Unable to specify TTL value for tunnels
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Netplan |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
netplan has the ability to configure SIT tunnels after #1799487. However, it doesn't expose the setting item of configuring the TTL of a tunnel. This can cause issues, especially for users trying to do traceroute over a 6in4 tunnel like the popular one from tunnelbroker.net
According to ip-tunnel(8), the default TTL value for an IPv4 tunnel is "inherit". In the case of an SIT tunnel, the TTL of the encapsulating IPv4 packet will be the same as the Hop Limit field of the IPv6 packet in it. The first few packets sent by traceroute will expire before they reach the other endpoint of tunnel, and the IPv6 applications in the upper layer could not detect it. It appears as if the first few hops are not responding ICMP Time Expired messages, and after that everything seems to be fine.
Such behaviour makes traceroute somehow unusable, and it violates Section 3.3 of RFC4213, which says these tunnels are 'modeled as "single-hop" from the IPv6 perspective'.
The example configuration provided by tunnelbroker.net set the TTL of the tunnel to 255. I think netplan should expose such setting to users. I also wonder if it can be backported to bionic if this feature gets added.
tags: | added: id-5f4911260b04803b0c63d23c |
Similarly for other kinds of tunnels, e.g. GRE.