-
Notifications
You must be signed in to change notification settings - Fork 575
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPaddr2 may fail on LVS IPv6 configuration #180
Comments
On Sun, Nov 18, 2012 at 11:04:07PM -0800, Keisuke MORI wrote:
The kernel should know where the ICMP packets are coming from.
Neither does it happen with SLE11SP2, kernel 3.0.42. I guess it
I guess that that's also a possibility. |
Yes (attached below). Ping packets themselves work as usual. The problem is a neighbor solicitation packet for DAD can not be seen on the wire in the case of the failed scenario. I suspect that succeeding ping to lo makes the kernel think as the address has already assigned hence DAD fails.
Let me correct this; RHEL5.7 did not work properly either. 'dadfailed' was not displayed on RHEL5.7 but the kernel log reports that it has detected the address duplication and the 'tentative' status remains. The connection between other nodes may work but apparently it is not right status.
I and @nozawatm are now testing the patch along with this. Regards, Failed scenario. (4b.)
Succeeded scenario. (4c.)
|
On Tue, Nov 20, 2012 at 02:47:48AM -0800, Keisuke MORI wrote:
Of course. |
Closed as the patch is submitted in pull request #181. |
Just for an additional note: According to our kernel experts, this issue is fixed by the commit below so the recent kernel should not be affected: Looking at tentative status should be more reliable than pinging anyway. |
Make sure the IPv6 address allocation has completed by checking a tentative flag in the ip command output rather than using ping. Using ping may cause IPv6 duplicate address detection fail in LVS configuration. The behavior may vary depending on the kernel version. See below for details: ClusterLabs#180
Make sure the IPv6 address allocation has completed by checking a tentative flag in the ip command output rather than using ping. Using ping may cause IPv6 duplicate address detection fail in LVS configuration. The behavior may vary depending on the kernel version. See below for details: ClusterLabs#180
IPaddr2 may failed to assign an IPv6 address with 'dadfailed' status on LVS configuration, which has the same IPv6 address on lo too.
I consider that this is a blocker for the release.
The steps to reproduce is below. Step 4a. or 4b. is a failed scenario. Step 4c. is a succeeded scenario. (thanks to @nozawatm for testing it)
Diagnosis:
It fails when send_ua is called if the VIP is still 'tentative' status (accomplishing the assignment in the kernel).
The cause seems that send_ua is sending ping for waiting the tentative flag is disappeared (i.e. assingment has finished) but the ping packet makes IPv6 DAD (duplicate address detection) protocol fail in the case of LVS configuration.
(L317-L322 in IPaddr2.c)
17d9f6a#L0R317
One strange thing is that this problem was not observed on RHEL5.7 (send_ua suceeds even if it was tentative status). We are unsure that if the kernel behavior does matter or not, but anyway we have to fix it somehow.
Solution:
I think we should take another way for waiting to finish to assign the IPv6 address. Probably we are going to remove the ping loop in send_ua and alternatively use ip command to check tentative flag in the RA.
I and @nozawatm are working on this issue right now.
I would appreceate if you have any comments.
steps to reproduce
The text was updated successfully, but these errors were encountered: