Bug 350041

Summary: dom0 and ipv6 autoconf conflict
Product: Red Hat Enterprise Linux 5 Reporter: Herbert Xu <herbert.xu>
Component: xenAssignee: Daniel Berrangé <berrange>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.1CC: k.georgiou, riel, tao, xen-maint
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2008-0305 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-21 15:20:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 216504    
Bug Blocks:    

Description Herbert Xu 2007-10-24 05:45:49 UTC 
+++ This bug was initially created as a clone of Bug #216504 +++

+++ This bug was initially created as a clone of Bug #200360 +++

Description of problem:

IPv6 autoconfig addresses do not work right from domain 0, since dom0 traffic
often originates from the autoconf address associated with xenbr0, which has an
essentially random MAC address.

This means that the reply packets from the other host (on the same subnet) are
not received by the network card of the system that is trying to make the
connection.

Outgoing IPv6 packets really should use the IPv6 address associated with eth0,
not peth0 or xenbr0...

-- Additional comment from herbert.xu on 2006-07-27 07:02 EST --
Hmm, I can't reproduce this.  Could you please attach the output of "ip a", "ip
-6 r", and a tcpdump of the offending traffic (plus whatever you did to generate
the traffic)?

Thanks,

-- Additional comment from riel on 2006-07-27 10:14 EST --
[riel@bree FC-5]$ /sbin/ip a
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: vif0.0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether 00:13:72:17:4a:9c brd ff:ff:ff:ff:ff:ff
    inet 10.0.13.9/24 brd 10.0.13.255 scope global eth0
    inet6 2002:425c:4d62:1:213:72ff:fe17:4a9c/64 scope global dynamic
       valid_lft 2591999sec preferred_lft 3599sec
    inet6 fe80::213:72ff:fe17:4a9c/64 scope link
       valid_lft forever preferred_lft forever
4: vif0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
5: veth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
7: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: vif0.4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: veth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: vif0.5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
13: veth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
14: vif0.6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
15: veth6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
16: vif0.7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
17: veth7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
18: peth0: <BROADCAST,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
       valid_lft forever preferred_lft forever
19: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
20: xenbr0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether 3a:1a:86:33:12:41 brd ff:ff:ff:ff:ff:ff
    inet6 2002:425c:4d62:1:1070:3aff:febb:a5eb/64 scope global deprecated dynamic
       valid_lft 2539783sec preferred_lft -48617sec
    inet6 2002:425c:4d62:1:28b9:ebff:fe78:d776/64 scope global deprecated dynamic
       valid_lft 2539410sec preferred_lft -48990sec
    inet6 2002:425c:4d62:1:81d:28ff:fe02:c4e1/64 scope global deprecated dynamic
       valid_lft 2539042sec preferred_lft -49358sec
    inet6 2002:425c:4d62:1:381a:86ff:fe33:1241/64 scope global dynamic
       valid_lft 2591999sec preferred_lft 3599sec
    inet6 2002:425c:4d62:1:b837:efff:fede:8e2c/64 scope global deprecated dynamic
       valid_lft 2533874sec preferred_lft -54526sec
    inet6 2002:425c:4d62:1:fcff:ffff:feff:ffff/64 scope global deprecated dynamic
       valid_lft 2533869sec preferred_lft -54531sec
    inet6 fe80::200:ff:fe00:0/64 scope link
       valid_lft forever preferred_lft forever
25: vif4.0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
       valid_lft forever preferred_lft forever
26: tun1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 500
    link/ether 3a:1a:86:33:12:41 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::381a:86ff:fe33:1241/64 scope link
       valid_lft forever preferred_lft forever
41: vif12.0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
       valid_lft forever preferred_lft forever
42: tun0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 500
    link/ether 4a:1a:7c:af:68:ad brd ff:ff:ff:ff:ff:ff
    inet6 fe80::481a:7cff:feaf:68ad/64 scope link
       valid_lft forever preferred_lft forever




[riel@bree FC-5]$ /sbin/ip -6 r
2002:425c:4d62:1::/64 dev xenbr0  proto kernel  metric 256  expires 2592158sec
mtu 1500 advmss 1440 metric 10 4294967295
2002:425c:4d62:1::/64 dev eth0  proto kernel  metric 256  expires 2592158sec mtu
1500 advmss 1440 metric 10 4294967295
fe80::/64 dev xenbr0  metric 256  expires 21276227sec mtu 1500 advmss 1440
metric 10 4294967295
fe80::/64 dev vif0.0  metric 256  expires 21276228sec mtu 1500 advmss 1440
metric 10 4294967295
fe80::/64 dev peth0  metric 256  expires 21276229sec mtu 1500 advmss 1440 metric
10 4294967295
fe80::/64 dev eth0  metric 256  expires 21276230sec mtu 1500 advmss 1440 metric
10 4294967295
fe80::/64 dev tun1  metric 256  expires 21276241sec mtu 1500 advmss 1440 metric
10 4294967295
fe80::/64 dev vif4.0  metric 256  expires 21276242sec mtu 1500 advmss 1440
metric 10 4294967295
fe80::/64 dev tun0  metric 256  expires 21282342sec mtu 1500 advmss 1440 metric
10 4294967295
fe80::/64 dev vif12.0  metric 256  expires 21282343sec mtu 1500 advmss 1440
metric 10 4294967295
ff00::/8 dev xenbr0  metric 256  expires 21276227sec mtu 1500 advmss 1440 metric
10 4294967295
ff00::/8 dev peth0  metric 256  expires 21276229sec mtu 1500 advmss 1440 metric
10 4294967295
ff00::/8 dev vif0.0  metric 256  expires 21276228sec mtu 1500 advmss 1440 metric
10 4294967295
ff00::/8 dev eth0  metric 256  expires 21276230sec mtu 1500 advmss 1440 metric
10 4294967295
ff00::/8 dev tun1  metric 256  expires 21276241sec mtu 1500 advmss 1440 metric
10 4294967295
ff00::/8 dev vif4.0  metric 256  expires 21276242sec mtu 1500 advmss 1440 metric
10 4294967295
ff00::/8 dev tun0  metric 256  expires 21282342sec mtu 1500 advmss 1440 metric
10 4294967295
ff00::/8 dev vif12.0  metric 256  expires 21282343sec mtu 1500 advmss 1440
metric 10 4294967295
default via fe80::250:fcff:feb0:ec43 dev xenbr0  proto kernel  metric 1024 
expires 26sec mtu 1500 advmss 1440 metric 10 64
default via fe80::250:fcff:feb0:ec43 dev eth0  proto kernel  metric 1024 
expires 26sec mtu 1500 advmss 1440 metric 10 64
unreachable default dev lo  proto none  metric -1  error -101 metric 10 255




-- Additional comment from katzj on 2006-07-27 12:37 EST --
Not a beta blocker, 

-- Additional comment from herbert.xu on 2006-07-27 20:16 EST --
OK, as a workaround you can change the Xen startup scripts to set the MTU on
xenbr0 to 68 in order to disable IPv6.  To resolve it properly we need a cleaner
way to disable IPv6 on an interface.

-- Additional comment from herbert.xu on 2006-07-27 21:43 EST --
Created an attachment (id=133212)
Disable ra on xen bridge.

Does this patch fix the problem?

-- Additional comment from herbert.xu on 2006-09-18 12:13 EST --
*** Bug 203243 has been marked as a duplicate of this bug. ***

-- Additional comment from herbert.xu on 2006-09-18 12:16 EST --
Upstream may soon allow IPv6 to be disabled before an interface is brought up. 
This should allow Xen to disable IPv6 on these interfaces properly.  Longer term
Xen should lose the loopback interface which should also fix the issue.

-- Additional comment from herbert.xu on 2006-10-05 01:32 EST --
Created an attachment (id=137801)
Disable addrconf on ~multicast interfaces.

While the IPv6 folks are working on the mechanism, we can use a simple fix for
this specific problem.	Please let me know if this patch lets you use IPv6 in
dom0.

-- Additional comment from herbert.xu on 2006-10-09 04:19 EST --
Created an attachment (id=138027)
Disable IPv6 on xen bridge interface.

Please test this patch to see whether it resolves your problem.

-- Additional comment from herbert.xu on 2006-10-30 20:18 EST --
*** Bug 212989 has been marked as a duplicate of this bug. ***

-- Additional comment from bstein on 2006-11-20 15:48 EST --
Rik - Please provide feedback on the proposed patch.

-- Additional comment from pm-rhel on 2006-11-20 16:00 EST --
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

-- Additional comment from riel on 2007-01-22 12:32 EST --
Crap.  I thought I had provided feedback on the patch, but that was the Fedora
bugzilla!

Anyway, the patch works as advertized.  I have been using it across about a
dozen reboots now and ipv6 works like it should.

Is it too late to get an exception for this bug?

-- Additional comment from herbert.xu on 2007-01-23 01:53 EST --
I haven't heard from upstream yet.  I'll ping them again.

-- Additional comment from herbert.xu on 2007-01-23 04:36 EST --
Silly me, it's already upstream.  So if this gets an exception then I'll post
the patch.

-- Additional comment from herbert.xu on 2007-01-23 19:23 EST --
Created an attachment (id=146381)
[LINUX] ipv6: Disable addrconf on Xen bridge device

The ipv6-no-autoconf patch didn't disable IPv6 addrconf completely.
This means that the Xen bridge device still interfered with normal
IPv6 operation by engaging the IPv6 network with a bogus MAC address.

For details please refer to
	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200360

The following patch completely disables IPv6 on the Xen bridge device
by temporarily setting the MTU to a value less than the minimum
allowed for IPv6.

Upstream will provide a cleaner way to disable IPv6 addrconf in
future, possibly in the form of a proc sysctl.	Of course if the Xen
loopback device is removed it would render this change unnecessary.

Signed-off-by: Herbert Xu <herbert.org.au>

This is a backport of upstream changeset 13364 minus the patch removal.

-- Additional comment from syeghiay on 2007-01-23 23:18 EST --
Brian, do you want to raise an exception for this one?
It's proposed for rhel-5.0.0 and in POST but not a blocker.
Just wondering what the plan is.

-- Additional comment from riek on 2007-01-24 00:06 EST --
Requesting exception for this bug as it will be of significant impact on our
ability to compy with the US government's mendate on IPv6

-- Additional comment from jturner on 2007-01-24 11:22 EST --
QE ack for RHEL5.

-- Additional comment from syeghiay on 2007-01-24 11:32 EST --
Exception approved for 5.0.
Please commit and build package in brew ASAP.

-- Additional comment from riel on 2007-01-24 12:05 EST --
in 3.0.3-22.el5

-- Additional comment from dmalcolm on 2007-01-25 18:13 EST --
Results of comparing
  from xen-3.0.3-21.el5
    to xen-3.0.3-22.el5
will be available at
  http://yakko.test.redhat.com/run.php?runid=13393


-- Additional comment from jturner on 2007-01-26 15:03 EST --
xen-3.0.3-22.el5 included in 20070125.0.

-- Additional comment from herbert.xu on 2007-10-24 01:41 EST --
This patch has been lost in the Xen 3.1 merge for RHEL5.1.  So we'll need to get
it reinstated.

-- Additional comment from herbert.xu on 2007-10-24 01:43 EST --
Dan, could you please take a look at this? Thanks!
Comment 1 Herbert Xu 2007-10-26 01:29:56 UTC 
*** Bug 345431 has been marked as a duplicate of this bug. ***
Comment 2 RHEL Program Management 2007-11-20 15:54:21 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 3 Daniel Berrangé 2007-12-14 01:09:38 UTC 
Patch re-added to CVS..
Comment 7 errata-xmlrpc 2008-05-21 15:20:42 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0305.html