group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #20643
[Bug 1655440] Re: "unconfigured" NIC can still get IPv6 addresses via RA
This bug was fixed in the package nplan - 0.32~17.04.1
---------------
nplan (0.32~17.04.1) zesty; urgency=medium
* Backport 0.32 to 17.04. (LP: #1713142)
nplan (0.32) bionic; urgency=medium
* src/nm.c: better handle the UUID generation; the order of iterating
through interaces may affect things here. Also make sure the tests catch
a null UUID.
nplan (0.31) bionic; urgency=medium
[ Mathieu Trudel-Lapierre ]
* src/nm.c: generate a UUID for a connection only as needed; when we're
dealing with NM VLANs. (LP: #1712921)
* debian/tests/autostart: Make the autostart test more verbose and avoid
failing right from the start when systemd-networkd is disabled.
(LP: #1699371)
* tests/integration.py: bump the NetworkManager timeout for settling to
120 seconds, autopkgtest infrastructure tends to be a little slow for the
network device configuration to be applied and noticed by NM.
(LP: #1699371)
[ Dimitri John Ledkov ]
* Reload udevd to invalidate configuration cache of .rules/.link files
as generate step may have changed them. LP: #1669564
[ Dan Streetman ]
* Add another interface driver exception to netplan replug to prevent unbind
of the Xen VIF interfaces. (LP: #1729573)
nplan (0.30) artful; urgency=medium
* Add an "optional" syntax node for now to all devices. This is unimplemented
for now, but intended to allow users to mark some devices as optional: to
make sure they do not delay boot when configured. (LP: #1664844)
nplan (0.29) artful; urgency=medium
* Fix autopkgtests in a world where /run/NetworkManager/conf.d already
exists. nplan is enabled by default, so it might well have the directory
already created on the filesystem.
nplan (0.28) artful; urgency=medium
* Revert 56cd3eec which disabled IPv6 Router Advertisements by default. It
broke default network config in LXD and was contrary to the defaults used
by the kernel. Reopens LP: 1655440. (LP: #1717404)
* Add "accept-ra:" key for all device types; this will default to OFF but
allow users to disable processing Router Advertisements when required by
their network setup. (LP: #1655440)
nplan (0.27) artful; urgency=medium
[ Mathieu Trudel-Lapierre ]
* Fix crash in systemd generator if called by an user on the command-line
* coverage: fix exclusions to properly not cover our "never reached defaults"
[ Dimitri John Ledkov ]
* tests/integration.py: In teardown, stop systemd-networkd.socket.
* src/networkd.c: Set UseMTU=true by default, whenever DHCP is in use.
(LP: #1717471)
* tests/integration.py: fix resolved detection.
nplan (0.26) artful; urgency=medium
* Bonding:
- Add support for specifying a primary slave. (LP: #1709135)
* Rebind:
- Fix brcmfmac harder. Treat any 'brcmfmac' driver as not supporting
rebind. (LP: #1712224)
* Autopkgtests:
- Add allow-stderr. Systemd now bleats about a the networkd socket still
being around and enabled when we restart the service; but we don't need
to care since we're /restarting/ the service to load the new config.
- Fix the autostart package to be more sensible: we don't really care if
networkd autostarts or not, but we need to make sure that our generator
will run at boot, so instead check the state, but only assert it once
we've added a config file and before checking the state of our dummy
device.
- Do a bit more to make sure "mix" tests which stack virtual devices are
as reliable as possible; by setting saner defaults.
nplan (0.25) artful; urgency=medium
* tests/generate.py: add a test to validate that correct blacklist entries
are added when creating virtual devices.
* tests/integration.py: clean up after br0 in networkd's test_bridge_mac; as
the remaining interface and udev configuration can confuse NetworkManager
now that it seems to manage random devices it did not create again.
(LP: #1699371)
* src/nm.c: set the MTU even though we also specify it in systemd-networkd
for consumption by udev. NetworkManager will try to set it and might
otherwise default to the wrong value.
* src/networkd.c: Set IPv6AcceptRA=no anytime we don't do DHCPv6 (or by the
same config, SLAAC), and don't have static addresses set. This should fix
the cases where unconfigured devices still get an IPv6 address.
(LP: #1655440)
* src/nm.c: Explicitly set IPv6 method=ignore when IPv6 is otherwise not
configured; this follows the same logic as setting IPv6AcceptRA=no in
networkd, with the exception that NM does not currently disable RAs. When
it does, an unconfigured device for IPv6 will truly be left with no config.
nplan (0.24) artful; urgency=medium
* debian/control: set Priority to important to make sure we can get into
minimal.
-- Mathieu Trudel-Lapierre <cyphermox@xxxxxxxxxx> Thu, 16 Nov 2017
10:43:28 -0500
** Changed in: nplan (Ubuntu Zesty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1655440
Title:
"unconfigured" NIC can still get IPv6 addresses via RA
Status in curtin:
New
Status in MAAS:
Triaged
Status in netplan:
Fix Released
Status in nplan package in Ubuntu:
Fix Released
Status in nplan source package in Xenial:
Fix Released
Status in nplan source package in Zesty:
Fix Released
Bug description:
[Impact]
Some users omit configuration for some interfaces, and expect that the lack of configuration translates to "no IP address" on the interface, as per netplan documentation.
[Test case]
/!\ Requires an IPv6-capable network.
1) Update nplan.
2) Ensure the nplan configure includes the 'accept-ra: no' option.
3) Run 'netplan apply'
4) Verify that there is no IPv6 address set for the interface where 'accept-ra: no is set; using 'ip -6 addr'.
[Regression potential]
Incorrect configuration of the IPv6 addresses on a device would consistute a regression: for instance, getting an IPv6 SLAAC address when 'accept-ra: no' is set; or no IPv6 address when RAs are being received and 'accept-ra' is not set. Furthermore, possible regressions may look like incorrect IPv6 configuration or missing options on IPv6 or IPv4 setups, in the form of not retrieving an IP address or getting the wrong IP.
---
TL;DR A MAAS NIC that is set to "unconfigured" (or "link up") will get
no IPv4 address, but it might still get an IPv6 address via router
advertisements (RA), if there is such a service in that network
segment.
Whether this is a bug or not is up for discussion. That's the point of
this ticket, actually, so that this discussion can be had and be
recorded.
We found out about this when we couldn't get any connectivity to
instances of an openstack cloud deployed by the autopilot.
After much debugging, we found that the problem was with the br-data
bridge on the neutron-gateway node: it didn't have the external NIC
(eth1) as part of the bridge.
The neutron-gateway charm, before adding any NIC to a bridge, performs
certain checks to see if it's really unused. One of these checks looks
for IP addresses on the NIC, both IPv4 and IPv6. In MAAS, that node
had eth1 set to "unconfigured", so that eth1 is just "up", but has no
IP (v4) address. Turns out this NIC had gotten an IPv6 ULA from an
openwrt router in that network segment. That was enough for the charm
to not add it to the br-data bridge, thus breaking connectivity to
openstack instances that were later brought up.
We shut down the RA service on the openwrt router and then everything
worked as expected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1655440/+subscriptions