[Bug 1113199] New: ipv6 is not enabled correctly on bridges
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199 Bug ID: 1113199 Summary: ipv6 is not enabled correctly on bridges Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Other Assignee: virt-bugs@suse.de Reporter: william@blackhats.net.au QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- When creating a virtual network in libvirt, even with ipv6 enabled = true in virt-manager, or a configuration such as: <network ipv6='yes'> <name>ra2</name> <uuid>98e7a9a1-9606-4bf0-b9ed-13bda85e7ee2</uuid> <bridge name='virbr2' stp='on' delay='0'/> <mac address='52:54:00:72:83:79'/> <domain name='ra2'/> </network> Ipv6 traffic does not function correctly on the created bridge device. The cause is that the sysctl for the associated bridge is not correctly configured: # sysctl -a | grep -i disable_ipv6 ... net.ipv6.conf.virbr2.disable_ipv6 = 1 net.ipv6.conf.virbr2-nic.disable_ipv6 = 0 This sysctl should be set to "0", to allow ipv6 traffic to operate correctly. The effect is the out of the box on OpenSUSE leap, ipv6 does not work on virsh bridge networks. Work around is: sysctl -w net.ipv6.conf.virbr2.disable_ipv6=0 -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199
http://bugzilla.suse.com/show_bug.cgi?id=1113199#c1
--- Comment #1 from William Brown
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199
Charles Arnold
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199
http://bugzilla.suse.com/show_bug.cgi?id=1113199#c2
James Fehlig
When creating a virtual network in libvirt, even with ipv6 enabled = true in virt-manager, or a configuration such as:
<network ipv6='yes'> <name>ra2</name> <uuid>98e7a9a1-9606-4bf0-b9ed-13bda85e7ee2</uuid> <bridge name='virbr2' stp='on' delay='0'/> <mac address='52:54:00:72:83:79'/> <domain name='ra2'/> </network>
Ipv6 traffic does not function correctly on the created bridge device. The cause is that the sysctl for the associated bridge is not correctly configured:
# sysctl -a | grep -i disable_ipv6 ...
net.ipv6.conf.virbr2.disable_ipv6 = 1 net.ipv6.conf.virbr2-nic.disable_ipv6 = 0
Looking at the network driver code, disable_ipv6 is set if there are no ipv6 addresses defined for the network https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/network/bridge_driver.c;... Does it work if you assign and address to the network? E.g. <network ipv6='yes'> <name>ra2</name> <uuid>98e7a9a1-9606-4bf0-b9ed-13bda85e7ee2</uuid> <bridge name='virbr2' stp='on' delay='0'/> <mac address='52:54:00:72:83:79'/> <ip family="ipv6" address="2001:db8:ca2:6::1" prefix="64"/> <domain name='ra2'/> </network> I suppose you've already looked at the example in the docs https://libvirt.org/formatnetwork.html#examplesPrivate6 That said, I wonder if the code needs to be updated to set disable_ipv6=0 when ipv6='yes' is set on the <network> element... -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199
http://bugzilla.suse.com/show_bug.cgi?id=1113199#c7
--- Comment #7 from William Brown
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199
http://bugzilla.suse.com/show_bug.cgi?id=1113199#c8
--- Comment #8 from Markos Chandras
Sadly I don't have access to a tumbleweed machine, as this is my workplace machine and I would rather keep it on stable leap. If there is an obs repo with updated packages or another form of test rpms I can try those out if that helps?
Yeah I was not suggesting to re-format your machine to TW :) Trying only the 0.6.X version is enough. Here is a repo you can use https://download.opensuse.org/repositories/security:/netfilter/openSUSE_Leap... Just make sure you only update firewalld (and python3-firewalld) packages. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199
http://bugzilla.suse.com/show_bug.cgi?id=1113199#c9
--- Comment #9 from James Fehlig
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199
http://bugzilla.suse.com/show_bug.cgi?id=1113199#c10
--- Comment #10 from William Brown
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1113199
http://bugzilla.suse.com/show_bug.cgi?id=1113199#c11
James Fehlig
participants (1)
-
bugzilla_noreply@novell.com