Bug 1475983

Summary:	[RFE] Please backport support for AdvRASrcAddress (selection of RA source address)
Product:	Red Hat Enterprise Linux 7	Reporter:	Robert Scheck <redhat-bugzilla>
Component:	radvd	Assignee:	Pavel Zhukov <pzhukov>
Status:	CLOSED ERRATA	QA Contact:	Ondrej Mejzlik <omejzlik>
Severity:	medium	Docs Contact:	Ioanna Gkioka <igkioka>
Priority:	medium
Version:	7.3	CC:	apmukher, o.freyermuth, omejzlik, psklenar, pzhukov, robert.scheck, salmy, thozza, wienemann
Target Milestone:	rc	Keywords:	FutureFeature, Rebase
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	radvd-2.17-3.el7	Doc Type:	Release Note
Doc Text:	radvd rebased to version 2.17 The router advertisement daemon (radvd) has been upgraded to version 2.17. The most notable change is that now radvd supports the selection of router advertisements source address. As a result, connection tracking no longer fails when the router's address is moved between hosts or firewalls.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-10-30 07:48:55 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1534569, 1549614

Description Robert Scheck 2017-07-27 17:10:09 UTC

Description of problem:
Currently the shipped radvd version does not support AdvRASrcAddress (that's
selection of RA source address). This is required for fully redundant setups,
e.g. with two routers, keepalived and VRRP while having only one client that
has 2 uplinks. A more complete description of the specific scenario is shown
at https://github.com/reubenhwk/radvd/issues/45#issuecomment-103113580 as a
visualized example.

https://github.com/robbat2/radvd/commit/9aad6f02decbb65946121aef9347c17f659124b0
is the fully working upstream implementation that was done for radvd 2.16, so
please backport it to RHEL (either the feature itself or rebase to >= 2.16).

Configuration example for /etc/radvd.conf (same file on both routers)
--- snipp ---
interface eth1
{
  AdvSendAdvert on;
  AdvRASrcAddress { fe80::1; };
  prefix 2001:db8:1::1/64 { };
  RDNSS 2001:db8:1::1 { };
};
--- snapp ---

Configuration example for /etc/keepalived/keepalived.conf (same relevant part
on both routers):
--- snipp ---
vrrp_instance VRRP_INSTANCE {
  # [...]
  virtual_ipaddress {
    2001:db8:0::1/64 dev eth1
    fe80::1/64 dev eth1
  }
  # [...]
}
--- snapp ---

What happens without this AdvRASrcAddress? The client gets two default
routes, one like fe80::router1 and one like fe80::router2. However with 
keepalived and VRRP, only one (either router1 or router2) has a globally 
routeable IPv6 address, thus the client might be "offline" depending on
the chosen default route. Playing with settings like AdvDefaultLifetime
or AdvDefaultPreference does not make sense, because they are too slow
to be useful for quick keepalived takeovers (and fallbacks).

Version-Release number of selected component (if applicable):
radvd-1.9.2-9.el7

How reproducible:
See above and below.

Actual results:
No support for AdvRASrcAddress (selection of RA source address)

Expected results:
Support for AdvRASrcAddress (selection of RA source address)

Comment 2 Robert Scheck 2017-07-27 17:12:48 UTC

Cross-filed ticket 01899369 on the Red Hat customer portal.

Comment 3 Robert Scheck 2017-07-27 17:14:43 UTC

Bah, the global unique IPv6 addresses should be indeed all exactly the same
one, my fault when obfuscating from real-world configuration...

Comment 16 Robert Scheck 2018-06-21 14:40:46 UTC

Our tests using radvd-2.17-1.el7.cs01899369.x86_64 (via GSS) looked good :)

Comment 22 errata-xmlrpc 2018-10-30 07:48:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3027