Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-12455

BZ#2282237 "IPV6_AUTOCONF=no" gets ignored in ifcfg file

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • No Docs Impact
    • rhos-dfg-nfv
    • None
    • Hide
      .In IPv6 environments, Networking service erroneously configures default route in response to router advertisements

      Currently, in IPv6 environments, the IPv6 key-value pair, `IPV6_AUTOCONF=no`, in `ifcfg-*` files generated by `os-net-config` does not prevent the system from configuring the default route in response to router advertisements.

      There are two approaches to the workaround. In Approach 1, you edit the configuration files directly and then run `sysctl`. In Approach 2, you run the `sysctl` command to activate and write
      these values to the `sysctl.conf` file.

      *Workaround Approach 1:* Edit the configuration files

      . Set `net.ipv6.conf.<interface>.accept_ra_defrtr=0` to prevent learning the
      default route from router advertisements and `net.ipv6.conf.<interface>.accept_ra=0` to prevent the system from accepting router advertisements for any routes.
      +
      Set both of these variables in `/etc/sysctl.conf` or `/etc/sysctl.d/99-sysctl.conf` (or
      another file in that subdirectory).
      +
      For each specific interface:
      +
      ----
      net.ipv6.conf.<interface>.accept_ra_defrtr=0
      net.ipv6.conf.<interface>.accept_ra=0
      ----
      +
      [NOTE]
      ====
      Setting each specific interface can help to ensure that the settings are not overridden.
      For newly created interfaces:
      ----
      net.ipv6.conf.default.accept_ra_defrtr=0
      net.ipv6.conf.default.accept_ra=0
      ----
      For all interfaces present at boot time:
      ----
      net.ipv6.conf.all.accept_ra_defrtr=0
      net.ipv6.conf.all.accept_ra=0
      ----
      ====
      . Run the following command:
      +
      ----
      $ sudo sysctl -p
      ----

      *Workaround Approach 2:* run `sysctl` to activate and write the values to the `sysctl.conf` file:

      * For each specific interface:
      +
      ----
      $ sudo sysctl -w net.ipv6.conf.<interface>.accept_ra_defrtr=0
      $ sudo sysctl -w net.ipv6.conf.<interface>.accept_ra=0
      ----
      +
      [NOTE]
      ====
      Setting each specific interface can help to ensure that the
      settings are not overridden.
      For newly created interfaces:
      ----
      $ sudo sysctl -w net.ipv6.conf.default.accept_ra_defrtr=0
      $ sudo sysctl -w net.ipv6.conf.default.accept_ra=0
      ----
      For all interfaces present at boot time:
      ----
      $ sudo sysctl -w net.ipv6.conf.all.accept_ra_defrtr=0
      $ sudo sysctl -w net.ipv6.conf.all.accept_ra=0
      ----
      ====
      Show
      .In IPv6 environments, Networking service erroneously configures default route in response to router advertisements Currently, in IPv6 environments, the IPv6 key-value pair, `IPV6_AUTOCONF=no`, in `ifcfg-*` files generated by `os-net-config` does not prevent the system from configuring the default route in response to router advertisements. There are two approaches to the workaround. In Approach 1, you edit the configuration files directly and then run `sysctl`. In Approach 2, you run the `sysctl` command to activate and write these values to the `sysctl.conf` file. *Workaround Approach 1:* Edit the configuration files . Set `net.ipv6.conf.<interface>.accept_ra_defrtr=0` to prevent learning the default route from router advertisements and `net.ipv6.conf.<interface>.accept_ra=0` to prevent the system from accepting router advertisements for any routes. + Set both of these variables in `/etc/sysctl.conf` or `/etc/sysctl.d/99-sysctl.conf` (or another file in that subdirectory). + For each specific interface: + ---- net.ipv6.conf.<interface>.accept_ra_defrtr=0 net.ipv6.conf.<interface>.accept_ra=0 ---- + [NOTE] ==== Setting each specific interface can help to ensure that the settings are not overridden. For newly created interfaces: ---- net.ipv6.conf.default.accept_ra_defrtr=0 net.ipv6.conf.default.accept_ra=0 ---- For all interfaces present at boot time: ---- net.ipv6.conf.all.accept_ra_defrtr=0 net.ipv6.conf.all.accept_ra=0 ---- ==== . Run the following command: + ---- $ sudo sysctl -p ---- *Workaround Approach 2:* run `sysctl` to activate and write the values to the `sysctl.conf` file: * For each specific interface: + ---- $ sudo sysctl -w net.ipv6.conf.<interface>.accept_ra_defrtr=0 $ sudo sysctl -w net.ipv6.conf.<interface>.accept_ra=0 ---- + [NOTE] ==== Setting each specific interface can help to ensure that the settings are not overridden. For newly created interfaces: ---- $ sudo sysctl -w net.ipv6.conf.default.accept_ra_defrtr=0 $ sudo sysctl -w net.ipv6.conf.default.accept_ra=0 ---- For all interfaces present at boot time: ---- $ sudo sysctl -w net.ipv6.conf.all.accept_ra_defrtr=0 $ sudo sysctl -w net.ipv6.conf.all.accept_ra=0 ---- ====
    • Known Issue
    • Done
    • Hide

      This behavior occurs only in RHEL9 and not RHEL8, and only when using ifcfg but not when using nmstate. A workaround has been documented using sysctl settings. The precise kernel changes that changed the behavior has been requested from the kernel team (issue linked), but an answer may take some time.

      Show
      This behavior occurs only in RHEL9 and not RHEL8, and only when using ifcfg but not when using nmstate. A workaround has been documented using sysctl settings. The precise kernel changes that changed the behavior has been requested from the kernel team (issue linked), but an answer may take some time.
    • Moderate

      ESS Customer is testing RHOSP 17.1 (therefore RHEL 9.2) and has encountered an issue where "IPV6_AUTOCONF=no" gets ignored in ifcfg file.

      In sosreport ./0080-sosreport-rchltxeldnce-h-pe5dloc-0-03779789-2024-04-03-ippoyfb.tar.xz/sosreport-rchltxeldnce-h-pe5dloc-0-03779789-2024-04-03-ippoyfb/etc/sysconfig/network-scripts/:
      ~~~
      $ cat ifcfg-eth4

      This file is autogenerated by os-net-config
      DEVICE=eth4
      ONBOOT=yes
      HOTPLUG=no
      NM_CONTROLLED=no
      MTU=1480
      IPV6INIT=yes
      IPV6_MTU=1480
      IPV6_AUTOCONF=no
      IPV6ADDR=2607:f160:a:7804:124::9000/64
      DNS1=2607:f160:a:7804:12::8047
      ~~~

      But we still see the local configured IPv6 fe80::5054:ff:fe4b:8881/64, and because the gateway is doing route advertisement the default gateway is set with local IPv6 of the gateway:
      ~~~
      6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1480 qdisc fq_codel state UP group default qlen 1000
      link/ether 52:54:00:4b:88:81 brd ff:ff:ff:ff:ff:ff
      altname enp5s0
      inet6 2600:80b:210:5801::8001/64 scope global
      valid_lft forever preferred_lft forever
      inet6 2600:80b:210:5801::1000/128 scope global
      valid_lft forever preferred_lft forever
      inet6 fe80::5054:ff:fe4b:8881/64 scope link
      valid_lft forever preferred_lft forever
      ~~~

      from troubleshooting ifup-ipv6 we see autoconfig and accept_ra are disabled:
      ~~~
      + /sbin/sysctl -e -w net.ipv6.conf.eth4.forwarding=0
      + /sbin/sysctl -e -w net.ipv6.conf.eth4.accept_ra=0
      + /sbin/sysctl -e -w net.ipv6.conf.eth4.accept_redirects=0
      + /sbin/sysctl -e -w net.ipv6.conf.eth4.autoconf=0
      ~~~

      also the default for all interfaces is disabled, but we see local IPv6 on all of them
      ~~~
      from /etc/sysctl.d/99-tripleo.conf :

      net.ipv6.conf.all.accept_ra=0
      net.ipv6.conf.default.accept_ra=0
      net.ipv6.conf.all.autoconf=0
      net.ipv6.conf.default.autoconf=0
      ~~~

      also cloud config is disabled:
      ~~~
      $ cat ./etc/cloud/cloud.cfg.d/99-tripleo-disable-network-config.cfg
      network:
      config: disabled
      ~~~

      Version-Release number of selected component (if applicable):
      The setup is RHOSP 17.1, therefore RHEL 9.2 with:
      openstack-network-scripts-10.11.1-6.el9ost.x86_64

      How reproducible:
      Always

      Steps to reproduce
      On customer setup, deploy RHOSP 17.1, with templates that specify parameters seen in ifcfg-eth4 above

      Expected results
      "IPV6_AUTOCONF=no" is taken into account

      Actual results
      We can see that "IPV6_AUTOCONF=no" gets ignored

      Expected results:

      Additional info:

              rhn-engineering-dsneddon Dan Sneddon
              jira-bugzilla-migration RH Bugzilla Integration
              Eran Kuris Eran Kuris
              rhos-dfg-nfv
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: