1191247 – [RFE] make use of DAD in rgmanager IPv6 for duplicate check

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1191247 - [RFE] make use of DAD in rgmanager IPv6 for duplicate check

Summary: [RFE] make use of DAD in rgmanager IPv6 for duplicate check

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	resource-agents
Sub Component:
Version:	6.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Oyvind Albrigtsen
QA Contact:	cluster-qe@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1172231 1271835 1276698 1276699
TreeView+	depends on / blocked

Reported:	2015-02-10 20:14 UTC by Cedric Buissart
Modified:	2020-04-15 14:11 UTC (History)
CC List:	7 users (show)
Fixed In Version:	resource-agents-3.9.5-26.el6
Doc Type:	Enhancement
Doc Text:
Clone Of:
Clones:	1276698 (view as bug list)
Environment:
Last Closed:	2016-05-10 19:13:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Working patch (5.13 KB, patch) 2015-10-15 14:04 UTC, Oyvind Albrigtsen	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0735	0	normal	SHIPPED_LIVE	resource-agents bug fix and enhancement update	2016-05-10 22:28:24 UTC

Description Cedric Buissart 2015-02-10 20:14:04 UTC

Description :

Currently, rgmanager's ipv6 resource does a duplicate check via a ping that lasts 2 seconds.

However, IPv6 comes with a built-in duplicate address detection (DAD), which starts automatically when the address is set.

The idea of the RFE would be to replace the 2 second check by an efficient use of DAD.

Benefits :
- if the ping does not correctly find out the existence of a dupicate (e.g. ping reply disable), the resource will start successfully, but the address will remain unusable until the duplicate disapears. Thus, in theory, relying on IPv6's own DAD should be safer
- the ping can be removed, the resource will gain 2 seconds of start up time (note: even in present state, we need for DAD to finish before using the send_ua helper)
- DAD can be tuned as user's will via procfs


Additional info:

The idea would be to replace the ping by this kind of algorithm :

ip address address
while IP has tag 'tentative' ; do sleep ; done
if IP does not exist ; 
  exit FAIL
fi
if IP has tag 'dadfailed' 
   ip address remove
   exit FAIL
fi
send_ua

Comment 3 Cedric Buissart 2015-03-06 21:09:41 UTC

Hi David,

This seems to work fine so far :

https://github.com/cedricbu/resource-agents/blob/cedric_rgmanager_ipv6_dad/rgmanager/src/resources/ip.sh

I removed the ping. Upon adding the address, the code waits until DAD is done. It will remove the IPv6 address if there is a duplicate found, otherwise it will go one with send_ua.

Any chance we will include this ? or it is too much changes for too little gain ?

Note : in the current state, there is still the possibility that the address already exists somewhere but does not answer to ping. In that case, the duplicate wont be detected and the resource will probably successfully start, but the address will not work.

Cedric

Comment 6 Oyvind Albrigtsen 2015-10-15 14:04:29 UTC

Created attachment 1083270 [details]
Working patch

Comment 7 Oyvind Albrigtsen 2015-10-15 14:06:45 UTC

Tested with working IPv6-address, and with IPv6-address that collided with an existing one, and it worked as expected.

The working patch has been attached.

Comment 8 Oyvind Albrigtsen 2015-10-28 14:35:36 UTC

After upgrade it doesnt Ping, so the Pinging line isnt shown there, and DAD is added to the "address collision" line

Before:
# rpm -q resource-agents
resource-agents-3.9.5-24.el6.x86_64

# tail -f /var/log/cluster/rgmanager.log
Oct 28 15:21:39 rgmanager Starting disabled service service:ip
Oct 28 15:21:39 rgmanager [ip] Link for eth0: Detected
Oct 28 15:21:39 rgmanager [ip] Adding IPv6 address XXXX:40:15:7::10/64 to eth0
Oct 28 15:21:39 rgmanager [ip] Pinging addr XXXX:40:15:7::10 from dev eth0
Oct 28 15:21:39 rgmanager [ip] IPv6 address collision  XXXX:40:15:7::10
Oct 28 15:21:39 rgmanager start on ip "XXXX:40:15:7::10/64" returned 1 (generic error)
Oct 28 15:21:39 rgmanager #68: Failed to start service:ip; return value: 1
Oct 28 15:21:39 rgmanager Stopping failed service service:ip

After:
# rpm -q resource-agents
resource-agents-3.9.5-26.el6.x86_64

# tail -f /var/log/cluster/rgmanager.log
Oct 28 15:24:13 rgmanager Starting disabled service service:ip
Oct 28 15:24:13 rgmanager [ip] Link for eth0: Detected
Oct 28 15:24:13 rgmanager [ip] Adding IPv6 address XXXX:40:15:7::10/64 to eth0
Oct 28 15:24:14 rgmanager [ip] IPv6 address collision XXXX:40:15:7::10 [DAD]
Oct 28 15:24:14 rgmanager start on ip "XXXX:40:15:7::10/64" returned 1 (generic error)
Oct 28 15:24:14 rgmanager #68: Failed to start service:ip; return value: 1
Oct 28 15:24:14 rgmanager Stopping failed service service:ip

Comment 10 michal novacek 2016-03-30 09:15:31 UTC

I have verified that duplicate ipv6 address is correctly recognized using DAD
instead of ping in resource-agents-3.9.5-34.el6.x86_64

----

# ping6 -c 2 2620:52:0:2246:1800:ff:fe00:93
PING 2620:52:0:2246:1800:ff:fe00:93(2620:52:0:2246:1800:ff:fe00:93) 56 data bytes
64 bytes from 2620:52:0:2246:1800:ff:fe00:93: icmp_seq=1 ttl=64 time=0.352 ms
64 bytes from 2620:52:0:2246:1800:ff:fe00:93: icmp_seq=2 ttl=64 time=0.522 ms

--- 2620:52:0:2246:1800:ff:fe00:93 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1925ms
rtt min/avg/max/mdev = 0.352/0.437/0.522/0.085 ms

# ccs -h virt-146 --lsnodes
virt-146.cluster-qe.lab.eng.brq.redhat.com: votes=1, nodeid=1
virt-147.cluster-qe.lab.eng.brq.redhat.com: votes=1, nodeid=2

# ccs -h virt-146 --addresource ip address=2620:52:0:2246:1800:ff:fe00:93/64
# ccs -h virt-146 --addservice group-ip
# ccs -h virt-146 --addsubservice group-ip ip ref=2620:52:0:2246:1800:ff:fe00:93/64

# ccs -h virt-146 --lsservices
service: name=group-ip, autostart=0
  ip: ref=2620:52:0:2246:1800:ff:fe00:93/64
resources:
  ip: address=2620:52:0:2246:1800:ff:fe00:93/64

before patch: resource-agents-3.9.5-24.el6.x86_64
=================================================
virt-146# clusvcadm -e group-ip
Local machine trying to enable service:group-ip...Failure

virt-146# tail /var/log/cluster/rgmanager.log
...
Mar 30 10:58:31 rgmanager Starting stopped service service:group-ip
Mar 30 10:58:31 rgmanager [ip] Link for eth0: Detected
Mar 30 10:58:32 rgmanager [ip] Adding IPv6 address 2620:52:0:2246:1800:ff:fe00:93/64 to eth0
Mar 30 10:58:32 rgmanager [ip] Pinging addr 2620:52:0:2246:1800:ff:fe00:93 from dev eth0
Mar 30 10:58:33 rgmanager [ip] IPv6 address collision 2620:52:0:2246:1800:ff:fe00:93
Mar 30 10:58:33 rgmanager start on ip "2620:52:0:2246:1800:ff:fe00:93/64" returned 1 (generic error)
Mar 30 10:58:33 rgmanager #68: Failed to start service:group-ip; return value: 1
Mar 30 10:58:33 rgmanager Stopping service service:group-ip

corrected version: 3.9.5-34.el6.x86_64
======================================
virt-146# clusvcadm -e group-ip
Local machine trying to enable service:group-ip...Failure

virt-146# tail /var/log/cluster/rgmanager.log
...
Mar 30 11:10:03 rgmanager Starting stopped service service:group-ip
Mar 30 11:10:03 rgmanager [ip] Link for eth0: Detected
Mar 30 11:10:03 rgmanager [ip] Adding IPv6 address 2620:52:0:2246:1800:ff:fe00:93/64 to eth0
Mar 30 11:10:04 rgmanager [ip] IPv6 address collision 2620:52:0:2246:1800:ff:fe00:93 [DAD]
Mar 30 11:10:04 rgmanager start on ip "2620:52:0:2246:1800:ff:fe00:93/64" returned 1 (generic error)
Mar 30 11:10:04 rgmanager #68: Failed to start service:group-ip; return value: 1
Mar 30 11:10:04 rgmanager Stopping service service:group-ip

Comment 12 errata-xmlrpc 2016-05-10 19:13:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0735.html

Note You need to log in before you can comment on or make changes to this bug.