talos icon indicating copy to clipboard operation
talos copied to clipboard
verified publisher icon siderolabs

accept_ra=2 not consistently applied

Open lennardk opened this issue 3 years ago • 5 comments

Bug Report

I'm not getting my ipv6 default routes through router advertisements, even though Talos is setting sys.net.ipv6.conf.default.accept_ra=2

Description and logs

My 'physical' (VM) interface is eth0. When enabling dhpv6 in the MachineConfig but not doing any specific configuration otherwise the potentially relevant values for it are:

root@worker2:/# sysctl net.ipv6.conf.all.accept_ra net.ipv6.conf.default.accept_ra net.ipv6.conf.eth0.accept_ra
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.eth0.accept_ra = 1

Empirically and some attempts at googling and reading Kernel sources lead me to believe that the all value is either irrelevant for accept_ra settings, or it gets ANDed and as such the effective value for eth0 is 1. Notably, I've set all.accept_ra to 2, waited for a router advertisement to show up in tcpdump and observed no route being added. While setting eth0.accept_ra to 2, waiting for a router advertisement in tcpdump does result in a default route being added. I do not believe having dhcpv6 enabled or disabled in the MachineConfig is of any influence, but I haven't done extensive testing on this. Manually configuring net.ipv6.conf.eth0.accept_ra: '2' in MC sysctls is a valid workaround in my environment.

Lastly, my current assumption is that the net.ipv6.conf.default.accept_ra that Talos does set does not apply to my eth0 because eth0 is probably present before this happens.

Environment

  • Talos version:
Client:
	Tag:         v1.0.4
	SHA:         f6696063
	Built:
	Go version:  go1.17.7
	OS/Arch:     linux/amd64
Server:
	NODE:        192.168.169.24
	Tag:         v1.0.4
	SHA:         f6696063
	Built:
	Go version:  go1.17.7
	OS/Arch:     linux/amd64
	Enabled:
  • Kubernetes version:
Client Version: v1.20.5
Server Version: v1.23.6
  • Platform: metal (libvirt QEMU VM)

lennardk avatar May 25 '22 13:05 lennardk

It shouldn't matter that eth0 is already present; router advertisements are not handled in a one-shot manner. More data is better, regardless

Ulexus avatar May 25 '22 13:05 Ulexus

It shouldn't matter that eth0 is already present; router advertisements are not handled in a one-shot manner. More data is better, regardless

To clarify, I believe the default settings only get copied to new interfaces as they get created/discovered and as such don't apply to my eth0 as it predates the new default settings.

lennardk avatar May 26 '22 18:05 lennardk

Oh, yes. I see what you're talking about now. Yes, that is quite correct.

Ulexus avatar May 26 '22 18:05 Ulexus

FYI: Same here in my LAN which doesn't use dhcpv6 but SLAAC only. I need to set net.ipv6.conf.eth0.accept_ra: '2' in machineconfig, otherwise the IPv6 default route isn't set and hosts and pods don't have IPv6 internet access.

zargony avatar Dec 19 '23 23:12 zargony

Any updates?

maxpain avatar Mar 07 '24 09:03 maxpain