StarlingX

IPv6 is not functional on management network in duplex-direct

Bug #1836969 reported by Ghada Khalil
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Teresa Ho

Bug Description

Brief Description
-----------------
IPv6 is not functional when configured on the management interface on a duplex direct system.
Because there is no carrier on the interface in the case of duplex-direct, DAD can't complete, so the address stays in the tentative state, and cannot receive connections. That means that anything that tries connecting to the IPv6 mgmt address, including local services, will time out.

This will cause an issue with unlocking controller-0 once the interfaces are configured.

Severity
--------
Major - this precludes users from using IPv6 with duplex-direct configurations

Steps to Reproduce
------------------
Configure a duplex-direct system with IPv6

Expected Behavior
------------------
This config should work

Actual Behavior
----------------
This doesn't work. See explanation in the description.

Reproducibility
---------------
Reproducible

System Configuration
--------------------
Two node system connected as duplex-direct

Branch/Pull Time/Commit
-----------------------
Any stx load

Last Pass
---------
Never. This has always been broken.

Timestamp/Logs
--------------
Not required. Issue is reproducible.

Test Activity
-------------
Discussion with networking TL

See original description
Ghada Khalil (gkhalil)
tags: added: stx.networking
description: updated
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Marking as stx.2.0 given the interest in IPv6 deployments. A duplex-direct configuration is popular as it removes the need for L2 switches to be configured for the mgmt/cluster networks.

Changed in starlingx:
importance: Undecided → High
status: New → Triaged
tags: added: stx.2.0
Changed in starlingx:
assignee: nobody → Matt Peters (mpeters-wrs)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Assigning to Matt Peters to recommend the best approach to address this.

Revision history for this message
Matt Peters (mpeters-wrs) wrote :

The recommendation to address this issue is to disable DAD on the internal management network interface. This would involve setting the net.ipv6.conf.<interface>.accept_dad=0 for the interface as part of a pre_up configuration step.

To handle the dynamically created interfaces, an additional pre_up configuration entry will be required to first create the device. For example, in the bonding case the following pre_up entry would pre-create the interface so that the sysctl can be set for that interface.

echo +bond1 > /sys/class/net/bonding_masters

The only alternative is to patch the ifup scripts to add support for setting this specific sysctl or to create a hook to run a sysctl prior to IPv6 address creation.

Revision history for this message
Matt Peters (mpeters-wrs) wrote :

I should also note that I did investigate the option of using Optimistic Duplicate Address Detection (DAD) for IPv6 (https://tools.ietf.org/html/rfc4429). Unfortunately this was not an option it only applies to dynamically generated addresses and is ignored by statically configured addresses (Linux implements according to the spec reference https://tools.ietf.org/html/rfc4429#section-3.1).

Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: Matt Peters (mpeters-wrs) → Teresa Ho (teresaho)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Lowering the priority to Medium as this is a specific configuration for IPv6. The user can avoid this by setting up an L2 switch for their AIO-Duplex system.

Changed in starlingx:
importance: High → Medium
Revision history for this message
Ghada Khalil (gkhalil) wrote :

As per agreement with the community, moving all unresolved medium priority bugs from stx.2.0 to stx.3.0

tags: added: stx.3.0
removed: stx.2.0
Ghada Khalil (gkhalil)
Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to config (master)

Fix proposed to branch: master
Review: https://review.opendev.org/682654

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/682654
Committed: https://git.openstack.org/cgit/starlingx/config/commit/?id=d0ad539f831d9aef7a7d7d653ff0537f47264852
Submitter: Zuul
Branch: master

commit d0ad539f831d9aef7a7d7d653ff0537f47264852
Author: Teresa Ho <email address hidden>
Date: Fri Sep 13 13:33:02 2019 -0400

    Disable duplicate address detection when using duplex-direct

    In a duplex-direct configuration, the physical mgmt and cluster-host
    link on controller-0 will be down until controller-1
    comes up. In an IPv6 configuration, this results in dad not completing,
    so the addresses stay tentative.

    This commit disables duplicate address detection on the mgmt and
    cluster-host interface if the system is configured as duplex-direct.
    If the interface is a bonded interface, the interface is added to the
    bonding masters list before the DAD is disabled.

    Closes-Bug: 1836969

    Change-Id: I0e169904445db905729fce77e4afa2ba2052598b
    Signed-off-by: Teresa Ho <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.