New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[systemd-networkd] IPv6 Prefix Delegation not parsing IA_PD responses from upstream RAs #15375
Comments
If you look closely to the tcpdump it says https://tools.ietf.org/html/rfc8415
|
From the logs: So there is a IA_PD prefix in the respone? Should not that be used to assign addresses through prefix delegation to the interfaces? |
The same can be seen in the tcpdump too. If you read the next part of the RFC "The client |
I have a Ubiquity commodity router that is connected to the same ISP on another port in the fiber box, that takes the IA_PD supplied /56 prefix, makes a /64 out of it, assigns ::1 to itself, and hand out IPv6 addresses to the LAN clients with SLAAC. I trying to replicate the same functionality with systemd-networkd, or at least get a /64 from the /56 assigned to the LAN interface. Reading on page 70 in the RFC:
And under WPD-6 in RFC 7084 (page 12):
If I read the tcpdump logs correctly, IA_NA is indeed without any address, but IA_PD does contain one routable prefix. Should |
All this is valid if you would not have received the status code |
Why is not the NoAddrsAvail for IA_NA discarded, and then the IA_PD processed? Anyway, if I disable systemd-networkd and use ifupdown
dhclient gets a lease of the /56 prefix, and I can assign /64:s to my interfaces:
|
Please contact dhclient . |
I rather use systemd-networkd. |
I still don't understand why my use case of DHCP Prefix Delegation as described in RFC 8415 Section 6.3 would not work with my ISP. If I understand your last comment correctly dhclient is not compliant with the RFC? Or why would I contact dhclient? Anyway, thank you for your time answering my questions. |
The quoted text does not apply here at all. The Status Code in reply has IA_NA option scope, so the correct behavior is to ignore IA_NA option and continue with the next valid option.
Reference please. You were already pointed at RFC 7084 that says exactly the opposite. While the server may be non-compliant by first setting M bit and then providing no addresses, it is not the reason to punish its users. |
As it says it should it may retry. It does not say ignore. Does it ? That is what the client is doing. Where it says ignore and process. I am happy to make the changes it the RFC says so. https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-stateful-issues-10 Replace Section 17.1.3 of RFC 3315: (existing errata)
see https://www.networkworld.com/article/2184317/testing-shows-ipv6-is-becoming-deployable-in-customer-edge-routers.html?page=2 . Header No Addresses Available Does RFC 7084 talk about NoAddrsAvail ? |
This is obsolete and text you quoted no more exists. Let's start with valid RFC 8415, OK? So quoting RFC 8415.
So server complies with this requirement, assuming it is unwilling to assign addresses. It is willing to provide delegated prefixes though.
Well, server advertise message contains IA_PD, server is willing to provide delegated prefix, so client is allowed to request prefix as the next step. Nowhere RFC8415 requires client to ignore advertise message that contains NoAddrsAvail status code for IA_NA option. |
It also says retry for address so it's not preceding further and retring for the address as I quoted already.
Client behavior (18.2.9. Receipt of Advertise Messages):
|
But the lib can be tweaked to accommodate half of this thing. But I am not very sure about it. |
Of course, if you chose to ignore half of the paragraph ... The client MUST ignore any Advertise message that contains no |
Again it's retrying.
Can you explain what does this mean ? |
Is it possible to use only a single IA_PD option and no IA_NA in the solicit message from systemd-networkd? |
yes we can do it. As I said we need to ignore error and continue parsing. |
MUST in this paragraph refer to the *WHOLE sentence. You arbitrarily omit the second half of the sentence and chose to attribute MUST to only the first half of it. My understanding of RFC is "client MUST ignore advertise message if it contains NEITHER IA_NA/IA_TA NOR IA_PD options". Of course I am not native English speaker so I stay corrected. Your interpretation (and previous RFC wording) is correct as long as client never solicits for multiple different options. It is self-inflicted issue - |
See RFC 7550, 4.2. Advertise Message Processing by a Client:
|
That was for your
RFC 7550 make clear that " A |
Fix is . #15451. I don't have a setup hence not tested it . @hermanjustnu please test it. |
@ssahani Sorry for the delay. Still no working prefix delegation. Log is flooded with There are no other log messages, at least not while I
tcpdump:
|
Thanks for testing. Can you provide a DHCP server configuration for this to replicate the same test . |
This is live testing against my ISP, so I only have client side configuration. |
I could not do the full test but somewhat . Can you please test ? |
@ssahani some success, but no working ipv6 yet. systemd-networkd:
ip -6 a
ip -6 route
lan.network
wan.network
|
Ok now from the logs it's getting processed not assigning address to the interface right ? That can be done via #15259 |
yes |
@ssahani Having trouble building the latest commit, failure in test: |
I made changes to the return value of the function and missed the tests to fix those returns. Now updated. Sorry. |
@ssahani With #15451 and #15259 merged together it works very well, an IP address is assigned to the lan interface, and IPv6 traffic is routable. Thank you!! My current configuration: wan.network:
lan.network:
Let me know if there are any additional tests or logs you want me to provide. |
Thanks for testing. |
Just mentioning for others searching, Ubuntu 20.04 ships with systemd 245 and this feature broken. People using e.g. Telia in Europe probably can't get IPv6 working. |
Hi. Looks like I have the same issue. |
In recent releases, we have |
systemd version the issue has been seen with
systemd 245 (245.2-1ubuntu2)
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid
Used distribution
Ubuntu Focal Fossa
Expected behaviour you didn't see
No IPv6 addresses assigned on LAN nor WAN interfaces.
Unexpected behaviour you saw
IA_PD parsed correctly and assigned per Prefix Delegation as configured in (wan|lan).network.
Steps to reproduce the problem
systemd-networkd.log
tcpdump-wan.log
tcpdump-lan.log
The text was updated successfully, but these errors were encountered: