Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

controlling the LLA used by radvd for RAs #131

Open
Supermathie opened this issue Nov 20, 2020 · 2 comments
Open

controlling the LLA used by radvd for RAs #131

Supermathie opened this issue Nov 20, 2020 · 2 comments

Comments

@Supermathie
Copy link

TL;DR: We are running into a situation where radvd is picking the source IP for outgoing advertisements that don't want it to use.

radvd version: 2.17, debian package 1:2.17-2

Our setup:

  • each server has a globally routable /64 network configured on a local bridge (for docker containers)
  • this network is advertised to other servers via radvd: 
    interface int {
    AdvDefaultLifetime 0;
    AdvSendAdvert on;
    MaxRtrAdvInterval 12;
    route 2001:db8:f00:d2::/64 {
        AdvRouteLifetime 900;
    };
};
  • our edge servers also have this but also have a VRRP IP configured for outbound traffic
  • IPv6 VRRP requires the first address in a VRRP group be an LLA for the VRRP router (we choose fe80::ffff:ff here) 
     inet6 fe80::ffff:ff/64 scope link nodad
    valid_lft forever preferred_lft forever
 inet6 fe80::5054:ff:feed:f5a6/64 scope link
    valid_lft forever preferred_lft forever

The end result that we want to change is:

  • radvd chooses the fe80::ffff:ff address for its advertisements instead of fe80::5054:ff:feed:f5a6

This is bad for us since that's a VIP and can move between machines.

Things we've tried:

  • changing the VRRP configuration so that the address is /128 and marked as deprecated: 
     inet6 fe80::ffff:ff/128 scope link nodad deprecated
    valid_lft forever preferred_lft 0sec
 inet6 fe80::5054:ff:feed:f5a6/64 scope link
    valid_lft forever preferred_lft forever
    result: no change; fe80::ffff:ff is still picked as the outbound address

Any suggestions here to accomplish what we want with radvd as-is?

Can we tell radvd to use a specific address as the advertisement source for this route?

Should it be modified to not choose deprecated or /128 addresses as the source for advertisements?
@robbat2 robbat2 mentioned this issue Jan 25, 2021
Open
@robbat2
Copy link
Member

robbat2 commented Jan 25, 2021

#127 will help with this issue, but probably further work is needed, as you also want to avoid /128 addresses, and that code is driven by lifetime, not the /128 or the deprecated flag (which can be present even with a high lifetime)

@robbat2
Copy link
Member

robbat2 commented Dec 31, 2024

For the moment, use AdvRASrcAddress and specify which source address you DO want.

Long-term we should make AdvRASrcAddress also take negation, and ignore both /128s and deprecated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robbat2 @Supermathie