direct routes and SLAAC addresses
Many thanks for answering my stubnet question a couple of weeks or so back. I have a supplementary direct-protocol question now... We have a Linux router running BIRD 2.0.8. It has some interfaces on which we configure IPv6 addresses statically. We turn off auto-configuration, but, due to a race condition which it's going to be hard to fix, when we reboot the machine we can end up with SLAAC addresses as well as the static IPv6 addresses. We start BIRD, and the direct protocol imports the subnets, so we can then export them to BGP. The problem seems to come when the kernel ages out the SLAAC addresses. It looks as though when a SLAAC address goes, the direct protocol notices and stops importing the corresponding subnet. Unfortunately, it looks as though it doesn't realise that there's still a static IPv6 address for the subnet, and that it should therefore continue to import it. Does that sound right, or am I missing some bit of configuration somewhere? (As a hack workaround we now delete all of those unwanted SLAAC addresses before we start BIRD.) Thanks again for your help, and for BIRD. It's been very useful! -- George D M Ross MSc PhD CEng MBCS CITP University of Edinburgh, School of Informatics, Appleton Tower, 11 Crichton Street, Edinburgh, Scotland, EH8 9LE Mail: gdmr@inf.ed.ac.uk Voice: 0131 650 5147 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
On Thu, Jul 08, 2021 at 10:56:18AM +0100, George Ross wrote:
Many thanks for answering my stubnet question a couple of weeks or so back. I have a supplementary direct-protocol question now...
We have a Linux router running BIRD 2.0.8. It has some interfaces on which we configure IPv6 addresses statically. We turn off auto-configuration, but, due to a race condition which it's going to be hard to fix, when we reboot the machine we can end up with SLAAC addresses as well as the static IPv6 addresses.
We start BIRD, and the direct protocol imports the subnets, so we can then export them to BGP. The problem seems to come when the kernel ages out the SLAAC addresses. It looks as though when a SLAAC address goes, the direct protocol notices and stops importing the corresponding subnet. Unfortunately, it looks as though it doesn't realise that there's still a static IPv6 address for the subnet, and that it should therefore continue to import it.
Hi That is probably an issue with the Direct protocol and IPv6. In IPv4, there is only one 'primary' address per IP range and iface, others are marked 'secondary' by the kernel, so we just ignore secondary ones and add/remove prefix when primary address is added/removed. But seems that in IPv6, this is not the case and there is no secondary flag. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
That is probably an issue with the Direct protocol and IPv6. In IPv4, there is only one 'primary' address per IP range and iface, others are marked 'secondary' by the kernel, so we just ignore secondary ones and add/remove prefix when primary address is added/removed. But seems that in IPv6, this is not the case and there is no secondary flag.
Ah. We'll keep our workaround in place anyway, but is this something that's likely to be fixed in future versions? Rescanning the interfaces when an IPv6 address goes away, for example, or just periodically recanning. Thanks! -- George D M Ross MSc PhD CEng MBCS CITP University of Edinburgh, School of Informatics, Appleton Tower, 11 Crichton Street, Edinburgh, Scotland, EH8 9LE Mail: gdmr@inf.ed.ac.uk Voice: 0131 650 5147 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
Hi, Am 08.07.21 um 17:03 schrieb Ondrej Zajicek:
That is probably an issue with the Direct protocol and IPv6. In IPv4, there is only one 'primary' address per IP range and iface, others are marked 'secondary' by the kernel, so we just ignore secondary ones and add/remove prefix when primary address is added/removed. But seems that in IPv6, this is not the case and there is no secondary flag.
IPv6 addresses have the "dynamic" flag if set with autoconf or privacy extensions AFAIK. Regards -- Robert Sander Heinlein Consulting GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
That is probably an issue with the Direct protocol and IPv6. In IPv4, there is only one 'primary' address per IP range and iface, others are marked 'secondary' by the kernel, so we just ignore secondary ones and add/remove prefix when primary address is added/removed. But seems that in IPv6, this is not the case and there is no secondary flag.
BTW, it occurs to me that there is probably also a problem with the direct protocol and IPv6 "privacy" addresses, which will also come and go (and unlike our case with SLAAC addresses they are actually supposed to do so). -- George D M Ross MSc PhD CEng MBCS CITP University of Edinburgh, School of Informatics, Appleton Tower, 11 Crichton Street, Edinburgh, Scotland, EH8 9LE Mail: gdmr@inf.ed.ac.uk Voice: 0131 650 5147 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
Hi, Am 08.07.21 um 11:56 schrieb George Ross:
Does that sound right, or am I missing some bit of configuration somewhere?
(As a hack workaround we now delete all of those unwanted SLAAC addresses before we start BIRD.)
Your SLAAC issue does not sound right to me. What distribution are you using? How do you configure the interfaces? On Debian it should be possible to add accept_ra 0 autoconf 0 privext 0 to the interface definition in /etc/network/interfaces according to https://manpages.debian.org/jessie/ifupdown/interfaces.5.en.html You can also use a sysctl config file in /etc/sysctl.d to set net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.all.accept_ra = 0 accept_ra should be automatically set to 0 when net.ipv6.conf.all.forwarding is 1. Regards -- Robert Sander Heinlein Consulting GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
What distribution are you using?
Scientific Linux 7.8 (7.9 soon).
How do you configure the interfaces?
By adding the relevant lines to the ifcfg-vlanNNN files.
You can also use a sysctl config file in /etc/sysctl.d to set ...
Yes, we do all that, or at least that's what the init-scripts do. But as I said, there's a race condition. The interfaces are set so that they shouldn't auto-configure, but there's time between the interfaces appearing and them being configured not to auto-configure, and that's enough time for them to acquire SLAAC addresses, at least sometimes. As for why we want static addresses when we could just as easily use the SLAAC ones, mostly we do just use SLAAC addresses and have our DNS provisioning system generate the AAAA and PTR entries for them. But for these particular machines we definitely don't want to have a dependency on some other bit of kit to transmit the RAs. And we definitely don't want to have to try to debug routing issues a couple of weeks after some other change or breakage. -- George D M Ross MSc PhD CEng MBCS CITP University of Edinburgh, School of Informatics, Appleton Tower, 11 Crichton Street, Edinburgh, Scotland, EH8 9LE Mail: gdmr@inf.ed.ac.uk Voice: 0131 650 5147 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
participants (3)
-
George Ross -
Ondrej Zajicek -
Robert Sander