Created attachment 132881 [details] Patch which remove and readd IPV6ADDR in case of IPV6ADDR_SECONDARIES are defined
Description of problem: If an additional IPv6 address is added to an interface, this address would be the primary address for outgoing connections (if scope is proper). Version-Release number of selected component (if applicable): initscripts-7.93.24.EL kernel-2.6.9-34.0.2.EL How reproducible: always after reboot Steps to Reproduce: 1. extend interface configuration for IPv6 like: /etc/sysconfig/network-scripts/ifcfg-eth0 ... # IPv6 IPV6INIT="yes" IPV6ADDR="2001:db8:0:1::162:1/64" IPV6ADDR_SECONDARIES="2001:db8:0:1::188:1/64 2001:db8:0:1::189:1/64 2001:db8:0:1::190:1/64" IPV6_DEFAULTGW="2001:db8:0:1::1" IPV6_AUTOCONF="no" 2. initializie network 3. telnet/ssh to an IPv6 enabled destination Actual results: outgoing source address would be 2001:db8:0:1::190:1 As described, the last one added # ip -6 addr show dev eth0 | grep inet6 | grep global inet6 2001:db8:0:1::190:1/64 scope global inet6 2001:db8:0:1::189:1/64 scope global inet6 2001:db8:0:1::188:1/64 scope global inet6 2001:db8:0:1::162:1/64 scope global Expected results: Use of 2001:db8:0:1::162:1 as primary address for outgoing connections. Additional info: A simple patch to ifup-ipv6 solves this issue. In case of IPV6ADDR_SECONDARIES are defined, after applying the addresses, IPV6ADDR is removed and readded to the interface. This causes that IPV6ADDR is now the first one in the list and therefore used as primary address for outgoing connections.
Created attachment 132887 [details] Patch which remove and readd IPV6ADDR in case of IPV6ADDR_SECONDARIES are defined Improved patch which checks whether IPV6ADDR is really not the first one in list after IPV6ADDR_SECONDARIES are added. If not, remove and readd it. This patch should be safe for the future.
Can't you just set the secondary addresses with a specific scope when you add them?
Specific scope doesn't help, because all addresses are global scope (they are alias addresses for specific services to move them more or less transparent to another host). Flag "primary" would help, but looks like not supported in IPv6 (never seen and "ip" doesn't support it, too).
Hm. You could also set the source address on the route itself...
"ip -6 route add" accepts "src <address>" but didn't show this in routing table and it's also not working here.
Ugh. Add/remove just seems wrong. Is default *always* the last one added? Could the order be reversed (add secondaries, then primary)?
Current behavior (don't know the reason, perhaps Pekka or better Alexey [if still working on the IPv6 kernel part] have more information why kernel does this), is, that for new (at least - UDP not tested) TCP connections, the first one shown in list is used (ping6 has a different behavior here at least on FC5, it always using the first added one - perhaps a local issue here...). Anyway, my 2nd patch checks, whether IPV6ADDR is *not* the first one in list, if so, it would be removed and readded. If we add the secondaries before the primary address in an unconditional way, and sometimes in the future the behavior of adding addresses would change, mean order will be kept instead of stack-behavior (last added will be first in list), we run into a problem. Because we currently cannot expect, which kernel version act as current or not, but assuming first address in list is the primary, my current patch would be the fail-safest one I think.
I don't like it; removing and readding addresses is just a bad hack. We should find a scalable way to do this, by finding some way to set the address as primary. I should probably try and track down a networking guru.
I agree, that this is a bad hack, but at time of writing the only method I know about.
Do you get any news from the network gurus inbetween?
Not as of yet.
I got response to a posting on netdev list: http://www.mail-archive.com/netdev@vger.kernel.org/msg20021.html It's an implementation decission and looks like this would be not changed. And it looks like also that there is no flag to set a primary adddress. What now? Implement my workaround in initscripts?
How about the policy table suggestion?
Do you know how it works? /etc/gai.conf is only working for destination addresses as far as I understood, but we need a policy for the source address (which can be of course from the same subnet, which makes selection sure more difficult).
I still got no information how to select src address in Linux, no response to my posting: http://www.linux-ipv6.org/ml/usagi-users/msg03687.html Can it be that Linux misses support at all for this issue. BTW: my current workaround works fine on all my systems here. We can't change it to: "if additional addresses are defined, add them first, afterwards the primary" because if behavior of kernel changes, we run into the same trouble like now.
See also https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250921, looks like a control for selecting the default address is missing at all. We have now 2 cases: - want to use autogenerated one, even if manual ones added => work also described in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250921#c3, before adding any IPv6 address we have to save the autogenerated one and depending on a config option, remove it an readd it after processing IPV6ADDR_SECONDARIES and IPV6ADDR. - want to use the main manual added one (IPV6ADDR) => fix is available for initscripts
This is all just horribly, horribly, wrong. Moreover, the upstream state of this seems to be crap: 1) there's no good way to set policy in the kernel 2) the 'policy' that's there could conceivably change randomly 3) when asked, all the information I see says that they're looking on moving it to policy based routing... with no further follow up. Pending anything appearing as in #3, closing WONTFIX.
Created attachment 161116 [details] Alternative simple patch for RHEL4 Because kernel version of RHEL4 does not change, this simple patch will add IPV6ADDR after IPV6ADDR_SECONDARIES to get sure being the latest added one and therefore the default for outgoing used one.