New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPv6 prefix delegation is not supported #888
Comments
Hi, IPv6 prefix delegation is supported by NM. To enable it, the downstream interface must be configured with |
FYI: We opened an upstream issue to improve the documentation: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/758 |
I did follow @bengal's suggestion and even restarted from scratch. I am getting this journal entry (and no IPv6):
Here is a (slightly redacted) output from
Please note that I also tried to set Now to add a magic twist into that twisted hardware, my previous |
I can provide debug information but it does not tell anything: the RA is sent, lndp events are processed but nothing happens. Just changed a few kernel options (sysctl) like |
In NM the prerequisites for IPv6-PD are:
Please check 1. and 2. Message "no device to obtain a subnet to share on enp0s20 from" indicates that there is no device with IPv6 default route. If the IPv6 methods are configured correctly, please collect and share NM logs at trace level. |
So I created a new
Also made sure the WAN interface went back to Anyway, here is the log you requested. BTW, disregard the It does seem to me that I need to somehow force the use of DHCPv6 on my wan interface:
I suspect the router (I don't control) is not sending the proper flags, hence the @bengal If that's any easier for you, I can provide you with direct access to a small FCOS instance in the right environment. Just provide a public SSH key. And again, if there is any consistent documentation online explaining how to do this with NM, I'll gladly try it all. NM is frustrating because errors I (don't) get aren't returning any result online and configuration seems quite limited in scope so there's really little I can do by myself. I understand that's the point of getting RH support, but this is FCOS, not RH... |
What is implemented by NM at the moment is to support PD on WAN interfaces that already use DHCPv6 (not on those using SLAAC). We try to improve PD support when users report problems, as it's not very clear from RFCs what are all the possible ways in which PD can be used. For example some time ago we did some fixes to support PD in DHCPv6 stateless mode or over PPPoE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/647 This scenario where the server uses only SLAAC is not supported at the moment (mainly because nobody reported it so far), but we can try to prepare a patch to support it, together with a better documentation. |
Ah I see the misunderstanding! The server does not actually support SLAAC at all... Yet O is set but not M! But before you say it's a "won't fix"...
For whatever reason this is the behaviour that has been implemented. Both Oh oh oh! nearly there... So I found the AFAIK undocumented option
This seems to be forcing the use of the dhcp6 client (which seems to be systemd's). Now I need to actually get routing to work! |
Ah, right. I said SLAAC to mean no-DHCPv6. But the RA here only provides a route without a prefix (and with no
so it's neither SLAAC nor DHCPv6. The client only gets configured with a link-local address and a default route. With systemd-networkd (or NM with As you have already noticed,
Yes, but I think the problem here is different. systemd-networkd can be forced to start DHCPv6, and then there is this flag to the request the prefix delegation. The problem with NM is that it doesn't start DHCPv6 in the first place, unless the RA says it's needed. I guess what is missing in NM is one of:
or
With these, I suppose there is no need to something similar to systemd's What do you think? |
Yep! It's a The logs say that DHCPv6 CLIENT gets started in managed mode. Then the solicit/advert/req dance starts and I get a domain name, DNS and an IP address from it (
Exactly!
That I am probably too incompetent to notice whether there is a flaw in what you are recommending. It indeed sounds like Just noticed I forgot: adding my default route with the gateway provided previously does work! Though I can't set the gateway with
|
I don't understand what you mean here... SLAAC and PD are used for different purposes: SLAAC to assign an address to the WAN interface, PD to obtain prefixes to share to LAN interfaces. There was a discussion [1] on the NM mailing list about a case where the ISP server doesn't assign any address to the client but provides prefix delegations; the question was whether the client could use an address from the prefix delegation for the WAN interface. This was explicitly prohibited in a previous version of the RFC but seems allowed now. AFAICT the conclusions on that thread were that:
[1] https://mail.gnome.org/archives/networkmanager-list/2021-June/msg00026.html |
I opened a merge request to support PD in NM when the upstream interface is not configured via DHCP. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/924 I did some basic testing with the script in the first commit, but some real world testing would be helpful if possible. I can prepare a scratch build of the Fedora NM package if necessary. |
That's because I misunderstood how NM would determine PD is necessary. If I understand correctly now, as long as a LAN interface requests an address from the WAN interface, NM determines PD is required and will start DHCPv6 on the WAN interface to request a prefix (and an address I suppose)... Or at least that's the point of the MR you submitted.
Happy to test this and report back. |
This scratch build includes the patch: https://koji.fedoraproject.org/koji/taskinfo?taskID=71766806 |
In the case of Fedora CoreOS something like this should work:
Then reboot. |
Ah I suppose that make sense. I tried that very command on the local RPMs but it failed:
I suppose koji URLs are treated as some sort of source. |
@bengal Scratch my previous comment (now deleted from github): a reboot was indeed necessary. I get IPv6 connectivity now after reboot using @dustymabe's method to override packages. |
Thank you both, that's amazing! |
Ah, potential "problems" depending on what you think should belong to the present patch:
Turned out those are explicitly defined for stateless, so they definitely don't belong here! Everything looks fine and I suppose using temporary addresses and such in NM should be the object of another feature request. |
NM adds the prefix route by itself so that it can control the route metric, which can be changed through the Kernels >= 4.18 support specifying the prefix route metric when adding the address:
however NM needs to also support older kernels and so it still adds the prefix route by itself. It would be a nice improvement to use |
The patch is now merged and backported to the 1.30 branch. It will be in the next 1.30.6 release and it will reach F34 at the next update. |
NetworkManager-1.30.6-1.fc34 is now available. |
Thanks @bengal. This will make it into the next FCOS |
The fix for this went into testing stream release |
The fix for this went into stable stream release |
I'll reprovision tomorrow and let you know!
|
Add a test for IPv6 prefix delegation when the upstream interface is not using SLAAC or DHCPv6 addresses. See: coreos/fedora-coreos-tracker#888 The difference compared to existing test is that NM is not already using DHCPv6 on testX6, and it must start the DHCPv6 client when the downstream interface requests a prefix. Also, since the server doesn't give out the address via DHCPv6, we compute the route gateway in a different way. In a real scenario the server would know the address by other means (for example, because the link-local interface-id was pushed via PPP IPV6CP).
As far as I can tell, DHCPv6-PD (i.e. prefix delegation of IPv6 through DHCP), does not work in Fedora CoreOS and is simply not supported in the base config.
It is apparently a known problem of NetworkManager:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/375
It feels like this is a large use case that is not taken into account.
From a very remote perspective (no offence to the people who decided this), it looks like other tools (like systemd-networkd) would really be a better fit in terms of flexibility, ease of configuration and functionality. If the only "win" of NetworkManager is "but I can configure it with a GUI/CLI and then just copy the configuration", I am afraid that choice was very misguided, for a server distribution... installable through ignition... in an automated manner... At any rate, I find infuriating systemd-networkd was carefully removed from the distribution instead of being left alone.
The text was updated successfully, but these errors were encountered: