From f8ad40ceea067346d97d311c5deaa203d26ce24a Mon Sep 17 00:00:00 2001 From: Scott Emery Date: Thu, 23 Jun 2016 14:58:14 -0700 Subject: [PATCH] ifupdown2: Disable IPv6 duplicate address detection on VRR interfaces Ticket: CM-11511 Reviewed By: CCR-4890 Testing Done: Used "address-virtual" keyword to create VRR interface with IPv6 address. Checked sysctl and dad failures. In a VRR setup, both switches are programmed with the same IPv6 address and that address is active on both switches. This causes the IPv6 duplicate address detection to kick in and diable the use of one of the address on one of the switches. This patch causes duplicate address detection to be disabled on VRR interfaces by setting the net.ipv6.conf..accept_dad and net.ipv6.conf..dad_transmits sysctl's to 0. The only IPv6 addresses which are defined on these interfaces are the virtual addresses and the link local address (which is unused). No other operational IPv6 addresses should ever be assigned to these interfaces. Instead, operational IPv6 addresses should be assigned to the "base", or lower, interface of the VRR interface. --- addons/addressvirtual.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/addons/addressvirtual.py b/addons/addressvirtual.py index 73f2d4c..18cc712 100644 --- a/addons/addressvirtual.py +++ b/addons/addressvirtual.py @@ -196,6 +196,12 @@ class addressvirtual(moduleBase): if lower_iface_mtu and lower_iface_mtu != self.ipcmd.link_get_mtu(macvlan_ifacename): self.ipcmd.link_set_mtu(macvlan_ifacename, lower_iface_mtu) + # Disable IPv6 duplicate address detection on VRR interfaces + for key, sysval in { 'accept_dad' : '0', 'dad_transmits' : '0' }.iteritems(): + syskey = 'net.ipv6.conf.%s.%s' % (macvlan_ifacename, key) + if self.sysctl_get(syskey) != sysval: + self.sysctl_set(syskey, sysval) + av_idx += 1 self.ipcmd.batch_commit()