Re: IPv6 broken on Fedora 20?
On Thu, Dec 19, 2013 at 07:14:24PM +0100, Hannes Frederic Sowa wrote: Once you're doing that, it's probably easier to handle L=1 by simply adding the on-link route directly, rather than adding the address as a /64 and relying on the kernel to add the route for you. The two should result in the same functionality, though, so I'm don't really understand what's actually broken here. I guess it breaks generation of privacy addresses. It also had some affect of anycast address generation. But you are right, essentially it should work but some assumptions were made in the kernel which should have been checked first. I guess they're switching back to 64 while suppressing automatically addding prefix routes: http://patchwork.ozlabs.org/patch/307389/ This feature should also be available in iproute then. Greetings, Hannes
Re: IPv6 broken on Fedora 20?
On Tue, Jan 07, 2014 at 12:42:43PM +0100, Tore Anderson wrote: * Hannes Frederic Sowa It also had some affect of anycast address generation. But you are right, essentially it should work but some assumptions were made in the kernel which should have been checked first. I guess they're switching back to 64 while suppressing automatically addding prefix routes: http://patchwork.ozlabs.org/patch/307389/ This feature should also be available in iproute then. Could you elaborate on the anycast address generation problem? Kernel did also install an subnet-all-router anycast address if the prefixlen was 128. If you have NM and also e.g. libvirt, which may enable ipv6 forwarding, the same /128 got installed as an anycast address (see /proc/net/anycast6). I did not see any breakage, but it could defer ndisc responses. Reason I'm asking is that even though the patch you linked to allow NM to return to adding /64s in the case of SLAAC, there's still DHCPv6 IA_NA which are always /128, yet possibly in combination with arbitrary prefix length onlink routes (if PIO exists in RA with A=0, L=1). I'm thinking that perhaps this anycast address generation problem could be present in that case too? Yes it is and I fixed that yesterday. I guess, I should ask that the patch should be pushed to stable. Greetings, Hannes
Re: IPv6 broken on Fedora 20?
On Tue, Jan 07, 2014 at 12:49:15PM +0100, Hannes Frederic Sowa wrote: Yes it is and I fixed that yesterday. I guess, I should ask that the patch should be pushed to stable. Sorry, forgot the link: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=88ad31491e21f5dec347911d9804c673af414a09 Greetings, Hannes
Re: IPv6 broken on Fedora 20?
I am using Fedora 20 but not with SLAAC, sorry. - Jared On Dec 19, 2013, at 11:09 AM, Simon Perreault simon.perrea...@viagenie.ca wrote: Is there any other Fedora user on this list that could confirm this? I filed a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=1045118 Thanks, Simon -- DTN made easy, lean, and smart -- http://postellation.viagenie.ca NAT64/DNS64 open-source-- http://ecdysis.viagenie.ca STUN/TURN server -- http://numb.viagenie.ca
IPv6 broken on Fedora 20?
Is there any other Fedora user on this list that could confirm this? I filed a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=1045118 Thanks, Simon -- DTN made easy, lean, and smart -- http://postellation.viagenie.ca NAT64/DNS64 open-source-- http://ecdysis.viagenie.ca STUN/TURN server -- http://numb.viagenie.ca
Re: IPv6 broken on Fedora 20?
On 2013-12-19 17:09 , Simon Perreault wrote: Is there any other Fedora user on this list that could confirm this? I filed a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=1045118 net.ipv6.conf.em1.accept_ra = 0 How do you expect that to work? Change to either 1 or 2 (in case you want forwarding enabled but accept RA nevertheless). Greets, Jeroen
Re: IPv6 broken on Fedora 20?
Le 2013-12-19 11:16, Jeroen Massar a écrit : On 2013-12-19 17:09 , Simon Perreault wrote: Is there any other Fedora user on this list that could confirm this? I filed a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=1045118 net.ipv6.conf.em1.accept_ra = 0 How do you expect that to work? NetworkManager is supposed to adjust the kernel parameters to something that works. I, the dumb user, am just supposed to click on buttons. If I disable NetworkManager and just do it manually, everything works. It's not the kernel that's broken, obviously. Simon -- DTN made easy, lean, and smart -- http://postellation.viagenie.ca NAT64/DNS64 open-source-- http://ecdysis.viagenie.ca STUN/TURN server -- http://numb.viagenie.ca
RE: IPv6 broken on Fedora 20?
Hi, I ended up on this listserve by mistake. Will someone please remove me? Thanks. -Original Message- From: ipv6-ops-bounces+jmcknight=warren-news@lists.cluenet.de [mailto:ipv6-ops-bounces+jmcknight=warren-news@lists.cluenet.de] On Behalf Of Simon Perreault Sent: Thursday, December 19, 2013 11:29 AM To: Jeroen Massar; IPv6 Ops list Subject: Re: IPv6 broken on Fedora 20? Le 2013-12-19 11:16, Jeroen Massar a écrit : On 2013-12-19 17:09 , Simon Perreault wrote: Is there any other Fedora user on this list that could confirm this? I filed a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=1045118 net.ipv6.conf.em1.accept_ra = 0 How do you expect that to work? NetworkManager is supposed to adjust the kernel parameters to something that works. I, the dumb user, am just supposed to click on buttons. If I disable NetworkManager and just do it manually, everything works. It's not the kernel that's broken, obviously. Simon -- DTN made easy, lean, and smart -- http://postellation.viagenie.ca NAT64/DNS64 open-source-- http://ecdysis.viagenie.ca STUN/TURN server -- http://numb.viagenie.ca
How to unsubscribe from ipv6-ops (Was: IPv6 broken on Fedora 20?)
On 2013-12-19 17:30 , McKnight, Joe wrote: Hi, I ended up on this listserve by mistake. Will someone please remove me? If you don't know how to unsubscribe from mailinglists you indeed do not belong here. From the email-headers: List-Id: IPv6 operators forum ipv6-ops.lists.cluenet.de List-Unsubscribe: http://lists.cluenet.de/mailman/listinfo/ipv6-ops, mailto:ipv6-ops-requ...@lists.cluenet.de?subject=unsubscribe List-Archive: http://lists.cluenet.de/pipermail/ipv6-ops List-Post: mailto:ipv6-ops@lists.cluenet.de List-Help: mailto:ipv6-ops-requ...@lists.cluenet.de?subject=help List-Subscribe: http://lists.cluenet.de/mailman/listinfo/ipv6-ops, mailto:ipv6-ops-requ...@lists.cluenet.de?subject=subscribe That is standardized in RFC2369 btw. Greets, Jeroen
Re: IPv6 broken on Fedora 20?
On Thu, Dec 19, 2013 at 11:30:42AM -0500, Simon Perreault wrote: Le 2013-12-19 11:22, Hannes Frederic Sowa a écrit : NM has a user-space RA listener. Any pointers to documentation? I'm trying to investigate... I guess that is a bug and there is no documentation on it yet. ;) One could check git commits between latest fedora 19 and current f20 release point.
Re: IPv6 broken on Fedora 20?
On Fri, 20 Dec 2013, Lorenzo Colitti wrote: Sigh. Why do we keep reinventing the wheel? What was wrong with the in-kernel RA implementation? If you want to support other ND/RA functionality than the kernel supports, this is a good idea. Personally I think having ND processing built into the kernel is a mistake. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: IPv6 broken on Fedora 20?
Thus wrote Hannes Frederic Sowa (han...@stressinduktion.org): The kernel should install the IPv6 address with /64 prefixlen without also installing a prefix route for that subnet. Currently the kernel does this automatically. Thereby negating the point of netmasks, wouldn't it? regards, spz -- s...@serpens.de (S.P.Zeidler)
Re: IPv6 broken on Fedora 20?
Similar NM wonkiness going on in Ubuntu. https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1176415 Regards, Jason On Thu, Dec 19, 2013 at 10:14 AM, Hannes Frederic Sowa han...@stressinduktion.org wrote: On Thu, Dec 19, 2013 at 06:59:56PM +0100, Tore Anderson wrote: * Hannes Frederic Sowa The kernel should install the IPv6 address with /64 prefixlen without also installing a prefix route for that subnet. Currently the kernel does this automatically. I don't think you can do that from user-space. If you add a /64 (any /128 really), you automatically get a on-link route too. At least I cannot spot how to do it in ip-address(8). So the only way to deal with the L=0 case when doing RA-processing in user-space is to add the address as a /128. Since the current kernel has extended ifa_flags to 32 bit it is now very straightforward and easy to add such functionality (this was done for NM correctly supporting privacy addresses). I already had this on my todo list for some time but did not get to it. I still have to review how address and prefix route deletion should happen if this feature gets introduced. Once you're doing that, it's probably easier to handle L=1 by simply adding the on-link route directly, rather than adding the address as a /64 and relying on the kernel to add the route for you. The two should result in the same functionality, though, so I'm don't really understand what's actually broken here. I guess it breaks generation of privacy addresses. But you are right, essentially it should work but some assumptions were made in the kernel which should have been checked first. Greetings, Hannes
Re: IPv6 broken on Fedora 20?
On Thu, Dec 19, 2013 at 06:46:52PM +0100, Gert Doering wrote: Hi, On Fri, Dec 20, 2013 at 01:28:20AM +0900, Lorenzo Colitti wrote: Sigh. Why do we keep reinventing the wheel? What was wrong with the in-kernel RA implementation? On Linux, enough. Like, not noticing when you change networks, and instead of flushing prefix information that is no longer valid (because you're not connected to that network anymore), blindly accumulating new prefixes for every network visited... supposedly this is for userland to notice and clean up, or so. Yes, indeed, it is designed like that and notification hooks are available to listen for such changes. Lorenzo did some work on autocleaning in the kernel IIRC. Important thing is that TCP connections don't get dropped when flushing the addresses. Seems like it was not accepted, Lorenzo?
