RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1636350 - Bringing eth1 up will not configure IPv6 on it
Summary: Bringing eth1 up will not configure IPv6 on it
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.5
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Beniamino Galvani
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-05 08:16 UTC by Slawek Kaplonski
Modified: 2018-11-27 10:04 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-27 10:04:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Slawek Kaplonski 2018-10-05 08:16:37 UTC 
Description of problem:
When using RHEL image on VM with 2 NICs attached, eth0 is configured properly on boot of vm. NIC eth1 is not up which is normal.
But problem is that when I do:

ip link set up eth1

It will not enable IPv6 on this interface by default.

I compared it with Centos7 and RHEL 6.10 - on both of them after running this command, IPv6 is enabled, link-local address is generated and in few seconds IP address from router (SLAAC method) is received and set on eth1.

Version-Release number of selected component (if applicable):
I tested it on:
[cloud-user@rhel75-slaac ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.5 (Maipo)

Downloaded from https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.5/x86_64/product-software - it was image called "Red Hat Enterprise Linux 7.5 Update KVM Guest Image (20180925)" on the webpage.

How reproducible:
100% times on VM with 2 NICs

Steps to Reproduce:
1. Spawn VM (I used OpenStack but I don't think it's related) with 2 NICs attached to it
2. SSH to VM and try to bring up eth1 interface.

Actual results:
$ ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:8e:a3:e3 brd ff:ff:ff:ff:ff:ff

$ sudo ip link set up eth1
$ ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:8e:a3:e3 brd ff:ff:ff:ff:ff:ff


Expected results:
$ ip a show eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether fa:16:3e:72:25:7c brd ff:ff:ff:ff:ff:ff

$ ip link set up eth1
$ ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:72:25:7c brd ff:ff:ff:ff:ff:ff
    inet6 1234::f816:3eff:fe72:257c/64 scope global dynamic
       valid_lft 86328sec preferred_lft 14328sec
    inet6 fe80::f816:3eff:fe72:257c/64 scope link
       valid_lft forever preferred_lft forever

Additional info:

To make it working in RHEL7 I need to add /etc/sysconfig/network-scripts/ifcfg-eth1 file like:
DEVICE=eth1

and then do:
$ /sbin/service network restart
Restarting network (via systemctl):                        [  OK  ]

then I have what I needed:
$ ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:8e:a3:e3 brd ff:ff:ff:ff:ff:ff
    inet6 1234::f816:3eff:fe8e:a3e3/64 scope global mngtmpaddr dynamic
       valid_lft 86358sec preferred_lft 14358sec
    inet6 fe80::f816:3eff:fe8e:a3e3/64 scope link
       valid_lft forever preferred_lft forever
Comment 2 Thomas Haller 2018-10-05 08:37:49 UTC 
NetworkManager will set all devices as `ip link set $IF up` early on, even if they are logically(!) disconnected.

-- that can be avoided, by configuring the device as unmanaged (via one of various methods).

NM does so, because it cares about carrier events, and it only gets these if the device is up.

It also means, your 

> ip link set up eth1
>
> It will not enable IPv6 on this interface by default.

will not actually do anything, because the device was already up.


Anyway, as long as there is no connection profile to activate, the device is logically disconnected. Which basically means to configure not IP addresses.

NM achieves that, by setting addrgenmode none. As you see with `ip -d link`. it also sets the /proc/sys/net/ipv6/conf/*/accept_ra* sysctl values, so that no SLAAC is done.


If you want to manually configure the device, you need also to do so fully. That means at least, to add (manually) an IPv6 link local address, or to reset addrgenmode. And to configure your non-link-local IP addresses (or re-enable accept_ra).


Possibly, if you anyway don't intend NM to manage this device, then mark it as unmanaged. That can be done ad-hoc (nmcli device $DEF set managed no) or permanently via configuration files or UDEV rules.



There is RFE bug 1628900 to keep the link down. But if that's done, it will have other downsides like no carrier events and NetworkManager wouldn't know whether a cable is plugged in.



Maybe you should explain *why* you are trying to do what you do.


> and then do:
> $ /sbin/service network restart
> Restarting network (via systemctl):  

With NetworkManager don't restart the network service. Instead, it'd be better to activate he desired profiles with nmcli.


It looks like, you just want to issue a

  $ nmcli device connect eth1

or
  $ nmcli connection up "$PROFILE_NAME"
Comment 3 Thomas Haller 2018-10-05 08:38:49 UTC 
> Maybe you should explain *why* you are trying to do what you do.

sorry, I mean: could you please elaborate the bigger picture of what you are doing? Thanks.
Comment 4 Slawek Kaplonski 2018-10-05 09:19:11 UTC 
Thx Thomas for Your reply.

Big picture:
I need this for tempest tests in OpenStack - test tries to bring eth1 interface like in: https://github.com/openstack/tempest/blob/master/tempest/scenario/test_network_v6.py#L157
and then check if proper IPv6 address is configured on it.
In upstream CI it works because Cirros image is used but in our D/S CI we have job where RHEL image is used to spawn vms and that cause issues described in https://bugzilla.redhat.com/show_bug.cgi?id=1622077

I was trying to do
nmcli device connect eth1

instead of
ip link set up dev eth1

and indeed it enables for me IPv6 on this interface but IPv6 address configured on it was different then expected, see example:

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:8e:a3:e3 brd ff:ff:ff:ff:ff:ff
    inet6 1234::efc1:d3a7:885e:15/64 scope global noprefixroute dynamic
       valid_lft 86394sec preferred_lft 14394sec
    inet6 fe80::d9ec:dd03:b2dc:bf8f/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

when expected is: 1234::f816:3eff:fe8e:a3e3/64

I was also trying to do:
sudo nmcli device set eth1 managed no
sudo ip link set up dev eth1

and that also didn't solve my problem.
Comment 5 Thomas Haller 2018-10-05 10:51:08 UTC 
(In reply to Slawek Kaplonski from comment #4)
> Thx Thomas for Your reply.
> 
> Big picture:
> I need this for tempest tests in OpenStack - test tries to bring eth1
> interface like in:
> https://github.com/openstack/tempest/blob/master/tempest/scenario/
> test_network_v6.py#L157
> and then check if proper IPv6 address is configured on it.
> In upstream CI it works because Cirros image is used but in our D/S CI we
> have job where RHEL image is used to spawn vms and that cause issues
> described in https://bugzilla.redhat.com/show_bug.cgi?id=1622077
> 
> I was trying to do
> nmcli device connect eth1
> 
> instead of
> ip link set up dev eth1
> 
> and indeed it enables for me IPv6 on this interface but IPv6 address
> configured on it was different then expected, see example:
> 
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
> UP group default qlen 1000
>     link/ether fa:16:3e:8e:a3:e3 brd ff:ff:ff:ff:ff:ff
>     inet6 1234::efc1:d3a7:885e:15/64 scope global noprefixroute dynamic
>        valid_lft 86394sec preferred_lft 14394sec
>     inet6 fe80::d9ec:dd03:b2dc:bf8f/64 scope link noprefixroute
>        valid_lft forever preferred_lft forever
> 
> when expected is: 1234::f816:3eff:fe8e:a3e3/64

that is likely, because the profile that was activated that was has ipv6.addr-gen-mode=stable-privacy. The interface identifier is generated number, not the MAC address. That is the default for creating profiles in NetworkManager, because it makes the user less trackable. You can change it with `nmcli connection modify "$PROFILE" ipv6.addr-gen-mode eui64`.


> I was also trying to do:
> sudo nmcli device set eth1 managed no
> sudo ip link set up dev eth1
> 
> and that also didn't solve my problem.

Yes, that marks the device as unmanaged and leaves it. It does not restore addrgenmode eui64, nor accept_ra. If you take over the device, you need to fully configure it to your needs. Setting it "unmanaged" via nmcli only means, that NetworkManager won't touch the device anymore and that might be a good idea if you plan to go ahead and configure it (with iproute2?). Possibly NetworkManager should in this case do better at restoring a define state. But unclear which. For example, resetting "addrgenmode eui64" and accept_ra might connect the user although he doesn't want that.

Alternatively, you can configure the device as unmanaged via configuration files or udev rules, so it's unmanaged from the start an NM won't touch it.
Comment 6 Beniamino Galvani 2018-11-27 08:16:39 UTC 
I agree with Thomas, the NM behavior seems as expected. I see only two
alternatives if a user wants to configure IPv6 with EUI64 on a device:
either fully use NetworkManager by creating a suitable connection
profile:

 nmcli connection add type ethernet ifname eth1 con-name my-ethernet ipv6.addr-gen-mode eui64 ipv4.method disabled
 nmcli connection up my-ethernet

or don't use it at all by explicitly telling NM to unmanage the
device, then manually reset IPv6 parameters:

 nmcli device set eth1 managed no
 ip l set eth1 addrgenmode eui64
 echo 1 > /proc/sys/net/ipv6/conf/eth1/accept_ra
 # flip disable_ipv6 to start RA
 echo 1 > /proc/sys/net/ipv6/conf/eth1/disable_ipv6
 echo 0 > /proc/sys/net/ipv6/conf/eth1/disable_ipv6

The following should work as well as it makes the device unmanaged by
using an ifcfg file and then uses network-scripts to bring it up:

 echo "DEVICE=eth1"       > /etc/sysconfig/network-scripts/ifcfg-eth1
 echo "NM_CONTROLLED=no" >> /etc/sysconfig/network-scripts/ifcfg-eth1
 echo "IPV6INIT=yes"     >> /etc/sysconfig/network-scripts/ifcfg-eth1
 ifup eth1

Slawek, is any of those solutions acceptable in your opinion? If so, I
propose to close this as NOTABUG or CANTFIX.
Comment 7 Slawek Kaplonski 2018-11-27 10:04:51 UTC 
Thx for investigating this and for Your tips. I think we can close this BZ now.
Note You need to log in before you can comment on or make changes to this bug.