trying to bind on all interfaces is a good default, but fails on ipv6 link local

Bug #1737998 reported by Christian Ehrhardt  on 2017-12-13
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)
Undecided
Unassigned

Bug Description

The default is "grab all" which is great for convenience and can be configured to be differently by argument -I (interface) or interface commands in the config.

Currently it is "too" open on that.
I see it trying to bing link local addresses for each of the KVM guests I spawn.
They get virtual network devices and due to that ntp sees it tries to bind and fails.

   Dez 13 11:35:41 seidel ntpd[35826]: bind(31) AF_INET6 fe80::fc54:ff:fec3:3eb0%47#123 flags 0x11 failed: Cannot assign requested address
   Dez 13 11:35:41 seidel ntpd[35826]: unable to create socket on vnet0 (27) for fe80::fc54:ff:fec3:3eb0%47#123
   Dez 13 11:35:41 seidel ntpd[35826]: failed to init interface for address fe80::fc54:ff:fec3:3eb0%47

Reading more into [1] and [2] I'm not 100% if ntp just has an issue or if in general we should mask this interface type like:

interface ignore fe80::/64

[1]: https://www.eecis.udel.edu/~mills/ntp/html/miscopt.html#interface
[2]: https://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/113328-ipv6-lla.html

Ok I debugged more and it seems that the situation where i was unable to bind is the special one.
I usually got this now:
  Dec 13 15:24:31 bionic-test-kvm ntpd[6142]: Listen normally on 8 vnet0 [fe80::fc54:ff:fe46:80ed%10]:123
  Dec 13 15:24:31 bionic-test-kvm ntpd[6142]: new interface(s) found: waking up resolver

If that is the usual case I'm fine and close this bug for now.
Please note that 1727202 needs to be fixed to actually see the message.

Changed in ntp (Ubuntu):
status: New → Incomplete
Simon Déziel (sdeziel) wrote :

On a hypervisor, binding on link local IPs is undesirable IMHO and that's why I always added a similar ignore to the one you proposed. That said, NTP works well over link local addresses so some folks are probably using it.

Thanks a lot Simon for your thoughts - this is exactly what I was looking for.

"On a hypervisor, binding on link local IPs is undesirable IMHO"
Thats what I thought as well

But - if there is valid use of link locals in general - as I was unsure of and you as well suggest there might be folks doing that; then we do not want to ignore them by default.
TL;DR we better have it working for all and have those "undesired" disabling it instead of not working by default in some environments.

If more people chime in we can make an overall summary and either reopen or keep as is.
For now this stays incomplete.

Launchpad Janitor (janitor) wrote :

[Expired for ntp (Ubuntu) because there has been no activity for 60 days.]

Changed in ntp (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers