Bug 1475983 - [RFE] Please backport support for AdvRASrcAddress (selection of RA source address)
Summary: [RFE] Please backport support for AdvRASrcAddress (selection of RA source add...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: radvd
Version: 7.3
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Pavel Zhukov
QA Contact: Ondrej Mejzlik 🐾
Ioanna Gkioka
URL:
Whiteboard:
Depends On:
Blocks: 1534569 1549614
TreeView+ depends on / blocked
 
Reported: 2017-07-27 17:10 UTC by Robert Scheck
Modified: 2018-10-30 07:49 UTC (History)
9 users (show)

Fixed In Version: radvd-2.17-3.el7
Doc Type: Release Note
Doc Text:
*radvd* rebased to version 2.17 The *router advertisement daemon (radvd)* has been upgraded to version 2.17. The most notable change is that now *radvd* supports the selection of router advertisements source address. As a result, connection tracking no longer fails when the router's address is moved between hosts or firewalls.
Clone Of:
Environment:
Last Closed: 2018-10-30 07:48:55 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3027 None None None 2018-10-30 07:49:09 UTC

Description Robert Scheck 2017-07-27 17:10:09 UTC
Description of problem:
Currently the shipped radvd version does not support AdvRASrcAddress (that's
selection of RA source address). This is required for fully redundant setups,
e.g. with two routers, keepalived and VRRP while having only one client that
has 2 uplinks. A more complete description of the specific scenario is shown
at https://github.com/reubenhwk/radvd/issues/45#issuecomment-103113580 as a
visualized example.

https://github.com/robbat2/radvd/commit/9aad6f02decbb65946121aef9347c17f659124b0
is the fully working upstream implementation that was done for radvd 2.16, so
please backport it to RHEL (either the feature itself or rebase to >= 2.16).

Configuration example for /etc/radvd.conf (same file on both routers)
--- snipp ---
interface eth1
{
  AdvSendAdvert on;
  AdvRASrcAddress { fe80::1; };
  prefix 2001:db8:1::1/64 { };
  RDNSS 2001:db8:1::1 { };
};
--- snapp ---

Configuration example for /etc/keepalived/keepalived.conf (same relevant part
on both routers):
--- snipp ---
vrrp_instance VRRP_INSTANCE {
  # [...]
  virtual_ipaddress {
    2001:db8:0::1/64 dev eth1
    fe80::1/64 dev eth1
  }
  # [...]
}
--- snapp ---

What happens without this AdvRASrcAddress? The client gets two default
routes, one like fe80::router1 and one like fe80::router2. However with 
keepalived and VRRP, only one (either router1 or router2) has a globally 
routeable IPv6 address, thus the client might be "offline" depending on
the chosen default route. Playing with settings like AdvDefaultLifetime
or AdvDefaultPreference does not make sense, because they are too slow
to be useful for quick keepalived takeovers (and fallbacks).

Version-Release number of selected component (if applicable):
radvd-1.9.2-9.el7

How reproducible:
See above and below.

Actual results:
No support for AdvRASrcAddress (selection of RA source address)

Expected results:
Support for AdvRASrcAddress (selection of RA source address)

Comment 2 Robert Scheck 2017-07-27 17:12:48 UTC
Cross-filed ticket 01899369 on the Red Hat customer portal.

Comment 3 Robert Scheck 2017-07-27 17:14:43 UTC
Bah, the global unique IPv6 addresses should be indeed all exactly the same
one, my fault when obfuscating from real-world configuration...

Comment 16 Robert Scheck 2018-06-21 14:40:46 UTC
Our tests using radvd-2.17-1.el7.cs01899369.x86_64 (via GSS) looked good :)

Comment 22 errata-xmlrpc 2018-10-30 07:48:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3027


Note You need to log in before you can comment on or make changes to this bug.