Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

systemd-networkd stops adding temporary IPs after a few days with IPv6PrivacyExtensions=yes #13218

Open
Liggy opened this issue Jul 29, 2019 · 0 comments

Comments

@Liggy
Copy link

commented Jul 29, 2019

systemd version the issue has been seen with

systemd 242 (242.32-3-arch)
+PAM +AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid

Used distribution

Arch Linux

Expected behaviour you didn't see

About every 24 hours when a temporary IPv6 address gets to status deprecated, a new temporary IP address should be added to the interface

Unexpected behaviour you saw

For the first few days, a new address was added as expected, but after 6 days the old IPv6 address got deprecated without a adding a new one. Instead of using a temporary address for the outgoing traffic, the MAC-address based IPv6 is used which I want to avoid for privacy reasons or the IPv6PrivacyExtensions setting would not make sense.

Steps to reproduce the problem
Configure network interface with the following settings and wait for a few days. The value for Name may have to be adjusted according to the name of the network interface

[Match]
Name=en*

[Network]
DHCP=yes
IPv6AcceptRA=yes
IPv6PrivacyExtensions=yes

Debug logging
For debugging purposes, I had to use a VM, but I experienced the same behaviour on a physical machine before. I configured Environment=SYSTEMD_LOG_LEVEL=debug in a drop-in file and found the following entries with journalctl - partly anonymized:

Jul 01 19:54:25 server-arch systemd-networkd[289]: ens3: Configuring route: dst: n/a, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 01 19:54:25 server-arch systemd-networkd[289]: ens3: Configuring route: dst: 2003:c5:xxxx:xxxx::/64, src: n/a, gw: n/a, prefsrc: n/a
Jul 01 19:54:25 server-arch systemd-networkd[289]: ens3: Configuring route: dst: n/a, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 01 19:54:25 server-arch systemd-networkd[289]: ens3: Configuring route: dst: 2003:c5:xxxx:xxxx::/56, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 01 19:54:25 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Sent INFORMATION-REQUEST
Jul 01 19:54:25 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Next retransmission in 991ms
Jul 01 19:54:25 server-arch systemd-networkd[289]: ens3: Updating route: dst: n/a, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 01 19:54:25 server-arch systemd-networkd[289]: ens3: Updating route: dst: 2003:c5:xxxx:xxxx::/64, src: n/a, gw: n/a, prefsrc: n/a
Jul 01 19:54:25 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:5054:ff:fe00:4063/64 (valid for 2h)
Jul 01 19:54:25 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx::/56, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 01 19:54:25 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Recv REPLY
Jul 01 19:54:27 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:5054:ff:fe00:4063/64 (valid for 1h 59min 59s)
Jul 01 19:54:27 server-arch systemd-networkd[289]: ens3: Configured
Jul 01 19:54:27 server-arch systemd-networkd[289]: ens3: State changed: configuring -> configured
Jul 01 19:54:27 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx:5054:ff:fe00:4063/128, src: n/a, gw: n/a, prefsrc: n/a
Jul 01 19:54:27 server-arch systemd-networkd[289]: ens3: Adding address: 2003:c5:xxxx:xxxx:e977:6e2a:85d0:b911/64 (valid for 1h 59min 59s)
Jul 01 19:54:27 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx:e977:6e2a:85d0:b911/128, src: n/a, gw: n/a, prefsrc: n/a

every few minutes I have entries like the following one:

Jul 01 19:56:44 server-arch systemd-networkd[289]: NDISC: Received Router Advertisement: flags OTHER preference medium lifetime 1800 sec
Jul 01 19:56:44 server-arch systemd-networkd[289]: NDISC: Invoking callback for 'router' event.
Jul 01 19:56:44 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Started in Information request mode
Jul 01 19:56:44 server-arch systemd-networkd[289]: ens3: Acquiring DHCPv6 lease on NDisc request
Jul 01 19:56:44 server-arch systemd-networkd[289]: ens3: Configuring route: dst: n/a, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 01 19:56:44 server-arch systemd-networkd[289]: ens3: Configuring route: dst: 2003:c5:xxxx:xxxx::/64, src: n/a, gw: n/a, prefsrc: n/a
Jul 01 19:56:44 server-arch systemd-networkd[289]: ens3: Configuring route: dst: n/a, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 01 19:56:44 server-arch systemd-networkd[289]: ens3: Configuring route: dst: 2003:c5:xxxx:xxxx::/56, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 01 19:56:44 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Sent INFORMATION-REQUEST
Jul 01 19:56:44 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Next retransmission in 996ms
Jul 01 19:56:44 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:5054:ff:fe00:4063/64 (valid for 2h)
Jul 01 19:56:44 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:e977:6e2a:85d0:b911/64 (valid for 2h)
Jul 01 19:56:45 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Recv REPLY

...
after first 24 hours

Jul 02 19:50:31 server-arch systemd-networkd[289]: ens3: Adding address: 2003:c5:xxxx:xxxx:60fc:ab46:9c7d:da37/64 (valid for 1h 51min 14s)
Jul 02 19:50:31 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx:60fc:ab46:9c7d:da37/128, src: n/a, gw: n/a, prefsrc: n/a
Jul 02 19:50:32 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:e977:6e2a:85d0:b911/64 (valid for 1h 51min 13s)

...

Jul 03 19:46:35 server-arch systemd-networkd[289]: ens3: Adding address: 2003:c5:xxxx:xxxx:35e7:270e:2684:e591/64 (valid for 1h 56min 23s)
Jul 03 19:46:35 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx:35e7:270e:2684:e591/128, src: n/a, gw: n/a, prefsrc: n/a
Jul 03 19:46:36 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:60fc:ab46:9c7d:da37/64 (valid for 1h 56min 22s)

...

Jul 04 19:42:40 server-arch systemd-networkd[289]: ens3: Adding address: 2003:c5:xxxx:xxxx:40df:4dac:e9cb:7d9e/64 (valid for 1h 59min 6s)
Jul 04 19:42:40 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx:40df:4dac:e9cb:7d9e/128, src: n/a, gw: n/a, prefsrc: n/a
Jul 04 19:42:41 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:35e7:270e:2684:e591/64 (valid for 1h 59min 5s)

...

Jul 05 19:38:45 server-arch systemd-networkd[289]: ens3: Adding address: 2003:c5:xxxx:xxxx:fd2b:a818:e29d:2a0e/64 (valid for 1h 56min 15s)
Jul 05 19:38:45 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx:fd2b:a818:e29d:2a0e/128, src: n/a, gw: n/a, prefsrc: n/a
Jul 05 19:38:46 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:40df:4dac:e9cb:7d9e/64 (valid for 1h 56min 14s)

...

Jul 06 19:34:48 server-arch systemd-networkd[289]: ens3: Adding address: 2003:c5:xxxx:xxxx:ec8e:e858:7774:f0f6/64 (valid for 1h 59min 55s)
Jul 06 19:34:48 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx:ec8e:e858:7774:f0f6/128, src: n/a, gw: n/a, prefsrc: n/a
Jul 06 19:34:49 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:fd2b:a818:e29d:2a0e/64 (valid for 1h 59min 54s)

...
after 6 days only

Jul 07 19:30:57 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:ec8e:e858:7774:f0f6/64 (valid for 1h 55min 50s)

24 hours later no more related entries.
systemd-networkd only shows that it's deprecating the temporary address which was added 24 hours ago but no Adding address / Adding route entries. This does not always seem to happen after exactly 6 days, can also be a few days more or less.

Output of ip a at that time:

2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:00:40:63 brd ff:ff:ff:ff:ff:ff
    inet 192.168.x.y/24 brd 192.168.x.255 scope global dynamic ens3
       valid_lft 773602sec preferred_lft 773602sec
    inet6 2003:c5:xxxx:xxxx:ec8e:e858:7774:f0f6/64 scope global temporary deprecated dynamic 
       valid_lft 6946sec preferred_lft 0sec
    inet6 2003:c5:xxxx:xxxx:fd2b:a818:e29d:2a0e/64 scope global temporary deprecated dynamic 
       valid_lft 6946sec preferred_lft 0sec
    inet6 2003:c5:xxxx:xxxx:40df:4dac:e9cb:7d9e/64 scope global temporary deprecated dynamic 
       valid_lft 6946sec preferred_lft 0sec
    inet6 2003:c5:xxxx:xxxx:35e7:270e:2684:e591/64 scope global temporary deprecated dynamic 
       valid_lft 6946sec preferred_lft 0sec
    inet6 2003:c5:xxxx:xxxx:60fc:ab46:9c7d:da37/64 scope global temporary deprecated dynamic 
       valid_lft 6946sec preferred_lft 0sec
    inet6 2003:c5:xxxx:xxxx:e977:6e2a:85d0:b911/64 scope global temporary deprecated dynamic 
       valid_lft 6946sec preferred_lft 0sec
    inet6 2003:c5:xxxx:xxxx:5054:ff:fe00:4063/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 6946sec preferred_lft 1546sec
    inet6 fe80::5054:ff:fe00:4063/64 scope link 
       valid_lft forever preferred_lft forever

All temporary IPv6 addresses are now deprecated. After their lifetime has expired, the old addresses get removed

Jul 08 19:54:35 server-arch systemd-networkd[289]: ens3: Removing address: 2003:c5:xxxx:xxxx:e977:6e2a:85d0:b911/64 (valid for 0)
Jul 08 19:54:35 server-arch systemd-networkd[289]: ens3: Removing route: dst: 2003:c5:xxxx:xxxx:e977:6e2a:85d0:b911/128, src: n/a, gw: n/a, prefsrc: n/a

Jul 09 19:50:31 server-arch systemd-networkd[289]: ens3: Removing address: 2003:c5:xxxx:xxxx:60fc:ab46:9c7d:da37/64 (valid for 0)
Jul 09 19:50:31 server-arch systemd-networkd[289]: ens3: Removing route: dst: 2003:c5:xxxx:xxxx:60fc:ab46:9c7d:da37/128, src: n/a, gw: n/a, prefsrc: n/a

Jul 10 19:46:35 server-arch systemd-networkd[289]: ens3: Removing address: 2003:c5:xxxx:xxxx:35e7:270e:2684:e591/64 (valid for 0)
Jul 10 19:46:35 server-arch systemd-networkd[289]: ens3: Removing route: dst: 2003:c5:xxxx:xxxx:35e7:270e:2684:e591/128, src: n/a, gw: n/a, prefsrc: n/a

Jul 11 19:42:40 server-arch systemd-networkd[289]: ens3: Removing address: 2003:c5:xxxx:xxxx:40df:4dac:e9cb:7d9e/64 (valid for 0)
Jul 11 19:42:40 server-arch systemd-networkd[289]: ens3: Removing route: dst: 2003:c5:xxxx:xxxx:40df:4dac:e9cb:7d9e/128, src: n/a, gw: n/a, prefsrc: n/a

Jul 12 19:38:44 server-arch systemd-networkd[289]: ens3: Removing address: 2003:c5:xxxx:xxxx:fd2b:a818:e29d:2a0e/64 (valid for 0)
Jul 12 19:38:44 server-arch systemd-networkd[289]: ens3: Removing route: dst: 2003:c5:xxxx:xxxx:fd2b:a818:e29d:2a0e/128, src: n/a, gw: n/a, prefsrc: n/a

When the last IPv6 address is to be removed, I find the following log entries

Jul 13 19:34:47 server-arch systemd-networkd[289]: ens3: Removing address: 2003:c5:xxxx:xxxx:ec8e:e858:7774:f0f6/64 (valid for 0)
Jul 13 19:34:47 server-arch systemd-networkd[289]: ens3: Removing route: dst: 2003:c5:xxxx:xxxx:ec8e:e858:7774:f0f6/128, src: n/a, gw: n/a, prefsrc: n/a
Jul 13 19:35:08 server-arch systemd-networkd[289]: NDISC: Received Router Advertisement: flags OTHER preference medium lifetime 1800 sec
Jul 13 19:35:08 server-arch systemd-networkd[289]: NDISC: Invoking callback for 'router' event.
Jul 13 19:35:08 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Started in Information request mode
Jul 13 19:35:08 server-arch systemd-networkd[289]: ens3: Acquiring DHCPv6 lease on NDisc request
Jul 13 19:35:08 server-arch systemd-networkd[289]: ens3: Configuring route: dst: n/a, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 13 19:35:08 server-arch systemd-networkd[289]: ens3: Configuring route: dst: 2003:c5:xxxx:xxxx::/64, src: n/a, gw: n/a, prefsrc: n/a
Jul 13 19:35:08 server-arch systemd-networkd[289]: ens3: Configuring route: dst: n/a, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 13 19:35:08 server-arch systemd-networkd[289]: ens3: Configuring route: dst: 2003:c5:xxxx:xxxx::/56, src: n/a, gw: fe80::a96:d7ff:fexx:xxxx, prefsrc: n/a
Jul 13 19:35:08 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Sent INFORMATION-REQUEST
Jul 13 19:35:08 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Next retransmission in 960ms
Jul 13 19:35:08 server-arch systemd-networkd[289]: ens3: Updating address: 2003:c5:xxxx:xxxx:5054:ff:fe00:4063/64 (valid for 2h)
Jul 13 19:35:08 server-arch systemd-networkd[289]: DHCPv6 CLIENT: Recv REPLY
Jul 13 19:35:10 server-arch systemd-networkd[289]: ens3: Adding address: 2003:c5:xxxx:xxxx:ec8e:e858:7774:f0f6/64 (valid for 1h 59min 58s)
Jul 13 19:35:10 server-arch systemd-networkd[289]: ens3: Adding route: dst: 2003:c5:xxxx:xxxx:ec8e:e858:7774:f0f6/128, src: n/a, gw: n/a, prefsrc: n/a

and the last deprecated address gets active again and the procedure starts again with adding new addresses for a few days...

When my router or the ISP disconnects my WAN connection and receives a new prefix, this also resulted in a new temporary IPv6 address until the renewal stalls again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.