Following a request for more info during the last IRC meeting, here is some tcpdump output taken without the iptables patch present. This is taken from the backup node, performing a tcpdump in a sample tenant namespace against the qg interface as shown.
5: qg-4f76f2f2-d7@if156: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1550 qdisc noqueue state UP group default qlen 1000
link/ether fa:16:3e:23:0a:4d brd ff:ff:ff:ff:ff:ff link-netnsid 0
Whilst there is other IPv6 ICMP traffic seen, this only comes from the primary, and only from the addresses which live there. The standby interface shows no global or link local addressing.
Following a request for more info during the last IRC meeting, here is some tcpdump output taken without the iptables patch present. This is taken from the backup node, performing a tcpdump in a sample tenant namespace against the qg interface as shown.
5: qg-4f76f2f2- d7@if156: <BROADCAST, MULTICAST, UP,LOWER_ UP> mtu 1550 qdisc noqueue state UP group default qlen 1000
link/ether fa:16:3e:23:0a:4d brd ff:ff:ff:ff:ff:ff link-netnsid 0
13:16:44.642662 fa:16:3e:23:0a:4d (oui Unknown) > 33:33:00:00:00:16 (oui Unknown), ethertype IPv6 (0x86dd), length 110: :: > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
13:16:45.614658 fa:16:3e:23:0a:4d (oui Unknown) > 33:33:00:00:00:16 (oui Unknown), ethertype IPv6 (0x86dd), length 110: :: > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
Whilst there is other IPv6 ICMP traffic seen, this only comes from the primary, and only from the addresses which live there. The standby interface shows no global or link local addressing.