yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #91880
[Bug 2019021] [NEW] IPv6 static address assignment should not disable router advertisement
Public bug reported:
This is a bug affecting RHEL and derivatives that use cloud-init.
Back in 2020, the PR https://github.com/canonical/cloud-init/pull/634
was accepted that disables listening for IPv6 router advertisement when
a static / static6 address is defined on RHEL and derivatives - see
https://github.com/canonical/cloud-
init/blob/main/cloudinit/net/sysconfig.py#L523
I'm not sure why this was proposed as the solution for what seems like a
platform-specific problem, but the original author stated "It is safe to
assume that if the interface is manually configured to use static ipv6
address, there's no need to wait for router advertisements."
This is incorrect, there are a number of reasons why you might define a
static address but still want RA on that interface. Most obviously that
it permits you to have multiple routers without needing to worry about
IP address failover. This is explicitly mentioned in RFC 4861:
https://www.rfc-editor.org/rfc/rfc4861#section-3.1
"Unlike in IPv4 Router Discovery, the Router Advertisement messages
do not contain a preference field. The preference field is not
needed to handle routers of different "stability"; the Neighbor
Unreachability Detection will detect dead routers and switch to a
working one."
It's perfectly valid to generate router advertisements that don't result
in the generation of SLAAC addresses, or enable the M or O flags (for
DHCPv6), but are simply used to advertise that one or more routers are
available for a given prefix. A definitive statement for this can be
found in RFC4861: https://www.rfc-editor.org/rfc/rfc4861#section-6:
"Router Discovery is used to locate neighboring routers as well as learn
prefixes and configuration parameters related to stateless address
autoconfiguration."
Address allocation is separate from router advertisement. RA enables the
use of stateless address configuration, but it is not *only* used for
that.
Provider: Mythic Beasts
VM is Rocky Linux 8 - their latest GenericCloud image from http://dl.rockylinux.org/pub/rocky/8/images/x86_64/
network-config:
config:
- mac_address: 52:54:00:bc:1f:7f
name: eth0
subnets:
- address: 2a00:1098:82::7:48
netmask: 112
type: static
type: physical
- address:
- 2a00:1098:0:82:1000:3b:0:1
- 2a00:1098:0:80:1000:3b:0:1
search: mythic-beasts.com
type: nameserver
version: 1
Results in sysconfig network:
BOOTPROTO=none
DEVICE=eth0
HWADDR=52:54:00:bc:1f:7f
IPV6ADDR=2a00:1098:82::7:48/64
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_FORCE_ACCEPT_RA=no
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
This VM has a static address but relies on RA for routes, and the
presence of IPV6_AUTOCONF=no / IPV6_FORCE_ACCEPT_RA=no means no default
route, so no working DNS, and no phone home.
I can't easily get the full set of logs out as this has no working
networking and is only half configured, but console output shows:
[ 17.065634] cloud-init[940]: Cloud-init v. 22.1-5.el8.0.1 running 'init' at Tue, 09 May 2023 16:03:08 +0000. Up 15.69 seconds.
[ 17.076141] cloud-init[940]: ci-info: ++++++++++++++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++++++++++++
[ 17.087098] cloud-init[940]: ci-info: +--------+------+----------------------------+---------------+--------+-------------------+
[ 17.098070] cloud-init[940]: ci-info: | Device | Up | Address | Mask | Scope | Hw-Address |
[ 17.109070] cloud-init[940]: ci-info: +--------+------+----------------------------+---------------+--------+-------------------+
[ 17.120087] cloud-init[940]: ci-info: | eth0 | True | 10.23.42.80 | 255.255.255.0 | global | 52:54:00:04:b6:ac |
[ 17.131874] cloud-init[940]: ci-info: | eth0 | True | 2a00:1098:82::7:73/64 | . | global | 52:54:00:04:b6:ac |
[ 17.142110] cloud-init[940]: ci-info: | eth0 | True | fe80::5054:ff:fe04:b6ac/64 | . | link | 52:54:00:04:b6:ac |
[ 17.153082] cloud-init[940]: ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | host | . |
[ 17.164085] cloud-init[940]: ci-info: | lo | True | ::1/128 | . | host | . |
[ 17.175083] cloud-init[940]: ci-info: +--------+------+----------------------------+---------------+--------+-------------------+
[ 17.186072] cloud-init[940]: ci-info: ++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++
[ 17.198076] cloud-init[940]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 17.209090] cloud-init[940]: ci-info: | Route | Destination | Gateway | Genmask | Interface | Flags |
[ 17.220074] cloud-init[940]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 17.231073] cloud-init[940]: ci-info: | 0 | 0.0.0.0 | 10.23.42.1 | 0.0.0.0 | eth0 | UG |
[ 17.242071] cloud-init[940]: ci-info: | 1 | 10.23.42.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U |
[ 17.253082] cloud-init[940]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 17.263084] cloud-init[940]: ci-info: ++++++++++++++++++++++Route IPv6 info++++++++++++++++++++++
[ 17.274073] cloud-init[940]: ci-info: +-------+-------------------+---------+-----------+-------+
[ 17.285071] cloud-init[940]: ci-info: | Route | Destination | Gateway | Interface | Flags |
[ 17.295415] cloud-init[940]: ci-info: +-------+-------------------+---------+-----------+-------+
[ 17.306072] cloud-init[940]: ci-info: | 1 | 2a00:1098:82::/64 | :: | eth0 | U |
[ 17.317156] cloud-init[940]: ci-info: | 2 | fe80::/64 | :: | eth0 | U |
[ 17.328075] cloud-init[940]: ci-info: | 4 | multicast | :: | eth0 | U |
[ 17.339078] cloud-init[940]: ci-info: +-------+-------------------+---------+-----------+-------+
As you can see, there's no IPv6 default route.
Compare this with a Debian VM where the same config works as expected:
[ 12.127521] cloud-init[402]: Cloud-init v. 22.4.2 running 'init' at Tue, 09 May 2023 17:44:28 +0000. Up 12.11 seconds.
[ 12.148515] cloud-init[402]: ci-info: +++++++++++++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++++++++++++
[ 12.150615] cloud-init[402]: ci-info: +--------+------+---------------------------+---------------+--------+-------------------+
[ 12.152672] cloud-init[402]: ci-info: | Device | Up | Address | Mask | Scope | Hw-Address |
[ 12.154723] cloud-init[402]: ci-info: +--------+------+---------------------------+---------------+--------+-------------------+
[ 12.156766] cloud-init[402]: ci-info: | eth0 | True | 10.23.42.18 | 255.255.255.0 | global | 52:54:00:e1:0a:2d |
[ 12.158789] cloud-init[402]: ci-info: | eth0 | True | 2a00:1098:82::7:34/64 | . | global | 52:54:00:e1:0a:2d |
[ 12.160742] cloud-init[402]: ci-info: | eth0 | True | fe80::5054:ff:fee1:a2d/64 | . | link | 52:54:00:e1:0a:2d |
[ 12.162715] cloud-init[402]: ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | host | . |
[ 12.164678] cloud-init[402]: ci-info: | lo | True | ::1/128 | . | host | . |
[ 12.166633] cloud-init[402]: ci-info: +--------+------+---------------------------+---------------+--------+-------------------+
[ 12.168592] cloud-init[402]: ci-info: ++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++
[ 12.170335] cloud-init[402]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 12.172075] cloud-init[402]: ci-info: | Route | Destination | Gateway | Genmask | Interface | Flags |
[ 12.173811] cloud-init[402]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 12.175551] cloud-init[402]: ci-info: | 0 | 0.0.0.0 | 10.23.42.1 | 0.0.0.0 | eth0 | UG |
[ 12.177293] cloud-init[402]: ci-info: | 1 | 10.23.42.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U |
[ 12.179043] cloud-init[402]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 12.181101] cloud-init[402]: ci-info: ++++++++++++++++++++++++++++++Route IPv6 info+++++++++++++++++++++++++++++++
[ 12.183200] cloud-init[402]: ci-info: +-------+-------------------+--------------------------+-----------+-------+
[ 12.185253] cloud-init[402]: ci-info: | Route | Destination | Gateway | Interface | Flags |
[ 12.187282] cloud-init[402]: ci-info: +-------+-------------------+--------------------------+-----------+-------+
[ 12.189276] cloud-init[402]: ci-info: | 1 | 2a00:1098:82::/64 | :: | eth0 | U |
[ 12.191261] cloud-init[402]: ci-info: | 2 | fe80::/64 | :: | eth0 | U |
[ 12.193189] cloud-init[402]: ci-info: | 3 | ::/0 | fe80::4de:15ff:fe2f:9d3d | eth0 | UGe |
[ 12.195133] cloud-init[402]: ci-info: | 5 | local | :: | eth0 | U |
[ 12.197041] cloud-init[402]: ci-info: | 6 | local | :: | eth0 | U |
[ 12.198882] cloud-init[402]: ci-info: | 7 | multicast | :: | eth0 | U |
[ 12.200641] cloud-init[402]: ci-info: +-------+-------------------+--------------------------+-----------+-------+
** Affects: cloud-init
Importance: Undecided
Status: New
** Tags: ipv6
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/2019021
Title:
IPv6 static address assignment should not disable router advertisement
Status in cloud-init:
New
Bug description:
This is a bug affecting RHEL and derivatives that use cloud-init.
Back in 2020, the PR https://github.com/canonical/cloud-init/pull/634
was accepted that disables listening for IPv6 router advertisement
when a static / static6 address is defined on RHEL and derivatives -
see https://github.com/canonical/cloud-
init/blob/main/cloudinit/net/sysconfig.py#L523
I'm not sure why this was proposed as the solution for what seems like
a platform-specific problem, but the original author stated "It is
safe to assume that if the interface is manually configured to use
static ipv6 address, there's no need to wait for router
advertisements."
This is incorrect, there are a number of reasons why you might define
a static address but still want RA on that interface. Most obviously
that it permits you to have multiple routers without needing to worry
about IP address failover. This is explicitly mentioned in RFC 4861:
https://www.rfc-editor.org/rfc/rfc4861#section-3.1
"Unlike in IPv4 Router Discovery, the Router Advertisement messages
do not contain a preference field. The preference field is not
needed to handle routers of different "stability"; the Neighbor
Unreachability Detection will detect dead routers and switch to a
working one."
It's perfectly valid to generate router advertisements that don't
result in the generation of SLAAC addresses, or enable the M or O
flags (for DHCPv6), but are simply used to advertise that one or more
routers are available for a given prefix. A definitive statement for
this can be found in RFC4861: https://www.rfc-
editor.org/rfc/rfc4861#section-6: "Router Discovery is used to locate
neighboring routers as well as learn prefixes and configuration
parameters related to stateless address autoconfiguration."
Address allocation is separate from router advertisement. RA enables
the use of stateless address configuration, but it is not *only* used
for that.
Provider: Mythic Beasts
VM is Rocky Linux 8 - their latest GenericCloud image from http://dl.rockylinux.org/pub/rocky/8/images/x86_64/
network-config:
config:
- mac_address: 52:54:00:bc:1f:7f
name: eth0
subnets:
- address: 2a00:1098:82::7:48
netmask: 112
type: static
type: physical
- address:
- 2a00:1098:0:82:1000:3b:0:1
- 2a00:1098:0:80:1000:3b:0:1
search: mythic-beasts.com
type: nameserver
version: 1
Results in sysconfig network:
BOOTPROTO=none
DEVICE=eth0
HWADDR=52:54:00:bc:1f:7f
IPV6ADDR=2a00:1098:82::7:48/64
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_FORCE_ACCEPT_RA=no
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
This VM has a static address but relies on RA for routes, and the
presence of IPV6_AUTOCONF=no / IPV6_FORCE_ACCEPT_RA=no means no
default route, so no working DNS, and no phone home.
I can't easily get the full set of logs out as this has no working
networking and is only half configured, but console output shows:
[ 17.065634] cloud-init[940]: Cloud-init v. 22.1-5.el8.0.1 running 'init' at Tue, 09 May 2023 16:03:08 +0000. Up 15.69 seconds.
[ 17.076141] cloud-init[940]: ci-info: ++++++++++++++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++++++++++++
[ 17.087098] cloud-init[940]: ci-info: +--------+------+----------------------------+---------------+--------+-------------------+
[ 17.098070] cloud-init[940]: ci-info: | Device | Up | Address | Mask | Scope | Hw-Address |
[ 17.109070] cloud-init[940]: ci-info: +--------+------+----------------------------+---------------+--------+-------------------+
[ 17.120087] cloud-init[940]: ci-info: | eth0 | True | 10.23.42.80 | 255.255.255.0 | global | 52:54:00:04:b6:ac |
[ 17.131874] cloud-init[940]: ci-info: | eth0 | True | 2a00:1098:82::7:73/64 | . | global | 52:54:00:04:b6:ac |
[ 17.142110] cloud-init[940]: ci-info: | eth0 | True | fe80::5054:ff:fe04:b6ac/64 | . | link | 52:54:00:04:b6:ac |
[ 17.153082] cloud-init[940]: ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | host | . |
[ 17.164085] cloud-init[940]: ci-info: | lo | True | ::1/128 | . | host | . |
[ 17.175083] cloud-init[940]: ci-info: +--------+------+----------------------------+---------------+--------+-------------------+
[ 17.186072] cloud-init[940]: ci-info: ++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++
[ 17.198076] cloud-init[940]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 17.209090] cloud-init[940]: ci-info: | Route | Destination | Gateway | Genmask | Interface | Flags |
[ 17.220074] cloud-init[940]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 17.231073] cloud-init[940]: ci-info: | 0 | 0.0.0.0 | 10.23.42.1 | 0.0.0.0 | eth0 | UG |
[ 17.242071] cloud-init[940]: ci-info: | 1 | 10.23.42.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U |
[ 17.253082] cloud-init[940]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 17.263084] cloud-init[940]: ci-info: ++++++++++++++++++++++Route IPv6 info++++++++++++++++++++++
[ 17.274073] cloud-init[940]: ci-info: +-------+-------------------+---------+-----------+-------+
[ 17.285071] cloud-init[940]: ci-info: | Route | Destination | Gateway | Interface | Flags |
[ 17.295415] cloud-init[940]: ci-info: +-------+-------------------+---------+-----------+-------+
[ 17.306072] cloud-init[940]: ci-info: | 1 | 2a00:1098:82::/64 | :: | eth0 | U |
[ 17.317156] cloud-init[940]: ci-info: | 2 | fe80::/64 | :: | eth0 | U |
[ 17.328075] cloud-init[940]: ci-info: | 4 | multicast | :: | eth0 | U |
[ 17.339078] cloud-init[940]: ci-info: +-------+-------------------+---------+-----------+-------+
As you can see, there's no IPv6 default route.
Compare this with a Debian VM where the same config works as expected:
[ 12.127521] cloud-init[402]: Cloud-init v. 22.4.2 running 'init' at Tue, 09 May 2023 17:44:28 +0000. Up 12.11 seconds.
[ 12.148515] cloud-init[402]: ci-info: +++++++++++++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++++++++++++
[ 12.150615] cloud-init[402]: ci-info: +--------+------+---------------------------+---------------+--------+-------------------+
[ 12.152672] cloud-init[402]: ci-info: | Device | Up | Address | Mask | Scope | Hw-Address |
[ 12.154723] cloud-init[402]: ci-info: +--------+------+---------------------------+---------------+--------+-------------------+
[ 12.156766] cloud-init[402]: ci-info: | eth0 | True | 10.23.42.18 | 255.255.255.0 | global | 52:54:00:e1:0a:2d |
[ 12.158789] cloud-init[402]: ci-info: | eth0 | True | 2a00:1098:82::7:34/64 | . | global | 52:54:00:e1:0a:2d |
[ 12.160742] cloud-init[402]: ci-info: | eth0 | True | fe80::5054:ff:fee1:a2d/64 | . | link | 52:54:00:e1:0a:2d |
[ 12.162715] cloud-init[402]: ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | host | . |
[ 12.164678] cloud-init[402]: ci-info: | lo | True | ::1/128 | . | host | . |
[ 12.166633] cloud-init[402]: ci-info: +--------+------+---------------------------+---------------+--------+-------------------+
[ 12.168592] cloud-init[402]: ci-info: ++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++
[ 12.170335] cloud-init[402]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 12.172075] cloud-init[402]: ci-info: | Route | Destination | Gateway | Genmask | Interface | Flags |
[ 12.173811] cloud-init[402]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 12.175551] cloud-init[402]: ci-info: | 0 | 0.0.0.0 | 10.23.42.1 | 0.0.0.0 | eth0 | UG |
[ 12.177293] cloud-init[402]: ci-info: | 1 | 10.23.42.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U |
[ 12.179043] cloud-init[402]: ci-info: +-------+-------------+------------+---------------+-----------+-------+
[ 12.181101] cloud-init[402]: ci-info: ++++++++++++++++++++++++++++++Route IPv6 info+++++++++++++++++++++++++++++++
[ 12.183200] cloud-init[402]: ci-info: +-------+-------------------+--------------------------+-----------+-------+
[ 12.185253] cloud-init[402]: ci-info: | Route | Destination | Gateway | Interface | Flags |
[ 12.187282] cloud-init[402]: ci-info: +-------+-------------------+--------------------------+-----------+-------+
[ 12.189276] cloud-init[402]: ci-info: | 1 | 2a00:1098:82::/64 | :: | eth0 | U |
[ 12.191261] cloud-init[402]: ci-info: | 2 | fe80::/64 | :: | eth0 | U |
[ 12.193189] cloud-init[402]: ci-info: | 3 | ::/0 | fe80::4de:15ff:fe2f:9d3d | eth0 | UGe |
[ 12.195133] cloud-init[402]: ci-info: | 5 | local | :: | eth0 | U |
[ 12.197041] cloud-init[402]: ci-info: | 6 | local | :: | eth0 | U |
[ 12.198882] cloud-init[402]: ci-info: | 7 | multicast | :: | eth0 | U |
[ 12.200641] cloud-init[402]: ci-info: +-------+-------------------+--------------------------+-----------+-------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/2019021/+subscriptions
Follow ups
