Adding IPv6 Support for KVM VMs

I rented my server with OVH Canada. This blog is on one of the VMs that I created using KVM. Initially I did not configure VMs with IPv6 support. Actually, the IPv4 configuration is a bit more complicated than IPv6.

So here is the thing. You’ll have a /64 block of ipv6 addresses allocated to you. It’s a LOT. I wish to use it well.

The steps are quite simple:

1. Configure the KVM network interface
2. Configure the VM’s network interface
3. Configure the ip6tables firewall.

Then your VMs will support ipv6. All below commands are done in root privilege. All you VMs should have a unique non-internal IPv4 addresses bridged to the Internet.

Step 1

Configure the KVM network interface
Assuming you are on default network.

virsh net-destroy default

Stop the network.

Edit the virtual network by virsh.

virsh net-edit default

  default
  .....
  
    
  
  
  
  
    
      
    
  
  
  


Reserve 192.168.0.1 to the virtual bridge.
Make your network configuration file look like this, replace your ipv6 and ipv4 block suitable for your contract.

Restart your network:

virsh net-start default

Now, using the ip addr facility to view your current network interfaces. Mine looks like this:

...
12: virbr1: mtu 1500 qdisc noqueue state UNKNOWN
link/ether 52:55:21:05:3d:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global virbr1
inet6 2607:xxxx:xx:39aa:1::/96 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe05:31e4/64 scope link
valid_lft forever preferred_lft forever

Step 2

Configure the VM’s network interface

Login to your VM(s). Based on your VM’s operating system, you’ll have different configuration methods. My VMs are using CentOS, so RHEL series can follow my steps.

Still using root, go to /etc/sysconfig/ and edit network file, add NETWORKING_IPV6=yes to the end of the file if this line doesn’t exist. Then go to /etc/sysconfig/network-scripts, and edit your network interface file, in my case it’s ifcfg-eth0.

Add or edit those line to the file:

IPV6INIT=yes
IPV6ADDR=2607:xxxx:xx:39aa:1::23f:8/128

Then the IPv6 address of the VM is 2607:xxxx:xx:39aa:1::23f:8. You could add more IPs by setting

IPV6ADDR_SECONDARIES="2607:xxxx:xx:39aa:1::23f:8/128 2607:xxxx:xx:39aa:1::23f:9/128"

Step 3

Configure the ip6tables firewall on your VM.

If you have installed ip6tables, you may want to change some of the configurations. Edit /etc/sysconfig/ip6tables:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT # Enable ping
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # Open WEB port 80.
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT

Then do a restart on ip6tables by calling service ip6tables restart

That’s it.

Join the conversation

7 Comments

  1. In step2, you are configuring DHCP – you shouldn’t need to configure a static address with IPV6ADDR

Leave a comment

Leave a Reply to Luxing Huang Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.