Unable to specify TTL value for tunnels

Bug #1846783 reported by Rudy Adams on 2019-10-04
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
netplan
Undecided
Unassigned

Bug Description

netplan has the ability to configure SIT tunnels after #1799487. However, it doesn't expose the setting item of configuring the TTL of a tunnel. This can cause issues, especially for users trying to do traceroute over a 6in4 tunnel like the popular one from tunnelbroker.net

According to ip-tunnel(8), the default TTL value for an IPv4 tunnel is "inherit". In the case of an SIT tunnel, the TTL of the encapsulating IPv4 packet will be the same as the Hop Limit field of the IPv6 packet in it. The first few packets sent by traceroute will expire before they reach the other endpoint of tunnel, and the IPv6 applications in the upper layer could not detect it. It appears as if the first few hops are not responding ICMP Time Expired messages, and after that everything seems to be fine.
Such behaviour makes traceroute somehow unusable, and it violates Section 3.3 of RFC4213, which says these tunnels are 'modeled as "single-hop" from the IPv6 perspective'.

The example configuration provided by tunnelbroker.net set the TTL of the tunnel to 255. I think netplan should expose such setting to users. I also wonder if it can be backported to bionic if this feature gets added.

Konrad Zemek (kzemek) wrote :

Similarly for other kinds of tunnels, e.g. GRE.

Fionera (fionera) wrote :

I need to override this when I run BGP over a SIT Tunnel. Now I have to do this with a init.rc script as workaround.

Stéphane Graber (stgraber) wrote :

Got hit by this here too, this is really needed for anyone using sit tunnels at least.

Changed in netplan:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers