64UMj01bh/ELHeePf0151G9oCjSFuAPDnfcJ2enyq5XPH2A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597195344; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=3Ea4RiMprDESVYW8jyeHj4GtIW0wqA/7RDLQgPBEagg=; b=dWuv4ICABZzUvElmLndrJOJ1txsZtTNwscpZZRllJtk/ZgTCGUYUCGaFWQkwwR7kKs6g7THeoqAUBlQno1hxhgEo436f7vLM+ZlAAkQ3SOd/ER0cV+6lwnBfs3xbyPpGg996SQdqbvGyRXjzkQBEYLcPmJz94slm3LzEb9UbbeE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1597195344518332.06089506279386; Tue, 11 Aug 2020 18:22:24 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-189-Ud23fT5vPr-YoD6eLXhnlA-1; Tue, 11 Aug 2020 21:22:19 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5205B1800D41; Wed, 12 Aug 2020 01:22:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1990D1A7CF; Wed, 12 Aug 2020 01:22:10 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A8B55A5551; Wed, 12 Aug 2020 01:22:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 07C1M5P4030384 for ; Tue, 11 Aug 2020 21:22:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6538BF5CDF; Wed, 12 Aug 2020 01:22:05 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5D9C9F5CE6 for ; Wed, 12 Aug 2020 01:22:03 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 550EB100CF84 for ; Wed, 12 Aug 2020 01:22:03 +0000 (UTC) Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-397-KNxYVLdkO8Gr9GHpsAxwxw-1; Tue, 11 Aug 2020 21:22:01 -0400 Received: by mail-pf1-f198.google.com with SMTP id k12so590890pfu.19 for ; Tue, 11 Aug 2020 18:22:01 -0700 (PDT) Received: from fedora19.network (2001-44b8-4132-5a00-e6a4-71ff-fe56-570c.static.ipv6.internode.on.net. [2001:44b8:4132:5a00:e6a4:71ff:fe56:570c]) by smtp.gmail.com with ESMTPSA id j13sm315674pfa.149.2020.08.11.18.21.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Aug 2020 18:21:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597195342; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=3Ea4RiMprDESVYW8jyeHj4GtIW0wqA/7RDLQgPBEagg=; b=YS5dOWB2KBPA16EWNX22vvFuv9ueLMealQ0FDoxr094rF1UaZBxELslo6D/vgDHtbwEwqv TUj5hfs9etIKO+J34A8Br2iIbWIWUn/UF/xyzC4jqfIaE6rIV0TR9D/DgGKI3WOBkjJwW6 uIM6LP5SW2TNrCfn07fi1+mP8JsF+Mg= X-MC-Unique: Ud23fT5vPr-YoD6eLXhnlA-1 X-MC-Unique: KNxYVLdkO8Gr9GHpsAxwxw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3Ea4RiMprDESVYW8jyeHj4GtIW0wqA/7RDLQgPBEagg=; b=CNkTvILm5kLIY7NwfPWRyQJphqTFajUjTz45qecCb2WTKvVm3FgpwKUi/K0EuIF5t9 9ftcOlGUEOHhvKJ9gFqOwjYaDdhm01Wei3EVYOG7VmXu/yXVd+4wpCQty8H/VoDTqKGE EMszc7eH+xmNVGT6S+V09jyEf2UPoUcMFWYSgkS29jVfFFS644mpUnRI/siFyuciH5cW 5h4ntPvpSoO8uMV6HHy846dQA/IVzcET8kTuT5lp2cwUmZrZwAddZbPUhDR0dSyB9c6Q y7ML2dfiHNR2UtMzIEW1z9tBUb7cY2eWqP+4bqU8nSd2OtfSyomkEJLE+fgHkm9c85zq 8GSg== X-Gm-Message-State: AOAM530nkUUYKk/2DWDykdiSZziBrQsaDMV+2nsNTqnJpFc4iKJSyOs2 ucTp8vxbkkG+kP4sI49yQEu/+X5nMnDW1yuLsc2arIU1u08Nq9aHjWXbCywTSjmJb1WILfYA8Zv 3q3ZhNn85KNfinVsMgGU= X-Received: by 2002:a17:90a:eb17:: with SMTP id j23mr3564531pjz.151.1597195320231; Tue, 11 Aug 2020 18:22:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzcC0vUsj01vu6lTv4L6SIpFNUga7NQUNI62X2KX0shTflOEGmNREi7sr6I1Mpeo5N8YMSGwA== X-Received: by 2002:a17:90a:eb17:: with SMTP id j23mr3564513pjz.151.1597195319906; Tue, 11 Aug 2020 18:21:59 -0700 (PDT) From: Ian Wienand To: libvir-list@redhat.com Subject: [PATCH] doc: add some examples for IPv6 NAT configuration Date: Wed, 12 Aug 2020 11:21:47 +1000 Message-Id: <20200812012147.7123-1-iwienand@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Ian Wienand X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Add some expanded examples for the nat ipv6 introduced with 927acaedec7effbe67a154d8bfa0e67f7d08e6c7. Unfortunately while for IPv4 it's well-known what addresses ranges are useful for NAT, with IPv6 unless you enjoy digging through RFC's going back-and-forth over unique local addresses and the meaning of the word "site" it's generally much less obvious. I've tried to add some details on choosing a range inline with RFC 4193 and then some pointers for when it maybe doesn't work in the guest as you first expect despite you doing what the RFC's say! Signed-off-by: Ian Wienand Reviewed-by: Michal Privoznik --- docs/formatnetwork.html.in | 47 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in index fb740111b1..94a4cab4d1 100644 --- a/docs/formatnetwork.html.in +++ b/docs/formatnetwork.html.in @@ -1209,6 +1209,53 @@ </ip> </network> =20 +

IPv6 NAT based network

+ +

+ Below is a variation for also providing IPv6 NAT. This can be + especially useful when using multiple interfaces where some, + such as WiFi cards, can not be bridged (usually on a laptop), + making it difficult to provide end-to-end IPv6 routing. +

+ + 
+<network>
+  <name>default6</name>
+  <bridge name=3D"virbr0"/>
+  <forward mode=3D"nat">
+    <nat ipv6=3D'yes'>
+      <port start=3D'1024' end=3D'65535'/>
+    </nat>
+
+  <ip address=3D"192.168.122.1" netmask=3D"255.255.255.0">
+    <dhcp>
+      <range start=3D"192.168.122.2" end=3D"192.168.122.254"/>
+    </dhcp>
+  </ip>
+  <ip family=3D"ipv6" address=3D"fdXX:XXXX:XXXX:NNNN:: prefix=3D"64"/&g=
t;
+  </ip>
+</network>
+ +

IPv6 NAT addressing has some caveats over the more straight + forward IPv4 case. + RFC 4193 + defines the address range fd00::/8 for /48 IPv6 + private networks. It should be concatenated with a random 40-bit + string (i.e. 10 random hexadecimal digits replacing the X + values above, RFC 4193 provides + an algor= ithm + if you do not have a source of sufficient randomness). This + leaves 0 through ffff for subnets (N + above) which you can use at will.

+ +

Many operating systems will not consider these addresses as + preferential to IPv4, due to some practial history of these + addresses being present but unroutable and causing networking + issues. On many Linux distributions, you may need to + override /etc/gai.conf with values + from RFC 3484 + to have your IPv6 NAT network correctly preferenced over IPv4.

+

Routed network config

=20

--=20 2.26.2