Page MenuHomePhabricator
Create Task
Maniphest T336505

LVS servers using autoconf SLAAC IPv6 addresses
Closed, ResolvedPublic
Actions

Description

@ssingh recently drew my attention to the fact the IPv6 addresses he added in Netbox for some recently reimaged LVS hosts had disappeared.

This was unfortunately my fault, as the addresses were auto-generated and I recently purged all of those from Netbox. Somewhere I did know LVS was using them but it didn't spring to mind at the time.

As a reminder we usually embed the IPv4 address in the host part of the v6 address, e.g:

eno12399np0      UP             10.192.16.140/22 2620:0:860:102:10:192:16:140/64 fe80::1623:f2ff:fe4d:cd60/64

This is statically set up in /etc/network/interfaces:

iface eno12399np0 inet static
	pre-up /sbin/ip token set ::10:192:16:140 dev eno12399np0
	up ip addr add 2620:0:860:102:10:192:16:140/64 dev eno12399np0

But LVS vlan sub-interfaces are using auto generated addresses, there is no v6-specific config for them in the interfaces file:

vlan2019@enp152s0f0np0 UP             10.192.33.9/22 2620:0:860:103:262:bff:fecb:55d0/64 fe80::262:bff:fecb:55d0/64

I can see in T102099 that @BBlack seems to think it's possible to use manually configured addresses for the vlan interfaces instead. Alternatively we can change our puppetdb import script to once-again import auto-generated IPs, but I'm not sure it makes sense to have LVS as an exception to what we do elsewhere.

Related Objects

Event Timeline

cmooney triaged this task as Low priority.May 11 2023, 2:18 PM
cmooney created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 11 2023, 2:18 PM
cmooney added a subscriber: jbond.May 11 2023, 2:19 PM
cmooney added a comment.Aug 18 2023, 5:06 PM

I note also this means there are multiple default routes in place for LVS nodes, as they accept RAs from connected switches. This makes return IPv6 packets from the LVS nodes take a non-deterministic path and is probably not ideal. That says it's not been causing an issue so maybe we just leave all this and wait for the new L4LB.

cmooney@lvs1018:~$ ip -6 route show | grep ^default
default via fe80::1 dev vlan1004 proto ra metric 1024 expires 598sec hoplimit 64 pref medium
default via fe80::1 dev vlan1119 proto ra metric 1024 expires 584sec hoplimit 64 pref medium
default via fe80::1 dev vlan1020 proto ra metric 1024 expires 586sec hoplimit 64 pref medium
default via fe80::1 dev vlan1001 proto ra metric 1024 expires 576sec hoplimit 64 pref medium
default via fe80::1 dev vlan1003 proto ra metric 1024 expires 589sec hoplimit 64 pref medium
default via fe80::1 dev vlan1019 proto ra metric 1024 expires 585sec hoplimit 64 pref medium
default via fe80::1 dev vlan1002 proto ra metric 1024 expires 594sec hoplimit 64 pref medium
default via fe80::1 dev vlan1017 proto ra metric 1024 expires 589sec hoplimit 64 pref medium
default via fe80::a6e1:1a04:981:d580 dev vlan1033 proto ra metric 1024 expires 596sec hoplimit 64 pref medium
default via fe80::1 dev eno1np0 proto ra metric 1024 expires 585sec hoplimit 64 pref medium
default via fe80::a6e1:1a04:881:380 dev vlan1032 proto ra metric 1024 expires 599sec hoplimit 64 pref medium
default via fe80::a6e1:1a04:c81:5380 dev vlan1036 proto ra metric 1024 expires 589sec hoplimit 64 pref medium
default via fe80::a6e1:1a04:d81:e980 dev vlan1037 proto ra metric 1024 expires 593sec hoplimit 64 pref medium
default via fe80::a6e1:1a04:b81:9e80 dev vlan1035 proto ra metric 1024 expires 598sec hoplimit 64 pref medium
default via fe80::a6e1:1a04:781:3a80 dev vlan1031 proto ra metric 1024 expires 598sec hoplimit 64 pref medium
cmooney@lvs1018:~$
cmooney@lvs1018:~$ sudo sysctl -a | grep ipv6 | grep accept_ra\ 
sysctl: reading key "net.ipv4.tcp_min_tso_segs"
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.default.accept_ra = 1
net.ipv6.conf.eno1np0.accept_ra = 1
net.ipv6.conf.eno2np1.accept_ra = 1
net.ipv6.conf.eno3.accept_ra = 1
net.ipv6.conf.eno4.accept_ra = 1
net.ipv6.conf.enp59s0f0np0.accept_ra = 1
net.ipv6.conf.enp59s0f1np1.accept_ra = 1
net.ipv6.conf.enp94s0f0np0.accept_ra = 1
net.ipv6.conf.enp94s0f1np1.accept_ra = 1
net.ipv6.conf.lo.accept_ra = 1
net.ipv6.conf.vlan1001.accept_ra = 1
net.ipv6.conf.vlan1002.accept_ra = 1
net.ipv6.conf.vlan1003.accept_ra = 1
net.ipv6.conf.vlan1004.accept_ra = 1
net.ipv6.conf.vlan1017.accept_ra = 1
net.ipv6.conf.vlan1019.accept_ra = 1
net.ipv6.conf.vlan1020.accept_ra = 1
net.ipv6.conf.vlan1031.accept_ra = 1
net.ipv6.conf.vlan1032.accept_ra = 1
net.ipv6.conf.vlan1033.accept_ra = 1
net.ipv6.conf.vlan1035.accept_ra = 1
net.ipv6.conf.vlan1036.accept_ra = 1
net.ipv6.conf.vlan1037.accept_ra = 1
net.ipv6.conf.vlan1119.accept_ra = 1
cmooney added a comment.Sep 12 2023, 10:36 AM

I'm gonna close this, I think we can probably deal with it under T102099.

cmooney closed this task as Resolved.Sep 12 2023, 12:21 PM
cmooney claimed this task.
cmooney mentioned this in T346428: Netbox: Add support for our complex host network setups in provision script.Oct 4 2023, 12:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits