tag:blogger.com,1999:blog-6059874241017858476.post3469927594584493755..comments2023-11-01T18:25:49.063+01:00Comments on VMware Front Experience: VMware, please fix IPv6 support in ESXi!Andreas Peetzhttp://www.blogger.com/profile/12918778845056237847noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-6059874241017858476.post-14463163995932139862014-12-03T19:07:55.191+01:002014-12-03T19:07:55.191+01:00Well, it will definitely be fixed in 6.0, but I wo...Well, it will definitely be fixed in 6.0, but I would not expect anything for 5.x versions.Andreas Peetzhttps://www.blogger.com/profile/12918778845056237847noreply@blogger.comtag:blogger.com,1999:blog-6059874241017858476.post-12575621560833305762014-12-03T18:22:27.356+01:002014-12-03T18:22:27.356+01:00From what I've heard at a couple conferences a...From what I've heard at a couple conferences and read in multiple forums/communities, this is supposed to be fixed with ESXi 5.5 U3. I'm not sure about ESXi 5.1. It's been broken for far too long. Too late for me (former 7-figure VMware customer).Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6059874241017858476.post-58625879767182790772014-10-05T22:18:39.431+02:002014-10-05T22:18:39.431+02:00Absolutely right ;-) I now invested 1 EUR/month fo...Absolutely right ;-) I now invested 1 EUR/month for an additional IPv4 address. It's a shame, as there are billions of IPv6 addresses for free.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6059874241017858476.post-24225855126203872812014-09-16T13:02:13.636+02:002014-09-16T13:02:13.636+02:00I guess it tries to go through the loopback interf...I guess it tries to go through the loopback interface lo0, because you have<br /> fe80:: ffff:ffff:ffff:ffff:: fe80::1 lo0<br />listed first in the routes table.<br /><br />Are you trying this on an ESXi host that is hosted at Hetzner?<br />Andreas Peetzhttps://www.blogger.com/profile/12918778845056237847noreply@blogger.comtag:blogger.com,1999:blog-6059874241017858476.post-37331545485649522442014-09-10T21:40:37.341+02:002014-09-10T21:40:37.341+02:00Idea:
Since:
- You cannot set fe80::1 as such
- Yo...Idea:<br />Since:<br />- You cannot set fe80::1 as such<br />- You also cannot add an e.g. fe80::2/64 address to vmk0, it will complain<br />Try this:<br />- Add an address it does not recognize as Link Local (outside fe80::/10), but with a larger netmask so as to encompass fe80::1, for example feff::2/8<br />- Then it lets you add fe80::1 as default gateway<br />+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br />~ # esxcli network ip interface ipv6 address list<br />Interface Address Netmask Type Status<br />--------- ------------------------- ------- ------ ---------<br />vmk0 fe80::4261:86ff:fe2b:8639 64 STATIC PREFERRED<br />vmk0 feff::2 8 STATIC PREFERRED<br />vmk0 2a01:4f8:101:xxxx::ffff 64 STATIC PREFERRED<br />~ # esxcli network ip route ipv6 list<br />Network Netmask Gateway Interface<br />------------------- --------------------- ------- ---------<br />default :: fe80::1 vmk0<br />2a01:4f8:101:xxxx:: ffff:ffff:ffff:ffff:: :: vmk0<br />fe00:: ff00:: :: vmk0<br />fe80:: ffff:ffff:ffff:ffff:: fe80::1 lo0<br />fe80:: ffff:ffff:ffff:ffff:: :: vmk0<br />ff01:: ffff:ffff:: ::1 lo0<br />ff01:: ffff:ffff:: :: vmk0<br />ff02:: ffff:ffff:: ::1 lo0<br />ff02:: ffff:ffff:: :: vmk0<br />~ # esxcli network ip neighbor list<br />Neighbor Mac Address Vmknic Expiry State<br />------------------------- ----------------- ------ ------- ---------<br />188.40.xxxxxx 00:21:59:c2:0e:c8 vmk0 751 sec<br />2a01:4f8:101:xxxx::ffff 40:61:86:2b:86:39 vmk0 0 sec Reachable<br />fe80::1 00:21:59:c2:0e:c8 vmk0 28 sec Reachable<br />fe80::4261:86ff:fe2b:8639 40:61:86:2b:86:39 vmk0 0 sec Reachable<br />feff::2 40:61:86:2b:86:39 vmk0 0 sec Reachable<br />+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br />- Unsurprisingly, the IP pings, as it does with a global unicast gateway:<br />~ # ping fe80::1<br />PING fe80::1 (fe80::1): 56 data bytes<br />64 bytes from fe80::1: icmp_seq=0 time=0.783 ms<br />- But:<br />~ # ping6 ipv6.google.com<br />PING ipv6.google.com (2a00:1450:4001:804::1002): 56 data bytes<br />sendto() failed (No route to host)<br /><br />Whyyyyy? The routing table is correct after all? 2a00:... matches the default route. Which gives fe80::1 as the gateway on vmk0.... And the gateway pings alright. There definitely is a route to the host.<br />:-((Markinoreply@blogger.comtag:blogger.com,1999:blog-6059874241017858476.post-20355653388498298532013-07-05T08:57:52.039+02:002013-07-05T08:57:52.039+02:00I wonder why who misunderstood my post completely ...I wonder why who misunderstood my post completely ...<br /><br />I'm not talking about routing my LLA or ULA, and I'm not going for NAT.<br />I am just required to route the regular public IPv6 address of my ESXi host over a gateway that is to be addressed by a LLA (fe80::1). This is just for the first hop. Of course the router itself also has public addresses that it uses to talk to external routing partners.<br /><br />I admit that this looks weird at first sight, but it is a perfectly valid and commonly used setup.Andreas Peetzhttps://www.blogger.com/profile/12918778845056237847noreply@blogger.comtag:blogger.com,1999:blog-6059874241017858476.post-54682930452561076592013-07-05T00:47:35.494+02:002013-07-05T00:47:35.494+02:00But you never route LLA - ULA is for NAT .
This ...But you never route LLA - ULA is for NAT . <br /><br />This is where some may disagree, but you use one 64bit subnet (FD:::::) for your internal network.<br /><br />This change will require much thought as we rely on subnet for security and this was never the intent with ipv6. <br /><br />Originally: Everyone will have a public IP address (fail)<br />Now: Everyone will have a ULA (nat/routable) if they do not like the public IP idea.<br /><br />Perhaps CIDR or IP based VLAN's are the solution but ipv6 folks never intended you to have more than 1 subnet. 64 bits is huge!<br /><br />your LLA IP will go away as soon you give the the interface another IP. I mean do you leave your servers interfaces with 169.254.. ip's? heck no that is a huge security risk. Just as bad as leaving vlan 0 around - hacker will come along and find a way to exploit your switch.<br /><br /><br /><br />mrkradhttps://www.blogger.com/profile/12809282260726357554noreply@blogger.com