[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v2 0/5] Prevent losing IPv6 routes due to forwarding



Hi Cédric,

I think I find the machine with a RA route. (It is the original machine in the first mail)

# ip a show enp0s25
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:24:7e:05:42:32 brd ff:ff:ff:ff:ff:ff
    inet 10.66.71.67/23 brd 10.66.71.255 scope global dynamic enp0s25
       valid_lft 85595sec preferred_lft 85595sec
    inet6 2620:52:0:4246:224:7eff:fe05:4232/64 scope global mngtmpaddr dynamic
       valid_lft 2591915sec preferred_lft 604715sec
    inet6 fe80::224:7eff:fe05:4232/64 scope link
       valid_lft forever preferred_lft forever

# ip -6 r
unreachable ::/96 dev lo metric 1024  error -113
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024  error -113
unreachable 2002:a00::/24 dev lo metric 1024  error -113
unreachable 2002:7f00::/24 dev lo metric 1024  error -113
unreachable 2002:a9fe::/32 dev lo metric 1024  error -113
unreachable 2002:ac10::/28 dev lo metric 1024  error -113
unreachable 2002:c0a8::/32 dev lo metric 1024  error -113
unreachable 2002:e000::/19 dev lo metric 1024  error -113
2620:52:0:4246::/64 dev enp0s25 proto kernel metric 256  expires 2591970sec
unreachable 3ffe:ffff::/32 dev lo metric 1024  error -113
fe80::/64 dev enp0s25 proto kernel metric 256
default via fe80::26e9:b3ff:fe23:44cd dev enp0s25 proto ra metric 1024  expires 1770sec hoplimit 64
default via fe80::26e9:b3ff:fe0f:654d dev enp0s25 proto ra metric 1024  expires 1657sec hoplimit 64

I think it is because there is 2 items for the single interface enp0s25. And I don't know why there are 2 link local address. Could you please help? Thank you~




Best Regards,
Yalan Zhang
IRC: yalzhang
Internal phone: 8389413

On Wed, May 10, 2017 at 3:41 PM, Yalan Zhang <yalzhang redhat com> wrote:
I have no RA route set.
I will try, Thank you very much!

Best Regards,
Yalan Zhang
IRC: yalzhang
Internal phone: 8389413

On Wed, May 10, 2017 at 3:34 PM, Cedric Bosdonnat <cbosdonnat suse com> wrote:
On Wed, 2017-05-10 at 13:30 +0800, Yalan Zhang wrote:
> I'm sorry that I missed the mail. 

没关系

> But currently I can not reproduce it. 
> For the error by net-create, it is executed when I set accept_ra to 1.

That sounds more normal. net-create and net-start are triggering the
same code in the end.

> I have just test on libvirt-3.2.0-4.el7.x86_64, the behavior changes, it seems like there is no check for accept_ra
> before start a network with ipv6.
>
> 1. define and start a network with ipv6 settings
> # virsh net-dumpxml default6
> <network>
>   <name>default6</name>
>   <uuid>c502d02c-fbd0-49d9-91e4-0fcf0ef159d0</uuid>
>   <forward mode='nat'/>
>   <bridge name='virbr4' stp='on' delay='0'/>
>   <mac address='52:54:00:04:d5:3c'/>
>   <ip address='192.168.10.1' netmask='255.255.255.0'>
>     <dhcp>
>       <range start='192.168.10.2' end='192.168.10.254'/>
>     </dhcp>
>   </ip>
>   <ip family='ipv6' address='2001:db8:ca2:2::1' prefix='64'>
>     <dhcp>
>       <range start='2001:db8:ca2:2:1::10' end='2001:db8:ca2:2:1::ff'/>
>     </dhcp>
>   </ip>
> </network>
>
> # cat /proc/sys/net/ipv6/conf/enp0s25/accept_ra
> 1
>
> # virsh net-start default6   =====> the network can start as well with accept_ra=1
> Network default6 started
>
> It seems that the "virNetDevIPGetAcceptRA()" in patch  "network: check accept_ra before enabling ipv6 forwarding"
> with commit 00d28a78 is not executed when I start a network. Please help to check, Thank you.

It won't complain at all if there is no RA route set on the host.
To reproduce, you need to setup a machine acting as an ipv6 router
with radvd on the guest network.

Do you actually have an RA route for the enp0s25 device? You can check
it by running `ip -6 r`. These routes are indicated with 'proto ra'

--
Cedric



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]