Page MenuHomePhabricator
Create Task
Maniphest T374716

cloudgw: add support and enable IPv6
Closed, ResolvedPublic
Actions

Description

Add support and enable IPv6 on cloudgw.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
cloudgw: refresh forwarding firewall to accomodate for IPv6operations/puppetproduction+10 -2
cloudgw: set IPv6 forwarding in all interfacesoperations/puppetproduction+14 -7
cloudgw: fix IPv6 settingsoperations/puppetproduction+0 -28
cloudgw: add IPv6 supportoperations/puppetproduction+66 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

aborrero created this task.Sep 13 2024, 12:55 PM
Restricted Application removed a subscriber: taavi. · View Herald TranscriptSep 13 2024, 12:55 PM
aborrero added a subtask: T374713: cloudsw: codfw: enable IPv6.Sep 13 2024, 12:56 PM
aborrero mentioned this in T245495: CloudVPS: IPv6 in codfw1dev.
aborrero moved this task from Backlog to Next on the User-aborrero board.Sep 16 2024, 11:20 AM
aborrero triaged this task as Medium priority.Sep 18 2024, 2:07 PM
ayounsi moved this task from Backlog to Watching on the netops board.Sep 24 2024, 1:56 PM
taavi added a project: Cloud-VPS.Sep 28 2024, 11:33 AM
taavi moved this task from Unsorted to Network on the Cloud-VPS board.
aborrero mentioned this in T375847: openstack: initial IPv6 support in neutron.Oct 2 2024, 12:44 PM
gerritbot added a comment.Oct 3 2024, 1:09 PM

Change #1077712 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: add wan IPv6 support

https://gerrit.wikimedia.org/r/1077712

gerritbot added a project: Patch-For-Review.Oct 3 2024, 1:09 PM
aborrero moved this task from Next to Doing on the User-aborrero board.Oct 7 2024, 10:12 AM
aborrero moved this task from Doing to Blocked/waiting on the User-aborrero board.Oct 7 2024, 10:15 AM
gerritbot added a comment.Oct 10 2024, 9:14 AM

Change #1077712 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: add IPv6 support

https://gerrit.wikimedia.org/r/1077712

Stashbot added a comment.Oct 10 2024, 9:19 AM

Mentioned in SAL (#wikimedia-cloud) [2024-10-10T09:19:52Z] <arturo> [codfw1dev] enable IPv6 on cloudgw (T374716)

Maintenance_bot removed a project: Patch-For-Review.Oct 10 2024, 9:30 AM
aborrero closed subtask T376879: keepalived: it doesn't support mixing IPv4 and IPv6 VIPs on the same VRRP instance as Resolved.Oct 10 2024, 10:25 AM
aborrero reopened subtask T376879: keepalived: it doesn't support mixing IPv4 and IPv6 VIPs on the same VRRP instance as In Progress.Oct 10 2024, 10:48 AM
cmooney closed subtask T374713: cloudsw: codfw: enable IPv6 as Resolved.Oct 10 2024, 1:45 PM
gerritbot added a comment.Oct 11 2024, 8:38 AM

Change #1079449 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: don't enable sysctl rp_filter for IPv6

https://gerrit.wikimedia.org/r/1079449

gerritbot added a project: Patch-For-Review.Oct 11 2024, 8:38 AM
gerritbot added a comment.Oct 11 2024, 9:51 AM

Change #1079449 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: fix IPv6 settings

https://gerrit.wikimedia.org/r/1079449

Maintenance_bot removed a project: Patch-For-Review.Oct 11 2024, 10:30 AM
aborrero closed subtask T376879: keepalived: it doesn't support mixing IPv4 and IPv6 VIPs on the same VRRP instance as Resolved.Oct 11 2024, 11:26 AM
gerritbot added a comment.Oct 11 2024, 12:42 PM

Change #1079508 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: set IPv6 forwarding in all interfaces

https://gerrit.wikimedia.org/r/1079508

gerritbot added a project: Patch-For-Review.Oct 11 2024, 12:42 PM
gerritbot added a comment.Oct 11 2024, 1:17 PM

Change #1079515 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] cloudgw: refresh forwarding firewall to accomodate for IPv6

https://gerrit.wikimedia.org/r/1079515

gerritbot added a comment.Oct 11 2024, 3:11 PM

Change #1079508 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: set IPv6 forwarding in all interfaces

https://gerrit.wikimedia.org/r/1079508

gerritbot added a comment.Oct 11 2024, 3:23 PM

Change #1079515 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] cloudgw: refresh forwarding firewall to accomodate for IPv6

https://gerrit.wikimedia.org/r/1079515

Maintenance_bot removed a project: Patch-For-Review.Oct 11 2024, 3:30 PM
Stashbot added a comment.Oct 11 2024, 3:31 PM

Mentioned in SAL (#wikimedia-cloud) [2024-10-11T15:31:37Z] <arturo> cloudgw maintenance firewall change T374716

cmooney added a comment.Oct 12 2024, 4:06 PM

FWIW I was curious about the setting so I labbed this up, and got the exact same results (on vrf-enabled interfaces and without).

net.ipv6.conf.all.forwarding must be set to 1 for forwarding to work for IPv6. This is not the case for IPv4, where it can be set on a per-interface basis. Some docs I found that seem to confirm this here:

https://linux.die.net/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html

Also when setting the 'all' setting on it switches on all the various interface-specific toggles. I found if even I disabled ipv6 forwarding for a given interface after this (i.e. net.ipv6.conf.eth0.forwarding = 0) the system still forwards on that interface. So it seems the 'all' sysctl controls v6 forwarding for everything, and the per-interface controls are basically useless (carry over from v4 which maybe shouldn't be there?)

hashar mentioned this in T218783: `scap clean` failure: SSH Too many authentication failures: 7.Oct 16 2024, 9:01 AM
aborrero closed this task as Resolved.Oct 16 2024, 2:48 PM

We got it all working on 2024-10-11.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits