Networkd fail to set ip address between leases if ip address changes on UbuntuCore
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Snappy |
High
|
Michael Vogt | ||
| | systemd (Ubuntu) |
High
|
Unassigned | ||
| | Xenial |
Undecided
|
Unassigned | ||
| | Zesty |
Undecided
|
Unassigned | ||
| | Artful |
High
|
Unassigned | ||
Bug Description
[Impact]
* networkd fails to renew a lease, specifically it fails to change IPv4 address via DHCP renew/rebind.
* networkd relies on a kernel feature to promote secondary IPv4 address to primary, upon primary address lease expiry.
* this sysctl tunable was not enabled by default in systemd.
[Test Case]
Add a device, and assign two IPv4 addresses. First one, with a short lease time. Second one, with a different ip and a longer lease time. Second one should be treated as secondary ip address, and upon expiry of the first one, should be promoted and become primary ip address. The below scripted instructions simulate this:
sudo ip link add name testleases type dummy
sudo ip address add 192.0.2.10/27 dev testleases \
valid_lft 5 preferred_lft 5
sudo ip address add 192.0.2.11/27 dev testleases \
valid_lft 11 preferred_lft 11
ip address list dev testleases | \
grep -q 'inet 192.0.2.10/27 scope global dynamic testleases' \
&& echo ok || echo not ok
ip address list dev testleases | \
grep -q 'inet 192.0.2.11/27 scope global secondary dynamic testleases' \
&& echo ok || echo not ok
sleep 6
ip address list dev testleases | \
grep -q 'inet 192.0.2.11/27 scope global dynamic testleases' \
&& echo ok || echo not ok
sudo ip link del dev testleases
[Regression Potential]
* This changes the default kernel behaviour, previously upon expiry of the primary address, secondary addresses were removed as well. Which is imho silly.
* comparing networkd renewal with isc-dhcp renewal the semantics are quite different. Upon acquiring new ip address, isc-dhcp would instantly flush existing ip address, and add a new one. Networkd add the new address as secondary, and waits for old one to expire first before promoting / switching to using the new ip address. IMHO kernel should have an API to promote secondary ip address to a primary one.
* This update also applies other safe-looking options, which are currently also already applied via sysctls shipped in other packages
# Source route verification
net.ipv4.
net.ipv4.
# Do not accept source routing
net.ipv4.
net.ipv4.
# Enable hard and soft link protection
fs.protected_
fs.protected_
* This update also applies the following upstream/
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.
* [~racb] There are complex network setups out there, such as HA with corosync/pacemaker, OpenStack Neutron, and that kind of thing. If this fix were SRU'd, will all of these things in the wild cope with this sysctl change?
[Other Info]
* Original bug report
Hi there,
we found a replicable issue that involves the Ubuntu Core networking and causes complete loss of connectivity.
We run a custom board with ubuntu core: the architecure is amrhf.
We replicated this issue with an official Ubuntu Core image on a Raspberry Pi: other platform was been tested.
It shows that it is a snap core problem which interests networkd: we use the default network stack based on networkd + netplan.
Below steps to replicate the issue.
1)Setup a dhcp server for lease of about some minutes (i.e 10 minutes).
2)Boot the board and wait for get an ip from dhcp server
3)Before the lease expires, set a reservation for a different ip address
Depending on lease duration before the lease expires( for 10 minute we have 2 minutes before ), networkd configure the new address in addition to the previous one.
When the lease expire both ip address ( the prevoius and the new one ) disappear from the interested network interface.
Depending on lease duration before the second lease expires ( for 10 minure we have 2 minutes before ) networkd configure only the new ip address on the network interface and the ping toward an outside host work properly.
During the test the dhcp server records correctly leases and their duration.
We check directly from console the network interface setting with the tool ip, checking continuously the value for ip address and valid_lft fields for the interested network interface.
Please note that if the ip address setting are the same between leases the problem doesn’t jump out.
Please note that if the ip address setting are different between lease the problem jumps out and it is very bad:
Typically the lease time on consumer router are about some day, then a board that change ip between lease loses the network connectivity for some day without a direct action.
Please, after a confirmation from your side of the issue, could you fix the problem or escalate the issue at the upstream project?
We are available for further testing.
Below syslog annotated with ip address state:
Oct 4 09:48:06 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 09:49:36 2017 [v8.16.0 try http://
Oct 4 09:49:25 localhost systemd-
Oct 4 09:49:26 localhost systemd-
Oct 4 09:49:26 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
Oct 4 09:49:26 localhost systemd[1]: Started Update resolvconf for networkd DNS.
Oct 4 09:49:37 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 09:51:07 2017 [v8.16.0 try http://
Oct 4 09:51:09 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 09:52:39 2017 [v8.16.0 try http://
Oct 4 09:52:40 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 09:54:10 2017 [v8.16.0 try http://
Oct 4 09:54:11 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 09:55:41 2017 [v8.16.0 try http://
Oct 4 09:54:23 localhost systemd-
Oct 4 09:54:23 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
Oct 4 09:54:23 localhost systemd-
Oct 4 09:54:23 localhost systemd[1]: Started Update resolvconf for networkd DNS.
Oct 4 09:55:43 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 09:57:13 2017 [v8.16.0 try http://
Oct 4 09:57:14 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 09:58:44 2017 [v8.16.0 try http://
Oct 4 09:58:46 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:00:16 2017 [v8.16.0 try http://
Oct 4 10:00:17 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:01:47 2017 [v8.16.0 try http://
Oct 4 10:01:48 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:03:18 2017 [v8.16.0 try http://
Oct 4 10:03:05 localhost systemd-
Oct 4 10:03:05 localhost systemd-
Oct 4 10:03:05 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
Oct 4 10:03:05 localhost systemd[1]: Started Update resolvconf for networkd DNS.
Oct 4 10:03:15 localhost systemd-
Oct 4 10:03:16 localhost systemd-
Oct 4 10:03:20 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:04:50 2017 [v8.16.0 try http://
Oct 4 10:04:23 localhost systemd-
Oct 4 10:04:23 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
Oct 4 10:04:23 localhost systemd[1]: Started Update resolvconf for networkd DNS.
Oct 4 10:04:51 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:06:21 2017 [v8.16.0 try http://
Oct 4 10:06:23 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:07:53 2017 [v8.16.0 try http://
Oct 4 10:07:54 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:09:24 2017 [v8.16.0 try http://
Oct 4 10:09:24 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:10:54 2017 [v8.16.0 try http://
Oct 4 10:10:55 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4
10:12:25 2017 [v8.16.0 try http://
Oct 4 10:11:49 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
Oct 4 10:11:49 localhost systemd[1]: Started Update resolvconf for networkd DNS.
Oct 4 10:12:25 localhost rsyslogd-2007: action 'action 11' suspended, next retry is Wed Oct 4 10:13:55 2017 [v8.16.0 try http://
Oct 4 10:13:18 localhost systemd[1]: Started Session 23 of user domotz.
Cheers,
Nicolino
CVE References
| summary: |
- Networkd fail to set ip address between leases if ip address changes + Networkd fail to set ip address between leases if ip address changes on + UbuntuCore |
| Michael Vogt (mvo) wrote : | #1 |
| Michael Vogt (mvo) wrote : | #2 |
Some more data point are the output of "ip addr": http://
The interessting part if:
...
3: eth0: <BROADCAST,
link/ether b8:27:eb:85:3f:94 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.116/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 7sec preferred_lft 7sec
inet 192.168.1.117/24 brd 192.168.1.255 scope global secondary dynamic eth0
valid_lft 109sec preferred_lft 109sec
inet6 fe80::ba27:
valid_lft forever preferred_lft forever
...
and then
3: eth0: <BROADCAST,
link/ether b8:27:eb:85:3f:94 brd ff:ff:ff:ff:ff:ff
inet6 fe80::ba27:
valid_lft forever preferred_lft forever
| Michael Vogt (mvo) wrote : | #3 |
And the output of "ip monitor eth0": http://
...
2: eth0 inet 192.168.1.130/24 brd 192.168.1.255 scope global secondary dynamic eth0
valid_lft 120sec preferred_lft 120sec
local 192.168.1.130 table local proto kernel scope host src 192.168.1.129
Deleted 2: eth0 inet 192.168.1.130/24 brd 192.168.1.255 scope global secondary dynamic eth0
valid_lft 110sec preferred_lft 110sec
Deleted local 192.168.1.130 table local proto kernel scope host src 192.168.1.129
Deleted 2: eth0 inet 192.168.1.129/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 0sec preferred_lft 0sec
Deleted 192.168.1.0/24 proto kernel scope link src 192.168.1.129
Deleted broadcast 192.168.1.255 table local proto kernel scope link src 192.168.1.129
Deleted broadcast 192.168.1.0 table local proto kernel scope link src 192.168.1.129
Deleted local 192.168.1.129 table local proto kernel scope host src 192.168.1.129
Deleted 192.168.1.114 lladdr 00:24:7e:11:b8:aa STALE
| Michael Vogt (mvo) wrote : | #4 |
With ip monitor all: http://
| Michael Vogt (mvo) wrote : | #5 |
The output if dhclient is running with the same scenario: http://
| Michael Vogt (mvo) wrote : | #6 |
Fwiw, my current suspicion is that adding the new IP from the dhcp as a secondary IP is buggy. Secondary IPs will get removed when the kernel removes the primary IP (see kernels __inet_del_ifa() code).
| Michael Vogt (mvo) wrote : | #7 |
As a workaround for now, it looks like with: "echo 1 > /proc/sys/
| Michael Vogt (mvo) wrote : | #8 |
Or "net.ipv4.
| Michael Vogt (mvo) wrote : | #9 |
Xnox pointed out that the above net.ipv4.
| Oliver Grawert (ogra) wrote : | #10 |
Setting snappy task to fix committed, core the ships the workaround from
https:/
...until systemd grows the correct defaults via an SRU
| Changed in snappy: | |
| status: | New → Fix Committed |
| importance: | Undecided → High |
| assignee: | nobody → Michael Vogt (mvo) |
| description: | updated |
| Changed in systemd (Ubuntu Artful): | |
| status: | New → In Progress |
| importance: | Undecided → High |
| Robie Basak (racb) wrote : | #11 |
> This update also applies other safe-looking options, which are currently also already applied via sysctls shipped in other packages
SRUs are supposed to be minimal to minimise regression risk. Do you have an SRU justification for this set of changes, please? Are they related to this bug, and if not, shouldn't they be tracked in a separate bug?
| Seth Arnold (seth-arnold) wrote : | #12 |
I believe both promote_secondaries and default qdisc changes are good changes for our distribution to make.
I'd like to abstain from the judgment of making the change for existing releases via an SRU. (Be sure to make sure this change is obvious and easy to search for in package changelog please. Noting it in future release notes with statement that it has been rolled back to previous releases too would also be very kind.)
Thanks
| tags: | added: id-59de49a6bfa10c370d70d043 |
| Robie Basak (racb) wrote : | #13 |
What about server use cases that do not have networkd installed? There are complex network setups out there, such as HA with corosync/pacemaker, OpenStack Neutron, and that kind of thing. If this fix were SRU'd, will all of these things in the wild cope with this sysctl change?
Can networkd be made to work without relying on this sysctl tweak? If not, is it possible to refrain from tweaking this sysctl knob except for users affected by this bug (networkd users using DHCP)?
| description: | updated |
| Dimitri John Ledkov (xnox) wrote : Re: [Bug 1721223] Re: Networkd fail to set ip address between leases if ip address changes on UbuntuCore | #14 |
On 12 October 2017 at 17:31, Robie Basak <email address hidden> wrote:
> What about server use cases that do not have networkd installed? There
> are complex network setups out there, such as HA with
> corosync/pacemaker, OpenStack Neutron, and that kind of thing. If this
> fix were SRU'd, will all of these things in the wild cope with this
> sysctl change?
>
> Can networkd be made to work without relying on this sysctl tweak? If
No, as the alternative is what isc-dhcp /sbin/dhcp-client does that is
flush current dhcp lease IP and add a new IP, meaning that networking
is dropped =/
Which to me is horrifying.
Promotion of secondary addresses should actually reduce split-brain
situations. I don't buy the HA/Neutron argument, as in HA environment
the underlying nodes have static ip addresses and the management of
floating ip addresses is not managed by DHCP leases, given the DHCP
timings and fragility. Are you implying that HA and Neutron rely on
DHCP lease renew/rebind which can be initiated and spoofed by the
clients arbitrary?
> not, is it possible to refrain from tweaking this sysctl knob except for
> users affected by this bug (networkd users using DHCP)?
No, as that is racy.
Code wise it is a lot more risk-prone -> will require rewritting
networkd state machine.
Promoting secondary addresses has been around since 2.6.12 and I'm not
sure why that is not the default, given that if one wants to flush a
subset of ip addresses one can do so using the flush command. And
interent seems to be full of posts where people are surpised that
secondary ip addresses are removed when one removes the oldest one.
There is no kernel API to promote secondary ip address to primary; or
to have multiple primary ip addresses (such that removal / expiry of
one, doesn't affect others that happen to be from the same subnet) or
to explicitly add a secondary ip address.
--
Regards,
Dimitri.
| Robie Basak (racb) wrote : | #15 |
On Fri, Oct 13, 2017 at 01:22:23AM -0000, Dimitri John Ledkov wrote:
> > Can networkd be made to work without relying on this sysctl tweak? If
>
> No, as the alternative is what isc-dhcp /sbin/dhcp-client does that is
> flush current dhcp lease IP and add a new IP, meaning that networking
> is dropped =/
> Which to me is horrifying.
This is not an SRU justification, however, as we have been doing this
for decades and it is not a problem in practice, nor a regression from
previous releases.
> Promotion of secondary addresses should actually reduce split-brain
> situations. I don't buy the HA/Neutron argument, as in HA environment
> the underlying nodes have static ip addresses and the management of
> floating ip addresses is not managed by DHCP leases, given the DHCP
> timings and fragility. Are you implying that HA and Neutron rely on
> DHCP lease renew/rebind which can be initiated and spoofed by the
> clients arbitrary?
I think you misunderstand my concern. I'm not talking about DHCP in my
HA use case. I'm talking about whether tweaking the particular sysctl
knob will cause any adverse affects in use cases unrelated to this bug.
All use cases that do unusual things with (layer 3) network
configuration need to be considered or eliminated.
I'm not claiming any particular regression. I'm trying to identify
unknown unknowns ("Regression Potential") here which might happen as a
consequence of tweaking a global sysctl value to change behaviour for
*all* existing users and corresponding use cases in a stable release.
| Michael Vogt (mvo) wrote : | #16 |
Fwiw, I reported a RFE upstream to warn if networkd is used and promote_secondaries is unset (https:/
| Launchpad Janitor (janitor) wrote : | #17 |
This bug was fixed in the package systemd - 235-2ubuntu3
---------------
systemd (235-2ubuntu3) bionic; urgency=medium
* Revert "Skip test-bpf in autopkgtest, currently is failing."
This reverts commit 75cf986e450e062
* Fix test-bpf test case on ubuntu.
* Skip rename tests in containers, crude fix for now.
-- Dimitri John Ledkov <email address hidden> Mon, 13 Nov 2017 00:06:42 +0000
| Changed in systemd (Ubuntu): | |
| status: | In Progress → Fix Released |
| Michael Vogt (mvo) wrote : | #18 |
Fwiw, this is fixed upstream now with https:/
| Changed in systemd (Ubuntu Zesty): | |
| status: | New → Won't Fix |
| Changed in systemd (Ubuntu Xenial): | |
| status: | New → In Progress |
Hello Nicolino, or anyone else affected,
Accepted systemd into artful-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
| Changed in systemd (Ubuntu Artful): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed verification-needed-artful |
| Brian Murray (brian-murray) wrote : | #20 |
Hello Nicolino, or anyone else affected,
Accepted systemd into xenial-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
| Changed in systemd (Ubuntu Xenial): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed-xenial |
| Dimitri John Ledkov (xnox) wrote : | #21 |
Starting with ephemeral lxd container, on a system with app/promote_
root@systemd-
/proc/sys/
/proc/sys/
/proc/sys/
/proc/sys/
root@systemd-
systemd 234-2ubuntu12.1
root@systemd-
DHCP=ipv4
And DHCP on eth0 interface.
Upgraded systemd to:
root@systemd-
systemd 234-2ubuntu12.3
Observed that promote_
root@systemd-
/proc/sys/
/proc/sys/
/proc/sys/
/proc/sys/
| tags: |
added: verification-done-artful removed: verification-needed-artful |
| Dimitri John Ledkov (xnox) wrote : | #22 |
root@systemd-
systemd 229-4ubuntu21.1
Installed netplan, executed ifupdown-upgrade, rebooted:
root@systemd-
/proc/sys/
/proc/sys/
/proc/sys/
/proc/sys/
Upgraded systemd to the one in proposed:
# dpkg-query -W systemd
systemd 229-4ubuntu21.2
# grep -e 0 -e 1 /proc/sys/
/proc/sys/
/proc/sys/
/proc/sys/
/proc/sys/
Observed change in promote_secondaries for eth0 device.
Note, when not migrating to netplan, promote_secondaries remains as 0, preserving the current xenial behaviour under ifupdown.
| tags: |
added: verification-done verification-done-xenial removed: verification-needed verification-needed-xenial |
| Launchpad Janitor (janitor) wrote : | #23 |
This bug was fixed in the package systemd - 234-2ubuntu12.3
---------------
systemd (234-2ubuntu12.3) artful; urgency=medium
[ Dimitri John Ledkov ]
* Fix test-functions failing with Ubuntu units. LP: #1750608
* tests: switch to using ext4 by default, instead of ext3. LP: #1750608
* Fix kdump service not starting, due to systemd not loading dropins.
Cherrypick a fix from upstream. (LP: #1708409)
* systemd-fsckd: Fix ADT tests to work on s390x too. (LP: #1736955)
* netwokrd: add support for RequiredForOnline stanza. (LP: #1737570)
* resolved.service: set DefaultDependen
* systemd.postinst: enable persistent journal. (LP: #1618188)
* core: add support for non-writable unified cgroup hierarchy for container support.
Rebase and de-fuzz. (LP: #1734410)
* Prevent MemoryDenyWrite
CVE-2017-15908 (LP: #1725348)
* networkd: enable promote_secondaries on networkd managed dhcp links.
This fixes failing to renew DHCP lease, on networkd managed devices.
(LP: #1721223)
[ Kleber Sacilotto de Souza ]
* systemd-rfkill service times out when a new rfkill device is added
- rfkill-
udev_
check the device received from udev monitor instead.
- rfkill-
-- Dimitri John Ledkov <email address hidden> Tue, 20 Feb 2018 16:11:58 +0000
| Changed in systemd (Ubuntu Artful): | |
| status: | Fix Committed → Fix Released |
The verification of the Stable Release Update for systemd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
| Launchpad Janitor (janitor) wrote : | #25 |
This bug was fixed in the package systemd - 229-4ubuntu21.2
---------------
systemd (229-4ubuntu21.2) xenial; urgency=medium
[ Dimitri John Ledkov ]
* udev: Mark ndb devices as inactive until connected. (LP: #696435)
* networkd: in dhcp, change UseMTU default to true, to accept DHCP provided MTU by default.
(LP: #1717471)
* sysctl: apply parameters in-order, instead of randomly. (LP: #1718444)
* networkd: apply promote_
(LP: #1721223)
* shutdown: sync filesystems, before going into a killing spree.
(LP: #1722481)
* sysctl: do not fail, when cannot apply sysctl changes due to read-only sysfs in containers.
(LP: #1734409)
* networkd,
(LP: #1737570)
[ David Glasser ]
* journald: don't reduce BurstRateLimit on low disk space (LP: #1732803)
-- Dimitri John Ledkov <email address hidden> Wed, 21 Feb 2018 13:46:37 +0000
| Changed in systemd (Ubuntu Xenial): | |
| status: | Fix Committed → Fix Released |
| Cash App (cashapp) wrote : | #34 |
Want a seamless website to transfer money through mobile. You can also visit at: https:/
I spend a bit of time debugging this with xnox. Here some of the results:
# How to reproduce:
I setup a isc-dhcp-server with a fixed IP for my test rpi2 set to default/max lifetime of 120sec. The rpi2 was connected to the network with the isc-dhcp-server but unmodified otherwise. Once the pi2 connected and got an IP I switched the default IP to +1 and reloaded the isc-dhcp-server configuration. When the lease expired I could see the same as the OP - i.e. both IPs got removed.
# Related upstream bugs:
The patch from https:/
# Log
The full log of systemd-networkd is available here: http://
The relevant lines:
Mar 14 21:02:52 localhost.
Mar 14 21:02:52 localhost.
Mar 14 21:02:52 localhost.
Mar 14 21:02:52 localhost.
Mar 14 21:02:52 localhost.
Mar 14 21:02:56 localhost.
Mar 14 21:03:00 localhost.
Mar 14 21:03:04 localhost.
Mar 14 21:03:22 localhost.
Mar 14 21:03:51 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.
Mar 14 21:04:36 localhost.