5

I have read Adding a whole IPv6 /64 block to an network interface on debian We want to make use of the AnyIP feature to add a whole IPv6 /64 subnet block to a web hosting server but using Netplan because we are on Ubuntu 18.04

Side note: a couple of experts have advised against using AnyIP to configure IPv6 so we will also look at alternative solutions like manually configuring a smaller number of IPs.

Our datacenter does already route the /64 to a single IP, for example

The range  2001:db8:1:10::0/64  is routed to the IP  2001:db8:1::1:10
The range  2001:db8:1:11::0/64  is routed to the IP  2001:db8:1::1:11

In Netplan I can configure single IPs this way

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      accept-ra: no
      addresses:
        - '2001:db8:1::1:10/48'
        - '2001:db8:1:10::0/64'
        - '2001:db8:1:10::1/64'
      gateway6: '2001:db8:1::1'

And this works. However I want to use the whole 2001:db8:1:10::/64 range on this server and I don't want to configure it in 18446744073709551616 lines.

Executing this command makes me able to ping all the /64 IPs from outside:

ip -6 route add local 2001:db8:1:10::/64 dev lo

Side note: a server daemon needs to support IP_FREEBIND to be able to bind to an IP which is not explicitly configured on an interface.

My question is: instead of having to execute ip -6 route add local .. after each reboot I would like to configure it the proper way inside the Netplan Yaml config.

Jeroen Vermeulen
  • 704

2 Answers2

2

Found a solution, but maybe someone knows a better one?

cat <<EOF > /usr/lib/networkd-dispatcher/routable.d/50-ipv6-block
#!/bin/sh
ip -6 route add local 2001:db8:1:10::/64 dev lo
exit 0
EOF

chmod 755 /usr/lib/networkd-dispatcher/routable.d/50-ipv6-block

To check if it works:

ip -6 route del local 2001:db8:1:10::/64
netplan apply
systemctl --no-pager status networkd-dispatcher.service
route -6 | grep 2001:db8:1:10::/64
ping6 -c2 2001:db8:1:10::1234

If you see a RTNETLINK answers: File exists this is because a route is added which already existed because of an earlier netplan apply

kasperd
  • 31,086
Jeroen Vermeulen
  • 704
0

Any ip solution you've mentioned should work perfectly fine, because local route is not actually a route, it is flag that allows you to use any ip from the subnet. So please don't treat it as "route", this term is not valid here. Local route is a workaround that breaks "route" terminology.

puchu
  • 146