Bug 199862 - IPv6 setup: fix default IPv6 address to IPV6ADDR in case of IPV6ADDR_SECONDARIES are used
IPv6 setup: fix default IPv6 address to IPV6ADDR in case of IPV6ADDR_SECONDAR...
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: initscripts (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
Depends On:
  Show dependency treegraph
Reported: 2006-07-23 08:25 EDT by Peter Bieringer
Modified: 2014-03-16 23:00 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-06 17:48:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch which remove and readd IPV6ADDR in case of IPV6ADDR_SECONDARIES are defined (826 bytes, patch)
2006-07-23 08:25 EDT, Peter Bieringer
no flags Details | Diff
Patch which remove and readd IPV6ADDR in case of IPV6ADDR_SECONDARIES are defined (1.16 KB, patch)
2006-07-23 15:18 EDT, Peter Bieringer
no flags Details | Diff
Alternative simple patch for RHEL4 (724 bytes, patch)
2007-08-11 06:17 EDT, Peter Bieringer
no flags Details | Diff

  None (edit)
Description Peter Bieringer 2006-07-23 08:25:23 EDT
Created attachment 132881 [details]
Patch which remove and readd IPV6ADDR in case of IPV6ADDR_SECONDARIES are defined
Comment 1 Peter Bieringer 2006-07-23 08:25:23 EDT
Description of problem:
If an additional IPv6 address is added to an interface, this address would be
the primary address for outgoing connections (if scope is proper).

Version-Release number of selected component (if applicable):

How reproducible:
always after reboot

Steps to Reproduce:
1. extend interface configuration for IPv6 like:


# IPv6
IPV6ADDR_SECONDARIES="2001:db8:0:1::188:1/64 2001:db8:0:1::189:1/64

2. initializie network
3. telnet/ssh to an IPv6 enabled destination
Actual results:
outgoing source address would be 2001:db8:0:1::190:1

As described, the last one added 
# ip -6 addr show dev eth0 | grep inet6 | grep global
    inet6 2001:db8:0:1::190:1/64 scope global
    inet6 2001:db8:0:1::189:1/64 scope global
    inet6 2001:db8:0:1::188:1/64 scope global
    inet6 2001:db8:0:1::162:1/64 scope global

Expected results:
Use of 2001:db8:0:1::162:1 as primary address for outgoing connections.

Additional info:

A simple patch to ifup-ipv6 solves this issue. In case of IPV6ADDR_SECONDARIES
are defined, after applying the addresses, IPV6ADDR is removed and readded to
the interface. This causes that IPV6ADDR is now the first one in the list and
therefore used as primary address for outgoing connections.
Comment 2 Peter Bieringer 2006-07-23 15:18:40 EDT
Created attachment 132887 [details]
Patch which remove and readd IPV6ADDR in case of IPV6ADDR_SECONDARIES are defined

Improved patch which checks whether IPV6ADDR is really not the first one in
list after IPV6ADDR_SECONDARIES are added. If not, remove and readd it. This
patch should be safe for the future.
Comment 3 Bill Nottingham 2006-07-24 10:37:46 EDT
Can't you just set the secondary addresses with a specific scope when you add them?
Comment 4 Peter Bieringer 2006-07-24 11:52:26 EDT
Specific scope doesn't help, because all addresses are global scope (they are
alias addresses for specific services to move them more or less transparent to
another host).
Flag "primary" would help, but looks like not supported in IPv6 (never seen and
"ip" doesn't support it, too). 
Comment 5 Bill Nottingham 2006-07-24 12:08:14 EDT
Hm. You could also set the source address on the route itself...
Comment 6 Peter Bieringer 2006-07-24 12:19:26 EDT
"ip -6 route add" accepts "src <address>" but didn't show this in routing table
and it's also not working here.


Comment 7 Bill Nottingham 2006-07-24 12:47:01 EDT
Ugh. Add/remove just seems wrong. Is default *always* the last one added? Could
the order be reversed (add secondaries, then primary)?
Comment 8 Peter Bieringer 2006-07-24 18:37:26 EDT
Current behavior (don't know the reason, perhaps Pekka or better Alexey [if
still working on the IPv6 kernel part] have more information why kernel does
this), is, that for new (at least - UDP not tested) TCP connections, the first
one shown in list is used (ping6 has a different behavior here at least on FC5,
it always using the first added one - perhaps a local issue here...).

Anyway, my 2nd patch checks, whether IPV6ADDR is *not* the first one in list, if
so, it would be removed and readded.

If we add the secondaries before the primary address in an unconditional way,
and sometimes in the future the behavior of adding addresses would change, mean
order will be kept instead of stack-behavior (last added will be first in list),
we run into a problem. Because we currently cannot expect, which kernel version
act as current or not, but assuming first address in list is the primary, my
current patch would be the fail-safest one I think.

Comment 9 Bill Nottingham 2006-07-24 20:39:53 EDT
I don't like it; removing and readding addresses is just a bad hack. We should
find a scalable way to do this, by finding some way to set the address as primary.

I should probably try and track down a networking guru.
Comment 10 Peter Bieringer 2006-07-25 02:08:47 EDT
I agree, that this is a bad hack, but at time of writing the only method I know
Comment 11 Peter Bieringer 2006-08-17 05:12:34 EDT
Do you get any news from the network gurus inbetween? 
Comment 12 Bill Nottingham 2006-08-17 09:58:56 EDT
Not as of yet.
Comment 13 Peter Bieringer 2006-08-22 01:49:18 EDT
I got response to a posting on netdev list:

It's an implementation decission and looks like this would be not changed. And
it looks like also that there is no flag to set a primary adddress.

What now? Implement my workaround in initscripts?
Comment 14 Bill Nottingham 2006-08-22 11:37:50 EDT
How about the policy table suggestion?
Comment 15 Peter Bieringer 2006-08-22 15:09:26 EDT
Do you know how it works? /etc/gai.conf is only working for destination
addresses as far as I understood, but we need a policy for the source address
(which can be of course from the same subnet, which makes selection sure more
Comment 16 Peter Bieringer 2006-08-25 08:02:05 EDT
I still got no information how to select src address in Linux, no response to my

Can it be that Linux misses support at all for this issue.

BTW: my current workaround works fine on all my systems here.

We can't change it to: "if additional addresses are defined, add them first,
afterwards the primary" because if behavior of kernel changes, we run into the
same trouble like now.
Comment 17 Peter Bieringer 2007-08-05 13:59:37 EDT
See also https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250921, looks like
a  control for selecting the default address is missing at all.

We have now 2 cases:
- want to use autogenerated one, even if manual ones added
   => work also described in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250921#c3, before adding
any IPv6 address we have to save the autogenerated one and depending on a config
option, remove it an readd it after processing IPV6ADDR_SECONDARIES and IPV6ADDR.

- want to use the main manual added one (IPV6ADDR)
   => fix is available for initscripts
Comment 18 Bill Nottingham 2007-08-06 17:48:18 EDT
This is all just horribly, horribly, wrong. Moreover, the upstream state of this
seems to be crap:

1) there's no good way to set policy in the kernel
2) the 'policy' that's there could conceivably change randomly
3) when asked, all the information I see says that they're looking on moving it
to policy based routing... with no further follow up.

Pending anything appearing as in #3, closing WONTFIX.
Comment 19 Peter Bieringer 2007-08-11 06:17:16 EDT
Created attachment 161116 [details]
Alternative simple patch for RHEL4

Because kernel version of RHEL4 does not change, this simple patch will add
IPV6ADDR after IPV6ADDR_SECONDARIES to get sure being the latest added one and
therefore the default for outgoing used one.

Note You need to log in before you can comment on or make changes to this bug.