Bug 212989

Summary: interface xenbr0 learns IPv6 address from router advertisement breaking IPv6 usability
Product: [Fedora] Fedora Reporter: Peter Bieringer <pb>
Component: kernel-xenAssignee: Herbert Xu <herbert.xu>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 6CC: bstein, pekkas, xen-maint
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-31 01:18:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Bieringer 2006-10-30 14:46:35 UTC 
Description of problem:
After booting kernel-xen, bridging interface is coming up.
Unfortunately, it learns an IPv6 address by router advertisement. This leads to
a second default route, which wins.

This now breaksIPv6 connections because wrong source address would be used and
packages never leaving the system.

Version-Release number of selected component (if applicable):
kernel-xen-2.6.18-1.2798.fc6
xen-3.0.3-0.1.rc3
How reproducible:
Always

Steps to Reproduce:
1. Boot kernel-xen
2. Wait for router advertisement
3. ping6 www.bieringer.de
  
Actual results:
Timeout, no packets are received on default gateway, but tcpdump on host shows,
that the packets are leaving...

15:21:44.628030 IP6 2001:db8:1:1:fcff:ffff:feff:ffff > 2001:a60:9002:1::182:1:
ICMP6, echo request, seq 0, length 64


Expected results:
Working

Additional info:

Interface configuration:

# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: peth0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link 
       valid_lft forever preferred_lft forever
4: vif0.0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link 
       valid_lft forever preferred_lft forever
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 
    inet6 2001:db8:1:1:201:3ff:fe01:2345/64 scope global dynamic 
       valid_lft 2676sec preferred_lft 1676sec
    inet6 fe80::201:3ff:fe01:2345/64 scope link 
       valid_lft forever preferred_lft forever
12: xenbr0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 
    inet6 2001:db8:1:1:fcff:ffff:feff:ffff/64 scope global dynamic 
       valid_lft 2676sec preferred_lft 1676sec
    inet6 fe80::200:ff:fe00:0/64 scope link 
       valid_lft forever preferred_lft forever

I see packets with tcpdump -i any 3 times, interface check shows that this
packets were seen on xenbr0, vif0.0, eth0, but not on peth0.

IPv6 firewalling is not active.

Also I do not understand why the source address of xenbr0 is now used instead of
the one from eth0.

BTW: ping6 -I eth0 www.aerasec.de
is working - strange.

# ip -6 route
unreachable ::/96 dev lo  metric 1024  expires 21331370sec error -101 mtu 16436
advmss 1220 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  expires 21331370sec error
-101 mtu 16436 advmss 1220 hoplimit 4294967295
2001:db8:1:1::/64 dev xenbr0  proto kernel  metric 256  expires 2977sec mtu 1280
advmss 1220 hoplimit 4294967295
2001:db8:1:1::/64 dev eth0  proto kernel  metric 256  expires 2977sec mtu 1280
advmss 1220 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  expires 21331370sec error -101
mtu 16436 advmss 1220 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  expires 21331370sec error -101
mtu 16436 advmss 1220 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  expires 21331370sec error -101
mtu 16436 advmss 1220 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  expires 21331370sec error -101
mtu 16436 advmss 1220 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  expires 21331370sec error -101
mtu 16436 advmss 1220 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  expires 21331370sec error -101
mtu 16436 advmss 1220 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  expires 21331370sec error -101
mtu 16436 advmss 1220 hoplimit 4294967295
fe80::/64 dev xenbr0  metric 256  expires 21331394sec mtu 1280 advmss 1220
hoplimit 4294967295
fe80::/64 dev vif0.0  metric 256  expires 21331395sec mtu 1500 advmss 1220
hoplimit 4294967295
fe80::/64 dev peth0  metric 256  expires 21331395sec mtu 1500 advmss 1220
hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 21331395sec mtu 1280 advmss 1220
hoplimit 4294967295
ff00::/8 dev xenbr0  metric 256  expires 21331394sec mtu 1280 advmss 1220
hoplimit 4294967295
ff00::/8 dev vif0.0  metric 256  expires 21331395sec mtu 1500 advmss 1220
hoplimit 4294967295
ff00::/8 dev peth0  metric 256  expires 21331395sec mtu 1500 advmss 1220
hoplimit 4294967295
ff00::/8 dev eth0  metric 256  expires 21331395sec mtu 1280 advmss 1220 hoplimit
4294967295
default via fe80::201:2ff:fe67:89ab dev xenbr0  proto kernel  metric 1024 
expires 2677sec mtu 1280 advmss 1220 hoplimit 64 <--!!!!!!!!!
default via fe80::201:2ff:fe67:99ab dev eth0  proto kernel  metric 1024  expires
2677sec mtu 1280 advmss 1220 hoplimit 64
unreachable default dev lo  proto none  metric -1  error -101 advmss 1220
hoplimit 255


# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: peth0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
3: sit0: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0
4: vif0.0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether 00:01:03:01:23:45 brd ff:ff:ff:ff:ff:ff
6: vif0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
7: veth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: xenbr0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff


# ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    inet 127.0.0.1/8 scope host lo
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    inet 192.0.2.2/24 brd 192.0.2.255 scope global eth0

Temporary workaround:
# sysctl -w net.ipv6.conf.xenbr0.accept_ra=0
# ip -6 route del default via fe80::201:2ff:fe67:89ab dev xenbr0

Now it works again.

For me it looks like there is a major design issue.
Comment 1 Peter Bieringer 2006-10-30 15:16:28 UTC 
Can it be, that following script is not IPv6-ready?
/etc/xen/scripts/network-bridge
Comment 2 Herbert Xu 2006-10-31 01:18:09 UTC 

*** This bug has been marked as a duplicate of 200360 ***