[libvirt] [PATCH v2 0/5] Prevent losing IPv6 routes due to forwarding

Yalan Zhang yalzhang at redhat.com
Thu May 11 07:18:01 UTC 2017 

Hi Cédric,

I think I find the machine with a RA route. (It is the original machine in
the first mail)

# ip a show enp0s25
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
    link/ether 00:24:7e:05:42:32 brd ff:ff:ff:ff:ff:ff
    inet 10.66.71.67/23 brd 10.66.71.255 scope global dynamic enp0s25
       valid_lft 85595sec preferred_lft 85595sec
    inet6 2620:52:0:4246:224:7eff:fe05:4232/64 scope global mngtmpaddr
dynamic
       valid_lft 2591915sec preferred_lft 604715sec
    inet6 fe80::224:7eff:fe05:4232/64 scope link
       valid_lft forever preferred_lft forever

# ip -6 r
unreachable ::/96 dev lo metric 1024  error -113
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024  error -113
unreachable 2002:a00::/24 dev lo metric 1024  error -113
unreachable 2002:7f00::/24 dev lo metric 1024  error -113
unreachable 2002:a9fe::/32 dev lo metric 1024  error -113
unreachable 2002:ac10::/28 dev lo metric 1024  error -113
unreachable 2002:c0a8::/32 dev lo metric 1024  error -113
unreachable 2002:e000::/19 dev lo metric 1024  error -113
2620:52:0:4246::/64 dev enp0s25 proto kernel metric 256  expires 2591970sec
unreachable 3ffe:ffff::/32 dev lo metric 1024  error -113
fe80::/64 dev enp0s25 proto kernel metric 256
default via fe80::26e9:b3ff:fe23:44cd dev enp0s25 proto ra metric 1024
expires 1770sec hoplimit 64
default via fe80::26e9:b3ff:fe0f:654d dev enp0s25 proto ra metric 1024
expires 1657sec hoplimit 64

I think it is because there is 2 items for the single interface enp0s25.
And I don't know why there are 2 link local address. Could you please help?
Thank you~




Best Regards,
Yalan Zhang
IRC: yalzhang
Internal phone: 8389413

On Wed, May 10, 2017 at 3:41 PM, Yalan Zhang <yalzhang at redhat.com> wrote:

> I have no RA route set.
> I will try, Thank you very much!
>
> Best Regards,
> Yalan Zhang
> IRC: yalzhang
> Internal phone: 8389413
>
> On Wed, May 10, 2017 at 3:34 PM, Cedric Bosdonnat <cbosdonnat at suse.com>
> wrote:
>
>> On Wed, 2017-05-10 at 13:30 +0800, Yalan Zhang wrote:
>> > I'm sorry that I missed the mail.
>>
>> 没关系
>>
>> > But currently I can not reproduce it.
>> > For the error by net-create, it is executed when I set accept_ra to 1.
>>
>> That sounds more normal. net-create and net-start are triggering the
>> same code in the end.
>>
>> > I have just test on libvirt-3.2.0-4.el7.x86_64, the behavior changes,
>> it seems like there is no check for accept_ra
>> > before start a network with ipv6.
>> >
>> > 1. define and start a network with ipv6 settings
>> > # virsh net-dumpxml default6
>> > <network>
>> >   <name>default6</name>
>> >   <uuid>c502d02c-fbd0-49d9-91e4-0fcf0ef159d0</uuid>
>> >   <forward mode='nat'/>
>> >   <bridge name='virbr4' stp='on' delay='0'/>
>> >   <mac address='52:54:00:04:d5:3c'/>
>> >   <ip address='192.168.10.1' netmask='255.255.255.0'>
>> >     <dhcp>
>> >       <range start='192.168.10.2' end='192.168.10.254'/>
>> >     </dhcp>
>> >   </ip>
>> >   <ip family='ipv6' address='2001:db8:ca2:2::1' prefix='64'>
>> >     <dhcp>
>> >       <range start='2001:db8:ca2:2:1::10' end='2001:db8:ca2:2:1::ff'/>
>> >     </dhcp>
>> >   </ip>
>> > </network>
>> >
>> > # cat /proc/sys/net/ipv6/conf/enp0s25/accept_ra
>> > 1
>> >
>> > # virsh net-start default6   =====> the network can start as well with
>> accept_ra=1
>> > Network default6 started
>> >
>> > It seems that the "virNetDevIPGetAcceptRA()" in patch  "network: check
>> accept_ra before enabling ipv6 forwarding"
>> > with commit 00d28a78 is not executed when I start a network. Please
>> help to check, Thank you.
>>
>> It won't complain at all if there is no RA route set on the host.
>> To reproduce, you need to setup a machine acting as an ipv6 router
>> with radvd on the guest network.
>>
>> Do you actually have an RA route for the enp0s25 device? You can check
>> it by running `ip -6 r`. These routes are indicated with 'proto ra'
>>
>> --
>> Cedric
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170511/924a8b7a/attachment-0001.htm>

More information about the libvir-list mailing list