Cannot communicate to public IPV6 on the 2nd Network Interface Card of Azure Linux VM

Question

There is a new Azure Linux VM (Ubuntu 22.04 LTS x64), with the following two network interface cards (NICs):

eth0
Mac Address: 00:22:48:8f:ba:bf
Private IPV4 Address: 10.0.0.4
Public IPV4 Address: 20.25.226.73
Private IPV6 Address: abc:abc:abc:abc::6
Public IPV6 Address: 2a01:111:f100:1000::9d37:d42b


eth1
Mac Address: 00:22:48:8f:64:21
Private IPV4 Address: 10.0.0.14
Public IPV4 Address: 172.183.16.91
Private IPV6 Address: abc:abc:abc:abc::16
Public IPV6 Address: 2603:1030:603::324

Both the NICs use the vnet subnet 10.0.0.0/24 and abc:abc:abc:abc::/64, and both use the firewall inbound rules with 22/80/443/3389/ICMP ports allowed.

According to Configure multiple network interfaces in Azure Linux virtual machines (https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux-vm-multiple-virtual-network-interfaces-configuration?tabs=1subnet%2Cubuntu), I have set the following /etc/netplan/50-cloud-init.yaml file:

network:
    ethernets:
        eth0:
            dhcp4: true
            dhcp4-overrides: &id001
                route-metric: 100
            dhcp6: true
            dhcp6-overrides: *id001
            match:
                driver: hv_netvsc
                macaddress: 00:22:48:8f:ba:bf
            set-name: eth0
            routes:
             - to: 10.0.0.0/24
               via: 10.0.0.1
               metric: 100
               table: 200
             - to: 0.0.0.0/0
               via: 10.0.0.1
               table: 200
            routing-policy:
             - from: 10.0.0.4/32
               table: 200
             - to: 10.0.0.4/32
               table: 200
        eth1:
            dhcp4: true
            dhcp4-overrides: &id002
                route-metric: 200
            dhcp6: true
            dhcp6-overrides: *id002
            match:
                driver: hv_netvsc
                macaddress: 00:22:48:8f:64:21
            set-name: eth1
            routes:
             - to: 10.0.0.0/24
               via: 10.0.0.1
               metric: 200
               table: 201
             - to: 0.0.0.0/0
               via: 10.0.0.1
               table: 201
            routing-policy:
             - from: 10.0.0.14/32
               table: 201
             - to: 10.0.0.14/32
               table: 201
    version: 2

After applying the above yaml file, everything on both IPV4 addresses runs well, such as ping each other and putting websites linked to them.

For public IPV6 addresses, things are complicated. As the Limitation part of What is IPv6 for Azure Virtual Network says (https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/ipv6-overview): "ICMPv6 isn't currently supported in Network Security Groups." We cannot use the "ping6" command but need to use another method to test the availability of public IPV6 addresses. One of the methods is using "telnet -6 ipv6.telnetmyip.com" command.

1. We login to SSH shell (like Xshell) with eth0 information (public IPV4 first, then try public IPV6), and input "telnet -6 ipv6.telnetmyip.com", it both responses:

Trying 2600:1f16:227:6200::100...
Connected to ipv6.telnetmyip.com.
The escape character is '^]'.
{


"comment": "##     Your IP Address is 2a01:111:f100:1000::9d37:d42b (51152)     ##",


"family": "ipv6",
"ip": "2a01:111:f100:1000::9d37:d42b",
"port": "51152",
"protocol": "telnet",
"version": "v1.3.0",
"website": "https://github.com/packetsar/checkmyip",
"sponsor": "Sponsored by ConvergeOne, https://www.convergeone.com/"
}
Connection closed by foreign host.

Fine, the system runs well with a public IPV6 address of eth0. That means I needn't modify anything of eth0 in the YAML file.

2. We login to SSH shell (like Xshell) with eth1 public IPV4, and input "telnet -6 ipv6.telnetmyip.com", it reponses:

Trying 2600:1f16:227:6200::100...
Connected to ipv6.telnetmyip.com.
The escape character is '^]'.
{


"comment": "##     Your IP Address is 2a01:111:f100:1000::9d37:d42b (55926)     ##",


"family": "ipv6",
"ip": "2a01:111:f100:1000::9d37:d42b",
"port": "55926",
"protocol": "telnet",
"version": "v1.3.0",
"website": "https://github.com/packetsar/checkmyip",
"sponsor": "Sponsored by ConvergeOne, https://www.convergeone.com/"
}
Connection closed by foreign host.

Oops! it does not recognize the public IPV6 address of eth1, but using the public IPV6 address of eth0

So, how can I edit the YAML file to make the public IPV6 address of eth1 available?

(I've tried to throw the problem to ChatGPT 4 and Claude 2, but both their answers are not working.)

Answer 1

After many attempts, I think I've found the solution. Here are the modified YAML file:

network:
    ethernets:
        eth0:
            dhcp4: true
            dhcp4-overrides: &id001
                route-metric: 100
            dhcp6: true
            dhcp6-overrides: *id001
            match:
                driver: hv_netvsc
                macaddress: 00:22:48:8f:ba:bf #The Exact MAC Address
            set-name: eth0

            routes:
            #IPV4, Refer to https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux-vm-multiple-virtual-network-interfaces-configuration?tabs=1subnet%2Cubuntu
             - to: 10.0.0.0/24
               via: 10.0.0.1
               metric: 100
               table: 200
             - to: 0.0.0.0/0
               via: 10.0.0.1
               table: 200
            #IPV6
             - to: abc:abc:abc:abc::/64  #Or "fe80::/64" as the Command "ip -6 route" Output
               via: fe80::1234:5678:9abc #Use "ip -6 route" to Find the Default Gateway of IPV6
               metric: 100
               table: 200
             - to: ::/0
               via: fe80::1234:5678:9abc #Use "ip -6 route" to Find the Default Gateway of IPV6
               table: 200   

            routing-policy:
            #IPV4, Refer to https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux-vm-multiple-virtual-network-interfaces-configuration?tabs=1subnet%2Cubuntu 
             - from: 10.0.0.4/32 #Exact Internal Static IPV4 Address
               table: 200
             - to: 10.0.0.4/32 #Exact Internal Static IPV4 Address
               table: 200
            #IPV6
             - from: abc:abc:abc:abc::6/128  #Exact Internal Static IPV6 Address
               table: 200
             - to: abc:abc:abc:abc::6/128 #Exact Internal Static IPV6 Address
               table: 200

        eth1:
            dhcp4: true
            dhcp4-overrides: &id002
                route-metric: 200
            dhcp6: true
            dhcp6-overrides: *id002
            match:
                driver: hv_netvsc
                macaddress: 00:22:48:8f:64:21 #The Exact MAC Address
            set-name: eth1

            routes:
            #IPV4, Refer to https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux-vm-multiple-virtual-network-interfaces-configuration?tabs=1subnet%2Cubuntu
             - to: 10.0.0.0/24
               via: 10.0.0.1
               metric: 200
               table: 201
             - to: 0.0.0.0/0
               via: 10.0.0.1
               table: 201
            #IPV6
             - to: abc:abc:abc:abc::/64  #Or "fe80::/64" as the Command "ip -6 route" Output
               via: fe80::1234:5678:9abc #Use "ip -6 route" to Find the Default Gateway of IPV6
               metric: 200
               table: 201
             - to: ::/0
               via: fe80::1234:5678:9abc #Use "ip -6 route" to Find the Default Gateway of IPV6
               table: 201   

            routing-policy:
            #IPV4, Refer to https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux-vm-multiple-virtual-network-interfaces-configuration?tabs=1subnet%2Cubuntu
             - from: 10.0.0.14/32 #Exact Internal Static IPV4 Address
               table: 201
             - to: 10.0.0.14/32 #Exact Internal Static IPV4 Address
               table: 201
            #IPV6
             - from: abc:abc:abc:abc::16/128  #Exact Internal Static IPV6 Address
               table: 201
             - to: abc:abc:abc:abc::16/128 #Exact Internal Static IPV6 Address
               table: 201
    version: 2

As I commented earlier, "telnetmyip.com" will always use eth0, both on IPV4 and IPV6. So, I change to link domain names to IPV4 and IPV6 addresses on eth0 and eth1, something like "eth0ipv4.example.com", "eth0ipv6.example.com", "eth1ipv4.example.com", and "eth1ipv6.example.com". Also, I use the PsPing method (https://learn.microsoft.com/en-us/sysinternals/downloads/psping) on a Windows client machine to test this Ubuntu Server (22.04 LTS).

Now let's see the results.

1.PsPing eth0 on IPV4

C:\PSTools>psping -4 eth0ipv4.example.com:443

PsPing v2.12 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2023 Mark Russinovich
Sysinternals - www.sysinternals.com

TCP connect to 20.25.226.73:443:
5 iterations (warmup 1) ping test:
Connecting to 20.25.226.73:443 (warmup): from 192.168.1.8:65313: 231.25ms
Connecting to 20.25.226.73:443: from 192.168.1.8:65314: 206.61ms
Connecting to 20.25.226.73:443: from 192.168.1.8:65315: 217.29ms
Connecting to 20.25.226.73:443: from 192.168.1.8:65316: 213.11ms
Connecting to 20.25.226.73:443: from 192.168.1.8:65317: 212.49ms

TCP connect statistics for 20.25.226.73:443:
  Sent = 4, Received = 4, Lost = 0 (0% loss),
  Minimum = 206.61ms, Maximum = 217.29ms, Average = 212.37ms

2.PsPing eth0 on IPV6

C:\PSTools>psping -6 eth0ipv6.example.com:443

PsPing v2.12 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2023 Mark Russinovich
Sysinternals - www.sysinternals.com

TCP connect to 2a01:111:f100:1000::9d37:d42b:443:
5 iterations (warmup 1) ping test:
Connecting to 2a01:111:f100:1000::9d37:d42b:443 (warmup): from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65323: 289.15ms
Connecting to 2a01:111:f100:1000::9d37:d42b:443: from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65324: 265.27ms
Connecting to 2a01:111:f100:1000::9d37:d42b:443: from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65325: 262.48ms
Connecting to 2a01:111:f100:1000::9d37:d42b:443: from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65326: 267.85ms
Connecting to 2a01:111:f100:1000::9d37:d42b:443: from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65327: 268.38ms

TCP connect statistics for 2a01:111:f100:1000::9d37:d42b:443:
  Sent = 4, Received = 4, Lost = 0 (0% loss),
  Minimum = 262.48ms, Maximum = 268.38ms, Average = 266.00ms

3.PsPing eth1 on IPV4

C:\PSTools>psping -4 eth1ipv4.example.com:443

PsPing v2.12 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2023 Mark Russinovich
Sysinternals - www.sysinternals.com

TCP connect to 172.183.16.91:443:
5 iterations (warmup 1) ping test:
Connecting to 172.183.16.91:443 (warmup): from 192.168.1.8:65318: 209.25ms
Connecting to 172.183.16.91:443: from 192.168.1.8:65319: 216.23ms
Connecting to 172.183.16.91:443: from 192.168.1.8:65320: 214.06ms
Connecting to 172.183.16.91:443: from 192.168.1.8:65321: 239.47ms
Connecting to 172.183.16.91:443: from 192.168.1.8:65322: 231.35ms

TCP connect statistics for 172.183.16.91:443:
  Sent = 4, Received = 4, Lost = 0 (0% loss),
  Minimum = 214.06ms, Maximum = 239.47ms, Average = 225.28ms

4.PsPing eth1 on IPV6

C:\PSTools>psping -6 eth1ipv6.example.com:443

PsPing v2.12 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2023 Mark Russinovich
Sysinternals - www.sysinternals.com

TCP connect to 2603:1030:603::324:443:
5 iterations (warmup 1) ping test:
Connecting to 2603:1030:603::324:443 (warmup): from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65328: 211.58ms
Connecting to 2603:1030:603::324:443: from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65329: 206.49ms
Connecting to 2603:1030:603::324:443: from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65330: 230.37ms
Connecting to 2603:1030:603::324:443: from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65331: 217.74ms
Connecting to 2603:1030:603::324:443: from 2409:8a55:2a8:99f0:352a:40f8:76b4:e729:65332: 204.68ms

TCP connect statistics for 2603:1030:603::324:443:
  Sent = 4, Received = 4, Lost = 0 (0% loss),
  Minimum = 204.68ms, Maximum = 230.37ms, Average = 214.82ms

Everything is GOOD now!