From patchwork Wed Aug 12 01:21:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Wienand X-Patchwork-Id: 247626 Delivered-To: patch@linaro.org Received: by 2002:a92:cc90:0:0:0:0:0 with SMTP id x16csp1103336ilo; Tue, 11 Aug 2020 18:22:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzr3FQEsA9UvYvrDc1YJUvMzUPkASBxPZA+cspMRAX1gdGaASEvPCydlceKX+sMQRXth1VT X-Received: by 2002:a17:906:3655:: with SMTP id r21mr29892803ejb.248.1597195344032; Tue, 11 Aug 2020 18:22:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597195344; cv=none; d=google.com; s=arc-20160816; b=XK52WALHXvSqbeuo4tLUmvhGjApuLxNgoDwaThOciLAbEh9KBMu8+dLSucQnu4P3JD My1N/5veFMYagEskHvrH4vTdcTdx4QLue6+y6nKfSrMMe3qOw/sn/P53RWWoAdrTtAnU H3bag0nBo97szVkxu696SJp8JLjezP4hxnRgBIEIAyyyWOrbapS7eJz3KYw8zi8Qn0NU OD2h3pqf9YwW2KQor9cwusoyqPNu3J1NjLuV5CYG14wn2fBS5uNRIr0AP+C1HDHuiVPz KbXJUdiX/WvLE4HNBlfZYwyqTwSdrkUvrf7So7OpXddMmw3PvXg2EBLbcUhbeLnJo0UY m9XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:errors-to:sender:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:cc :mime-version:message-id:date:subject:to:from:delivered-to :dkim-signature; bh=3Ea4RiMprDESVYW8jyeHj4GtIW0wqA/7RDLQgPBEagg=; b=wFJ3WgZntr+Les6RuNBuaCUJ5KBMBHhOSOH9lP4nCHlJypNr0hvkQULvuOq7Mnr9rt PzdLO04SpnOEGuEStEbRoAgaWVD4FMpWKKY1jrJ1eliuYxBx+cbHTx2RaYl8ikihZxRQ Ysndq0EAImX93dj2xclkFzsgsJiJJuKOmDRHncMzh9BE08o84ckxHtiEfmj2bCqdl1D6 zStsI5Tkxu5rQ1VPRHvHcfblZPl2rsXX7PmwiQssygrEzDn23SLSahuiGsOCZKln+oVe 0jKQSSic+yweRA37xLIjvv6S4tThN4Y93YoTETlAF121/ISp+rLzjD3VueeRVunW746M 9pqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YS5dOWB2; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com. [207.211.31.120]) by mx.google.com with ESMTPS id u18si194198ejr.700.2020.08.11.18.22.23 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Aug 2020 18:22:24 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YS5dOWB2; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597195342; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=3Ea4RiMprDESVYW8jyeHj4GtIW0wqA/7RDLQgPBEagg=; b=YS5dOWB2KBPA16EWNX22vvFuv9ueLMealQ0FDoxr094rF1UaZBxELslo6D/vgDHtbwEwqv TUj5hfs9etIKO+J34A8Br2iIbWIWUn/UF/xyzC4jqfIaE6rIV0TR9D/DgGKI3WOBkjJwW6 uIM6LP5SW2TNrCfn07fi1+mP8JsF+Mg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-189-Ud23fT5vPr-YoD6eLXhnlA-1; Tue, 11 Aug 2020 21:22:19 -0400 X-MC-Unique: Ud23fT5vPr-YoD6eLXhnlA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5205B1800D41; Wed, 12 Aug 2020 01:22:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1990D1A7CF; Wed, 12 Aug 2020 01:22:10 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A8B55A5551; Wed, 12 Aug 2020 01:22:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 07C1M5P4030384 for ; Tue, 11 Aug 2020 21:22:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6538BF5CDF; Wed, 12 Aug 2020 01:22:05 +0000 (UTC) Delivered-To: libvir-list@redhat.com Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5D9C9F5CE6 for ; Wed, 12 Aug 2020 01:22:03 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 550EB100CF84 for ; Wed, 12 Aug 2020 01:22:03 +0000 (UTC) Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-397-KNxYVLdkO8Gr9GHpsAxwxw-1; Tue, 11 Aug 2020 21:22:01 -0400 X-MC-Unique: KNxYVLdkO8Gr9GHpsAxwxw-1 Received: by mail-pf1-f198.google.com with SMTP id k12so590890pfu.19 for ; Tue, 11 Aug 2020 18:22:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3Ea4RiMprDESVYW8jyeHj4GtIW0wqA/7RDLQgPBEagg=; b=CNkTvILm5kLIY7NwfPWRyQJphqTFajUjTz45qecCb2WTKvVm3FgpwKUi/K0EuIF5t9 9ftcOlGUEOHhvKJ9gFqOwjYaDdhm01Wei3EVYOG7VmXu/yXVd+4wpCQty8H/VoDTqKGE EMszc7eH+xmNVGT6S+V09jyEf2UPoUcMFWYSgkS29jVfFFS644mpUnRI/siFyuciH5cW 5h4ntPvpSoO8uMV6HHy846dQA/IVzcET8kTuT5lp2cwUmZrZwAddZbPUhDR0dSyB9c6Q y7ML2dfiHNR2UtMzIEW1z9tBUb7cY2eWqP+4bqU8nSd2OtfSyomkEJLE+fgHkm9c85zq 8GSg== X-Gm-Message-State: AOAM530nkUUYKk/2DWDykdiSZziBrQsaDMV+2nsNTqnJpFc4iKJSyOs2 ucTp8vxbkkG+kP4sI49yQEu/+X5nMnDW1yuLsc2arIU1u08Nq9aHjWXbCywTSjmJb1WILfYA8Zv 3q3ZhNn85KNfinVsMgGU= X-Received: by 2002:a17:90a:eb17:: with SMTP id j23mr3564531pjz.151.1597195320231; Tue, 11 Aug 2020 18:22:00 -0700 (PDT) X-Received: by 2002:a17:90a:eb17:: with SMTP id j23mr3564513pjz.151.1597195319906; Tue, 11 Aug 2020 18:21:59 -0700 (PDT) Received: from fedora19.network (2001-44b8-4132-5a00-e6a4-71ff-fe56-570c.static.ipv6.internode.on.net. [2001:44b8:4132:5a00:e6a4:71ff:fe56:570c]) by smtp.gmail.com with ESMTPSA id j13sm315674pfa.149.2020.08.11.18.21.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Aug 2020 18:21:59 -0700 (PDT) From: Ian Wienand To: libvir-list@redhat.com Subject: [PATCH] doc: add some examples for IPv6 NAT configuration Date: Wed, 12 Aug 2020 11:21:47 +1000 Message-Id: <20200812012147.7123-1-iwienand@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Ian Wienand X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add some expanded examples for the nat ipv6 introduced with 927acaedec7effbe67a154d8bfa0e67f7d08e6c7. Unfortunately while for IPv4 it's well-known what addresses ranges are useful for NAT, with IPv6 unless you enjoy digging through RFC's going back-and-forth over unique local addresses and the meaning of the word "site" it's generally much less obvious. I've tried to add some details on choosing a range inline with RFC 4193 and then some pointers for when it maybe doesn't work in the guest as you first expect despite you doing what the RFC's say! Signed-off-by: Ian Wienand --- docs/formatnetwork.html.in | 47 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) -- 2.26.2 Reviewed-by: Michal Privoznik diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in index fb740111b1..94a4cab4d1 100644 --- a/docs/formatnetwork.html.in +++ b/docs/formatnetwork.html.in @@ -1209,6 +1209,53 @@ </ip> </network> +

IPv6 NAT based network

+ +

+ Below is a variation for also providing IPv6 NAT. This can be + especially useful when using multiple interfaces where some, + such as WiFi cards, can not be bridged (usually on a laptop), + making it difficult to provide end-to-end IPv6 routing. +

+ + 
+<network>
+  <name>default6</name>
+  <bridge name="virbr0"/>
+  <forward mode="nat">
+    <nat ipv6='yes'>
+      <port start='1024' end='65535'/>
+    </nat>
+
+  <ip address="192.168.122.1" netmask="255.255.255.0">
+    <dhcp>
+      <range start="192.168.122.2" end="192.168.122.254"/>
+    </dhcp>
+  </ip>
+  <ip family="ipv6" address="fdXX:XXXX:XXXX:NNNN:: prefix="64"/>
+  </ip>
+</network>
+ +

IPv6 NAT addressing has some caveats over the more straight + forward IPv4 case. + RFC 4193 + defines the address range fd00::/8 for /48 IPv6 + private networks. It should be concatenated with a random 40-bit + string (i.e. 10 random hexadecimal digits replacing the X + values above, RFC 4193 provides + an algorithm + if you do not have a source of sufficient randomness). This + leaves 0 through ffff for subnets (N + above) which you can use at will.

+ +

Many operating systems will not consider these addresses as + preferential to IPv4, due to some practial history of these + addresses being present but unroutable and causing networking + issues. On many Linux distributions, you may need to + override /etc/gai.conf with values + from RFC 3484 + to have your IPv6 NAT network correctly preferenced over IPv4.

+

Routed network config