A newer post has more information (and more reliable information).
One of the things that has been mildly irritating me about my little collection of Linux containers has been that in addition to the statically defined IPv6 addresses, there is also an automatically defined IPv6 address :-
» lxc-ls --fancy NAME STATE IPV4 IPV6 AUTOSTART --------------------------------------------------------------------------------------------------------- apricot RUNNING 10.0.0.34 2001:db8:ca2c:dead:21e:a0ff:feb6:6a, 2001:db8:ca2c:dead::3eb YES chagers RUNNING 10.0.0.32 2001:db8:ca2c:dead:804a:bfff:fe83:f98d, 2001:db8:ca2c:dead::5e11 YES glanders RUNNING 10.0.0.31 2001:db8:ca2c:dead:21e:a0ff:feb6:66, 2001:db8:ca2c:dead::ba11 YES lyme RUNNING 10.0.0.30 2001:db8:ca2c:dead:21e:a0ff:feb6:65, 2001:db8:ca2c:dead::cafe YES mango RUNNING 10.0.0.35 2001:db8:ca2c:dead:6c42:24ff:fe7d:4e9, 2001:db8:ca2c:dead::a YES peach RUNNING 10.0.0.33 2001:db8:ca2c:dead:21e:a0ff:feb6:68, 2001:db8:ca2c:dead::3a11 YES rhubarb RUNNING 10.0.0.40 2001:db8:ca2c:dead:21e:a0ff:feb6:69, 2001:db8:ca2c:dead::dead YES
Now this is hardly the end of the world, but it is not tidy and it is the sort of thing that may lead to problems down the road if servers are communicating on an address that is not reverse DNS registered. Or indeed when someone contacts a server on an address such as 2001:db8:ca2c:dead::3eb and the reply comes from 2001:db8:ca2c:dead:21e:a0ff:feb6:6a.
After any number of false starts, the answer is quite simple – use sysctl to turn off autoconfigured address from within the container; which doesn’t make much sense logically – containers don’t have a kernel of their own, so the global kernel should be the one that is tuned. However :-
for container in $(lxc-ls) do echo net.ipv6.conf.eth0.autoconf = 0 >> /var/lib/lxc/$container/rootfs/etc/sysctl.conf done
Does the trick (after a reboot) :-
» lxc-ls --fancy NAME STATE IPV4 IPV6 AUTOSTART --------------------------------------------------------------------------------------------------------- apricot RUNNING 10.0.0.34 2001:db8:ca2c:dead:21e:a0ff:feb6:6a, 2001:db8:ca2c:dead::3eb YES chagers RUNNING 10.0.0.32 2001:db8:ca2c:dead:18d9:99ff:fe28:3591, 2001:db8:ca2c:dead::5e11 YES glanders RUNNING 10.0.0.31 2001:db8:ca2c:dead:21e:a0ff:feb6:66, 2001:db8:ca2c:dead::ba11 YES lyme RUNNING 10.0.0.30 2001:db8:ca2c:dead::cafe YES mango RUNNING 10.0.0.35 2001:db8:ca2c:dead:2411:80ff:feb9:6600, 2001:db8:ca2c:dead::a YES peach RUNNING 10.0.0.33 2001:db8:ca2c:dead::3a11 YES rhubarb RUNNING 10.0.0.40 2001:db8:ca2c:dead::dead YES
Except for the older containers 🙁
I’ve obviously missed something, but fixing nearly half of the containers is a good start.
After attending to pending upgrades (some of my old containers were still running wheezy), and setting the network configuration to manual, one of the recalictrant containers (glanders) lost it’s autoconfigured address.
Two more containers lost their unwanted extra addresses after “fixing” their configuration. I’m not sure what was wrong with the old configuration, but after copying and modifying a recently created container configuration, they rebooted with just one IPv6 address. The last one was mango, but after an extra reboot, it also was fixed :-
» lxc-ls --fancy NAME STATE IPV4 IPV6 AUTOSTART ----------------------------------------------------------------- apricot RUNNING 10.0.0.34 2001:db8:ca2c:dead::3eb YES chagers RUNNING 10.0.0.32 2001:db8:ca2c:dead::5e11 YES glanders RUNNING 10.0.0.31 2001:db8:ca2c:dead::ba11 YES lyme RUNNING 10.0.0.30 2001:db8:ca2c:dead::cafe YES mango RUNNING 10.0.0.35 2001:db8:ca2c:dead::a YES peach RUNNING 10.0.0.33 2001:db8:ca2c:dead::3a11 YES rhubarb RUNNING 10.0.0.40 2001:db8:ca2c:dead::dead YES