Bug 670465

Summary: IPv6 will break in very confusing ways after "ifdown lo" / "ifup lo"
Product: Red Hat Enterprise Linux 5 Reporter: Phil Mayers <p.mayers>
Component: initscriptsAssignee: Lukáš Nykrýn <lnykryn>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: initscripts-maint-list
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-12 09:21:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Phil Mayers 2011-01-18 11:43:24 UTC 
Description of problem:

This is a slightly odd problem, and it may just need a documentation pointer.

On Linux, IPv6 addresses are actually bound internally to the "lo" interface. This can be seen with "ip -6 route show table local":

local 2001:630:12:... via :: dev lo  proto none  metric ...

If you (erroneously?) do:

ifdown lo
ifup lo

...this kills IPv6 in a very confusing way; the (non-loopback) IPv6 addresses /128 routes are stripped off the "lo" interface and not re-added. IPv6 connectivity is broken, but:

ip addr
ifconfig
ip -6 route

...all appear to show working connectivity. The only way to fix it is a subsequent re-start of the physical interface, to re-acquire the IPv6 autoconfig addresses.

There are comments in the kernel source saying "Longer term, all of the dependencies ipv6 has upon the loopback device and it being up should be removed":

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=net/ipv6/addrconf.c;h=5b189c97c2fc16d28961955673c1fa94f3df21ad;hb=e6f597a1425b5af64917be3448b29e2d5a585ac8#l4705

...but obviously that's a (very?) long-term fix.

I'm by no means certain this is a RedHat bug, or what the fix would be if it were. Arguably it makes no sense to actually set "link down" on loopback, so maybe modify the initscripts to instead flush addresses; or print a warning as the interface goes down?

In case anyone is curious; we discovered this because we were adding /128 IPs to loopback, which are routed to the box by static routing from our network. This allows e.g. DNS & SMTP servers to be on well-known IPs that can move with the box regardless of the underlying network and anycast routed (in the traditional sense, rather than the new IPv6-specific anycast stuff)


Version-Release number of selected component (if applicable):

AFAIK all versions of RHEL and Fedora are affected.

How reproducible:

Always


Steps to Reproduce:
1. Test ipv6 connectivity is working
2. Do "ifdown lo", "ifup lo"
3. Test ipv6 connectivity is broken
  
Actual results:

IPv6 connectivity breaks when loopback interfaces goes down and is not restored when loopback comes back

Expected results:

IPv6 connectivity would only depend on the interface via which connectivity is present.

Additional info:
Comment 1 Lukáš Nykrýn 2013-03-12 09:21:05 UTC 
I am sorry, but it is now too late in the RHEL-5 release cycle.
RHEL-5.10 (the next RHEL-5 minor release) is going to be the first
production phase 2 [1] release of RHEL-5. Since phase 2 we'll be
addressing only security and critical issues.

[1] https://access.redhat.com/support/policy/updates/errata/