networkd should allow configuring IPV6 MTU
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd |
Unknown
|
Unknown
|
|||
cloud-init (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bionic |
Confirmed
|
Undecided
|
Unassigned | ||
Disco |
Won't Fix
|
Undecided
|
Unassigned | ||
Eoan |
Won't Fix
|
Undecided
|
Unassigned | ||
Focal |
Confirmed
|
Undecided
|
Unassigned | ||
netplan.io (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Disco |
Fix Released
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
systemd (Ubuntu) |
Fix Released
|
Medium
|
Dan Streetman | ||
Bionic |
Fix Released
|
Undecided
|
Dan Streetman | ||
Disco |
Won't Fix
|
Undecided
|
Dan Streetman | ||
Eoan |
Fix Released
|
Undecided
|
Dan Streetman | ||
Focal |
Fix Released
|
Medium
|
Dan Streetman |
Bug Description
= netplan.io =
[Impact]
* IPv6 traffic failing to send/receive due to incompatible/low MTU setting. Specifically, IPv6 traffic may have higher MTU requirements than IPv4 traffic and thus may need to be overridden and/or set to a higher value than IPv6 traffic.
[Test Case]
* Apply a netplan configuration that specifices ipv6-mtu:
network:
version: 2
ethernets:
eth0:
dhcp4: true
dhcp6: true
ipv6-mtu: 6000
* Check that MTU bytes, is at least IPv6MTUBytes on the interface:
$ sysctl net.ipv6.
net.ipv6.
[Regression Potential]
* This is a future compatible backport of an additional keyword not used by default. It may result in MTU change to a higher value, which should not cause loss of connectivity.
[Other Info]
* Original bug report below
= end of netplan.io =
= systemd =
[Impact]
* IPv6 traffic failing to send/receive due to incompatible/low MTU setting. Specifically, IPv6 traffic may have higher MTU requirements than IPv4 traffic and thus may need to be overridden and/or set to a higher value than IPv6 traffic.
[Test Case]
* Use IPv6MTUBytes= setting in a .network unit
* Restart systemd-network
* Check that there no error messages / warnings about not-recognizing this option
* Check that MTU bytes, is at least IPv6MTUBytes on the interface
[Regression Potential]
* This is a future compatible backport of an additional keyword not used by default. It may result in MTU change to a higher value, which should not cause loss of connectivity.
[Other Info]
* Original bug report below
= end of systemd =
1) Zesty
2) systemd-232-19
3) I need to configure the IPV6 MTU for tunneling by adding an IPv6MTUBytes=1480 value in the .network file for an interface with an IPV6 static address in the [Network] section
4) networkd does not parse or read the value and does not apply this configuration to the interface.
Upstream has discussed this issue here:
https:/
But it's been closed in favor of only setting via RA.
However, we know of multiple use-case which are currently supported in
ifdupdown where we want to retain control over IPV6 MTU values outside
of PMTU Discovery configurations.
Some context from those discussions
>> Client systems that route their ipv6 packets to a 6in4 router also
>> have to have their ipv6 mtu lowered. They could lower their link mtu,
>> so their ipv6 packets are small enough, but that reduces performance
>> of their ipv4 network.
Yes. Anything that creates a PMTUD black hole can result in
situations where the higher header overhead of IPv6 will cause IPv4 to
pass but IPv6 traffic to be dropped.
One example here is egress from an ipsec tunnel wherein the next
hop MTU is too low for IPv6 datagrams to pass. Another is VM ->
whatever -> host bridge -> tunnel ingress. If the datagram cannot enter
the tunnel due to size, it is dropped, and an ICMP response uses the
tunnel address as a source, which may not be routable back to the
origin. This one is an issue with IPv4 as well, and is one case where
manually setting the IPv6 MTU lower than the (also manually set) device
MTU is of benefit.
In essence, any of these sort of cases that require an explicit
setting of the device MTU will likely require a setting of the IPv6 mtu
as well to account for its larger header overhead.
Related branches
- Server Team CI bot: Approve (continuous-integration)
- Scott Moser (community): Approve
- Chad Smith: Pending requested
-
Diff: 544 lines (+128/-134)13 files modifiedcurtin/commands/curthooks.py (+19/-5)
examples/tests/network_alias.yaml (+0/-2)
examples/tests/network_static_routes.yaml (+10/-15)
tests/vmtests/__init__.py (+20/-1)
tests/vmtests/test_network.py (+15/-11)
tests/vmtests/test_network_bonding.py (+16/-17)
tests/vmtests/test_network_bridging.py (+15/-9)
tests/vmtests/test_network_enisource.py (+2/-4)
tests/vmtests/test_network_ipv6.py (+0/-11)
tests/vmtests/test_network_ipv6_enisource.py (+3/-17)
tests/vmtests/test_network_ipv6_vlan.py (+0/-6)
tests/vmtests/test_network_mtu.py (+26/-24)
tests/vmtests/test_network_vlan.py (+2/-12)
- Server Team CI bot: Approve (continuous-integration)
- Dan Watkins (community): Approve
-
Diff: 30 lines (+0/-9)1 file modifiedtests/vmtests/test_network_mtu.py (+0/-9)
CVE References
tags: | added: zesty |
Changed in systemd (Ubuntu): | |
importance: | Undecided → Medium |
Changed in systemd (Ubuntu): | |
status: | New → Confirmed |
tags: | added: id-5a6a5c89cfbc4063786d54f6 |
tags: | added: id-5b74352f76a21f210334eafd |
Changed in cloud-init (Ubuntu): | |
status: | New → Confirmed |
Changed in cloud-init (Ubuntu Bionic): | |
status: | New → Confirmed |
Changed in systemd (Ubuntu Bionic): | |
status: | New → In Progress |
description: | updated |
tags: | added: id-5cc72cfe22e00d7a830c4ce4 |
Changed in netplan.io (Ubuntu): | |
status: | New → In Progress |
description: | updated |
tags: | added: id-5d67fe691c14484db556d212 |
Changed in systemd (Ubuntu Bionic): | |
status: | Fix Committed → In Progress |
assignee: | nobody → Balint Reczey (rbalint) |
Changed in netplan.io (Ubuntu Disco): | |
status: | New → Fix Committed |
Changed in systemd (Ubuntu Focal): | |
assignee: | nobody → Dan Streetman (ddstreet) |
status: | Fix Released → In Progress |
Changed in systemd (Ubuntu Eoan): | |
assignee: | nobody → Dan Streetman (ddstreet) |
status: | New → In Progress |
Changed in systemd (Ubuntu Disco): | |
assignee: | nobody → Dan Streetman (ddstreet) |
status: | Triaged → In Progress |
Changed in systemd (Ubuntu Bionic): | |
assignee: | Balint Reczey (rbalint) → Dan Streetman (ddstreet) |
status: | Triaged → In Progress |
Changed in netplan.io (Ubuntu Eoan): | |
status: | New → Fix Released |
tags: | added: bionic ddstreet disco eoan focal systemd |
tags: |
added: verification-done verification-done-bionic verification-done-eoan removed: verification-needed verification-needed-bionic verification-needed-eoan |
Changed in cloud-init (Ubuntu Disco): | |
status: | New → Won't Fix |
I've a build of this fix here:
https:/ /launchpad. net/~raharper/ +archive/ ubuntu/ cloud-init- dev (systemd= 232-19ubuntu3~ fixbuild1)
I've tested this minimally in a Zesty VM and it's successfully applies an IPV6MTU in addition to the device mtu (if that's also included).