Page MenuHomePhabricator
Create Task
Maniphest T277287

cloudgw: IPv6 issue in the control plane network
Closed, ResolvedPublic
Actions

Description

There seems to be some kind of IPv6 issue. The default IPv6 route is not correctly installed on cloudgw devices.

Details

SubjectRepoBranchLines +/-
openstack: neutron: l3_agent: don't sysctl base interfaceoperations/puppetproduction+1 -3
cloudgw: adjust sysctl parameters that are only meant for dataplaneoperations/puppetproduction+18 -11
interface: add_ip6_mapped: ignore errors setting IPv6 tokenoperations/puppetproduction+1 -1
cloudgw: add standard mapped IPv6 addresses to the primary interfacesoperations/puppetproduction+1 -29
cloudgw: separate dataplane network configuration into a different fileoperations/puppetproduction+5 -19
Customize query in gerrit

Related Objects
Search...

Event Timeline

aborrero triaged this task as Medium priority.Mar 12 2021, 12:53 PM
aborrero created this task.
gerritbot added a comment.Mar 15 2021, 10:19 AM

Change 672360 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] cloudgw: separate dataplane network configuration into a different file

https://gerrit.wikimedia.org/r/672360

gerritbot added a project: Patch-For-Review.Mar 15 2021, 10:19 AM
gerritbot added a comment.Mar 15 2021, 10:24 AM

Change 672360 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] cloudgw: separate dataplane network configuration into a different file

https://gerrit.wikimedia.org/r/672360

gerritbot added a comment.Mar 15 2021, 10:32 AM

Change 672364 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] cloudgw: add standard mapped IPv6 addresses to the primary interfaces

https://gerrit.wikimedia.org/r/672364

gerritbot added a comment.Mar 15 2021, 10:41 AM

Change 672364 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] cloudgw: add standard mapped IPv6 addresses to the primary interfaces

https://gerrit.wikimedia.org/r/672364

Maintenance_bot removed a project: Patch-For-Review.Mar 15 2021, 11:11 AM
ops-monitoring-bot added a comment.Mar 15 2021, 11:13 AM

Script wmf-auto-reimage was launched by aborrero on cumin2001.codfw.wmnet for hosts:

cloudgw2002-dev.codfw.wmnet

The log can be found in /var/log/wmf-auto-reimage/202103151113_aborrero_5420_cloudgw2002-dev_codfw_wmnet.log.

ops-monitoring-bot added a comment.Mar 15 2021, 11:46 AM

Completed auto-reimage of hosts:

['cloudgw2002-dev.codfw.wmnet']

Of which those FAILED:

['cloudgw2002-dev.codfw.wmnet']
gerritbot added a comment.Mar 15 2021, 12:02 PM

Change 672379 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] interface: add_ip6_mapped: ignore errors setting IPv6 token

https://gerrit.wikimedia.org/r/672379

gerritbot added a project: Patch-For-Review.Mar 15 2021, 12:02 PM
gerritbot added a comment.Mar 15 2021, 12:22 PM

Change 672382 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] cloudgw: adjust sysctl parameters that are only meant for dataplane

https://gerrit.wikimedia.org/r/672382

gerritbot added a comment.Mar 15 2021, 12:23 PM

Change 672379 abandoned by Arturo Borrero Gonzalez:
[operations/puppet@production] interface: add_ip6_mapped: ignore errors setting IPv6 token

Reason:
Real issue solved on https://gerrit.wikimedia.org/r/c/operations/puppet/ /672382

https://gerrit.wikimedia.org/r/672379

gerritbot added a comment.Mar 15 2021, 12:33 PM

Change 672382 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] cloudgw: adjust sysctl parameters that are only meant for dataplane

https://gerrit.wikimedia.org/r/672382

aborrero closed this task as Resolved.EditedMar 15 2021, 12:51 PM

This was a bad interaction between sysctl parameters and IPv6 configuration.

Per kernel source code, when IPv6 token is configured, forwarding and accept_ra settings are checked for sanity:

image.png (306×770 px, 56 KB)

image.png (156×753 px, 32 KB)

root@cloudgw2002-dev:~# /sbin/ip -6 token set ::10:192:20:18 dev eno1
RTNETLINK answers: Invalid argument
root@cloudgw2002-dev:~# sysctl -a | grep accept_ra
[..]
net.ipv6.conf.eno1.accept_ra = 1
root@cloudgw2002-dev:~# sysctl net.ipv6.conf.eno1.accept_ra=2
net.ipv6.conf.eno1.accept_ra = 2
root@cloudgw2002-dev:~# /sbin/ip token set ::10:192:20:18 dev eno1

We don't need (or want) network forwarding on the control plane interface, so the fix in this case was to adjust sysctl parameters to only include forwarding (and others) for data plane interfaces.

Maintenance_bot removed a project: Patch-For-Review.Mar 15 2021, 1:10 PM
ops-monitoring-bot added a comment.Mar 15 2021, 2:58 PM

Script wmf-auto-reimage was launched by aborrero on cumin2001.codfw.wmnet for hosts:

cloudgw2002-dev.codfw.wmnet

The log can be found in /var/log/wmf-auto-reimage/202103151458_aborrero_14130_cloudgw2002-dev_codfw_wmnet.log.

ops-monitoring-bot added a comment.Mar 15 2021, 2:59 PM

Script wmf-auto-reimage was launched by aborrero on cumin2001.codfw.wmnet for hosts:

cloudgw2001-dev.codfw.wmnet

The log can be found in /var/log/wmf-auto-reimage/202103151459_aborrero_14565_cloudgw2001-dev_codfw_wmnet.log.

ops-monitoring-bot added a comment.Mar 15 2021, 3:24 PM

Completed auto-reimage of hosts:

['cloudgw2002-dev.codfw.wmnet']

and were ALL successful.

ops-monitoring-bot added a comment.Mar 15 2021, 3:43 PM

Completed auto-reimage of hosts:

['cloudgw2001-dev.codfw.wmnet']

and were ALL successful.

gerritbot added a comment.Sep 29 2022, 9:25 AM

Change 836732 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] openstack: neutron: l3_agent: don't sysctl base interface

https://gerrit.wikimedia.org/r/836732

gerritbot added a project: Patch-For-Review.Sep 29 2022, 9:25 AM
gerritbot added a comment.Sep 29 2022, 9:30 AM

Change 836732 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] openstack: neutron: l3_agent: don't sysctl base interface

https://gerrit.wikimedia.org/r/836732

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL