Two steps forward and one step back

I’m happy to report that oxcrag.net has been upgraded from a crappy ADSL line to a fibre based connection, which has improved uplink speed for the server tremendously.

Unfortunately, it looks as though newer technology doesn’t always imply that everything gets better: Unlike what the representative for the fibre project stated, there’s no sign of IPv6 on this network with my chosen provider, Bahnhof. Indeed a mail to their support was answered with the short statement that they do not currently have an agreement with Telia – the network owner – for IPv6 over the current service solution “Öppen Fiber”. If I would want to pay Telias exorbitant fees, I could probably keep using their IPv6rd tunnel, but I don’t see the point in haggling or ISP-hopping. On the other hand, IPv6 tunnel services from other service providers break geographically limited content like Netflix. What I think of that practice is probably subject to a rant by itself, but suffice to say Netflix thinks I’m a pirate when I use the Swedish gateway of Hurricane Electric’s IPv6 tunneling service.

Long story short, what’s called “Telia Öppen Fiber” in Sweden is only “open” in a very Orwellian sense, and so I’ve lost the convenience of IPv6 addressing for my machines – at least for the foreseeable future.

Closed is open. Worse is better. Old is new.

IPv6 guests in KVM

I’ve been experimenting with IPv6 at home, and spent some time trying to get it working in my virtual machines.

The first symptom I got was that VMs got a “Network unreachable” error when trying to ping6 anything but their own address. The cause was a complete brainfart on my side: We need a loopback interface network definition for IPv6 in /etc/network/interfaces:

The second problem took a bit more digging to understand: I would get an IPv6 address, and I could ping stuff both on my own network and on the Internet from the VM, but no other computers could reach the virtual machine over IPv6.

According to this discussion, QEMU/KVM has support for multicast (required for proper IPv6 functioning), but it’s turned off by default. Remedy this by running virsh edit [vm-name] and adding trustGuestRxFilters='yes' to the appropriate network interface definition:

As usual, when you understand the problem the solution is simple.