Bug 1364498 - Unable to disable IPv6 RAs acceptance on interfaces by using nic templates/os-net-config
Summary: Unable to disable IPv6 RAs acceptance on interfaces by using nic templates/os...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 10.0 (Newton)
Assignee: Dan Sneddon
QA Contact: Marius Cornea
URL:
Whiteboard:
Depends On: 1362528 1396696
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-05 13:51 UTC by Jay Dobies
Modified: 2021-03-11 14:38 UTC (History)
21 users (show)

Fixed In Version: openstack-tripleo-heat-templates-5.0.0-0.20161008015357.0d3e3e3.1
Doc Type: Bug Fix
Doc Text:
Previously, there existed a known issue where autoconfiguration and accepting RAs was enabled for IPv6 regardless of the settings in the 'ifcfg' files. With this update, you can fix this issue by setting 'net.ipv6.conf.all.autoconfiguration' and 'net.ipv6.conf.all.accept_ra' values to '0' in the 'sysctl' settings allowing the 'IPV6AUTOCONFIG=no' in the 'ifcfg' file to take effect.
Clone Of: 1362528
Environment:
Last Closed: 2018-07-11 21:18:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1609125 0 None None None 2016-08-05 13:51:17 UTC
Launchpad 1632830 0 None None None 2017-08-31 20:13:18 UTC
OpenStack gerrit 350794 0 None None None 2017-03-04 00:22:22 UTC
OpenStack gerrit 386201 0 None None None 2016-10-14 18:08:07 UTC

Comment 6 Dan Sneddon 2016-10-14 14:55:11 UTC 
Patch merged upstream to address this: https://review.openstack.org/#/c/386201/
Comment 7 Dan Sneddon 2016-10-14 18:13:45 UTC 
Upstream patch has merged, so this should be fixed in OSP 10.
Comment 11 Marius Cornea 2016-11-24 09:27:12 UTC 
The issue is still present even though net.ipv6.conf.all.accept_ra and net.ipv6.conf.all.autoconf are now turned off by puppet:

[root@overcloud-controller-0 heat-admin]# sysctl net.ipv6.conf.all.autoconf
net.ipv6.conf.all.autoconf = 0
[root@overcloud-controller-0 heat-admin]# sysctl net.ipv6.conf.all.accept_ra
net.ipv6.conf.all.accept_ra = 0

The default route installed in the routing table:

[root@overcloud-controller-0 heat-admin]# ip -6 route show default
default via fe80::5054:ff:fe86:1d1b dev eth4  proto ra  metric 1024  expires 1476sec hoplimit 64

The static default route which should be the one installed:

[root@overcloud-controller-0 heat-admin]# cat /etc/sysconfig/network-scripts/route6-vlan100 
default via 2001:db8:ca2:4::1 dev vlan100

Moreover the route seems to get renewed so the static route never gets installed:

[root@overcloud-controller-0 heat-admin]# ip -6 route show default
default via fe80::5054:ff:fe86:1d1b dev eth4  proto ra  metric 1024  expires 1240sec hoplimit 64
[root@overcloud-controller-0 heat-admin]# ip -6 route show default
default via fe80::5054:ff:fe86:1d1b dev eth4  proto ra  metric 1024  expires 1698sec hoplimit 64

Checking the interface sysctl values I see they are turned on:

[root@overcloud-controller-0 heat-admin]# sysctl net.ipv6.conf.eth4.accept_ra
net.ipv6.conf.eth4.accept_ra = 1
[root@overcloud-controller-0 heat-admin]# sysctl net.ipv6.conf.eth4.autoconf
net.ipv6.conf.eth4.autoconf = 1
Note You need to log in before you can comment on or make changes to this bug.