I tried again, just to make sure I could reproduce it.
* Create a network, with one ipv4 and one ipv6 subnet
* Create a router with provider network outside (ipv4 and ipv6, upstream provides SLAAC) and two interfaces (one v4, one v6, SLAAC provided by openstack router) for the created network
* Spawned an instance on the network created in step 1, got one RFC1918 ipv4 and a public ipv6
To make it work:
* On active router: ip netns exec qrouter-<router id> sysctl -w net.ipv6.conf.all.forwarding=1
On the internal qr interface for the ipv6 subnet there is a ip conflict.
On master:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2310: ha-0046c005-09: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:40:89:64 brd ff:ff:ff:ff:ff:ff
inet 169.254.192.3/18 brd 169.254.255.255 scope global ha-0046c005-09
valid_lft forever preferred_lft forever
inet 169.254.0.2/24 scope global ha-0046c005-09
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe40:8964/64 scope link
valid_lft forever preferred_lft forever
2311: qg-081f5606-3a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:40:5a:75 brd ff:ff:ff:ff:ff:ff
inet 193.93.248.71/22 scope global qg-081f5606-3a
valid_lft forever preferred_lft forever
inet6 <hidden>:f816:3eff:fe40:5a75/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe40:5a75/64 scope link nodad
valid_lft forever preferred_lft forever
2312: qr-769a975e-77: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:c4:d1:1d brd ff:ff:ff:ff:ff:ff
inet 192.168.123.1/24 scope global qr-769a975e-77
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fec4:d11d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
2313: qr-48b0176f-f8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:c4:af:32 brd ff:ff:ff:ff:ff:ff
inet6 <hidden>:f816:3eff:fec4:af32/64 scope global mngtmpaddr dynamic
valid_lft 85932sec preferred_lft 13932sec
inet6 <hidden>::1/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fec4:af32/64 scope link
valid_lft forever preferred_lft forever
Actions taken on backup router:
ip netns exec qrouter-<router id> sysctl -w net.ipv6.conf.qr-769a975e-77.accept_ra=0
ip netns exec qrouter-<router id> sysctl -w net.ipv6.conf.qr-48b0176f-f8.accept_ra=0
ip netns exec qrouter-<router id> ip addr del <hidden>:f816:3eff:fec4:d11d/64 dev qr-769a975e-77
To summerize I think this is the approach needed:
* net.ipv6.conf.all.forwarding needs to be 1 for master (it was 0 until fixed manually)
* accept_ra should be 1 for master qr interfaces, 0 for qr backup interfaces
* ensure no RA is accepted, no SLAAC addresses is assigned, no fe80 link-local addresses is assigned (for interfaces that has same MAC address because being a HA router)
I tried again, just to make sure I could reproduce it.
* Create a network, with one ipv4 and one ipv6 subnet
* Create a router with provider network outside (ipv4 and ipv6, upstream provides SLAAC) and two interfaces (one v4, one v6, SLAAC provided by openstack router) for the created network
* Spawned an instance on the network created in step 1, got one RFC1918 ipv4 and a public ipv6
To make it work: conf.all. forwarding= 1
* On active router: ip netns exec qrouter-<router id> sysctl -w net.ipv6.
On the internal qr interface for the ipv6 subnet there is a ip conflict.
On master: UP,LOWER_ UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 MULTICAST, UP,LOWER_ UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 3eff:fe40: 8964/64 scope link MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 :f816:3eff: fe40:5a75/ 64 scope global nodad 3eff:fe40: 5a75/64 scope link nodad MULTICAST, UP,LOWER_ UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 3eff:fec4: d11d/64 scope link tentative dadfailed MULTICAST, UP,LOWER_ UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 :f816:3eff: fec4:af32/ 64 scope global mngtmpaddr dynamic 3eff:fec4: af32/64 scope link
1: lo: <LOOPBACK,
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2310: ha-0046c005-09: <BROADCAST,
link/ether fa:16:3e:40:89:64 brd ff:ff:ff:ff:ff:ff
inet 169.254.192.3/18 brd 169.254.255.255 scope global ha-0046c005-09
valid_lft forever preferred_lft forever
inet 169.254.0.2/24 scope global ha-0046c005-09
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
2311: qg-081f5606-3a: <BROADCAST,
link/ether fa:16:3e:40:5a:75 brd ff:ff:ff:ff:ff:ff
inet 193.93.248.71/22 scope global qg-081f5606-3a
valid_lft forever preferred_lft forever
inet6 <hidden>
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
2312: qr-769a975e-77: <BROADCAST,
link/ether fa:16:3e:c4:d1:1d brd ff:ff:ff:ff:ff:ff
inet 192.168.123.1/24 scope global qr-769a975e-77
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
2313: qr-48b0176f-f8: <BROADCAST,
link/ether fa:16:3e:c4:af:32 brd ff:ff:ff:ff:ff:ff
inet6 <hidden>
valid_lft 85932sec preferred_lft 13932sec
inet6 <hidden>::1/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
[1465004.929480] IPv6: qr-769a975e-77: IPv6 duplicate address fe80::f816: 3eff:fec4: d11d detected! :f816:3eff: fec4:d11d detected! :f816:3eff: fec4:d11d detected!
[1465036.480584] IPv6: qr-769a975e-77: IPv6 duplicate address <hidden>
[1465052.948421] IPv6: qr-769a975e-77: IPv6 duplicate address <hidden>
net.ipv4. conf.all. forwarding = 1 conf.all. forwarding = 1 conf.qg- 081f5606- 3a.forwarding = 1 conf.qr- 48b0176f- f8.forwarding = 1 conf.qr- 769a975e- 77.forwarding = 1 conf.qg- 081f5606- 3a.accept_ ra = 0 conf.qg- 081f5606- 3a.forwarding = 1 conf.qr- 48b0176f- f8.accept_ ra = 1 conf.qr- 48b0176f- f8.forwarding = 1 conf.qr- 769a975e- 77.accept_ ra = 1 conf.qr- 769a975e- 77.forwarding = 1
net.ipv6.
net.ipv4.
net.ipv4.
net.ipv4.
net.ipv6.
net.ipv6.
net.ipv6.
net.ipv6.
net.ipv6.
net.ipv6.
On backup: UP,LOWER_ UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 MULTICAST, UP,LOWER_ UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 3eff:fe28: e282/64 scope link MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 MULTICAST, UP,LOWER_ UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 :f816:3eff: fec4:d11d/ 64 scope global mngtmpaddr dynamic MULTICAST, UP,LOWER_ UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
1: lo: <LOOPBACK,
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2136: ha-7792fe8e-5c: <BROADCAST,
link/ether fa:16:3e:28:e2:82 brd ff:ff:ff:ff:ff:ff
inet 169.254.192.13/18 brd 169.254.255.255 scope global ha-7792fe8e-5c
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
2137: qg-081f5606-3a: <BROADCAST,
link/ether fa:16:3e:40:5a:75 brd ff:ff:ff:ff:ff:ff
2138: qr-769a975e-77: <BROADCAST,
link/ether fa:16:3e:c4:d1:1d brd ff:ff:ff:ff:ff:ff
inet6 <hidden>
valid_lft 86389sec preferred_lft 14389sec
2139: qr-48b0176f-f8: <BROADCAST,
link/ether fa:16:3e:c4:af:32 brd ff:ff:ff:ff:ff:ff
[1464972.500769] IPv6: qr-48b0176f-f8: IPv6 duplicate address fe80::f816: 3eff:fec4: af32 detected! :f816:3eff: fec4:af32 detected!
[1464988.916101] IPv6: qr-48b0176f-f8: IPv6 duplicate address <hidden>
net.ipv4. conf.all. forwarding = 1 conf.all. forwarding = 0 conf.qg- 081f5606- 3a.forwarding = 1 conf.qr- 48b0176f- f8.forwarding = 1 conf.qr- 769a975e- 77.forwarding = 1 conf.qg- 081f5606- 3a.accept_ ra = 0 conf.qg- 081f5606- 3a.forwarding = 0 conf.qr- 48b0176f- f8.accept_ ra = 1 conf.qr- 48b0176f- f8.forwarding = 0 conf.qr- 769a975e- 77.accept_ ra = 1 conf.qr- 769a975e- 77.forwarding = 0
net.ipv6.
net.ipv4.
net.ipv4.
net.ipv4.
net.ipv6.
net.ipv6.
net.ipv6.
net.ipv6.
net.ipv6.
net.ipv6.
Actions taken on backup router: conf.qr- 769a975e- 77.accept_ ra=0 conf.qr- 48b0176f- f8.accept_ ra=0 :f816:3eff: fec4:d11d/ 64 dev qr-769a975e-77
ip netns exec qrouter-<router id> sysctl -w net.ipv6.
ip netns exec qrouter-<router id> sysctl -w net.ipv6.
ip netns exec qrouter-<router id> ip addr del <hidden>
To summerize I think this is the approach needed: conf.all. forwarding needs to be 1 for master (it was 0 until fixed manually)
* net.ipv6.
* accept_ra should be 1 for master qr interfaces, 0 for qr backup interfaces
* ensure no RA is accepted, no SLAAC addresses is assigned, no fe80 link-local addresses is assigned (for interfaces that has same MAC address because being a HA router)
Best regards
Tobias