PDA

View Full Version : Wicked fails to retrieve configured IPv6 address



tschulte79
19-Feb-2017, 11:36
Hi!

I'm trying to setup an IPv6 address, but this seems to fail when running openSUSE and SLES instances which use Wicked for network configuration.

At first I enabled IPv6 in a fresh VPC according to this documentation:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/get-started-ipv6.html

In "eu-central-1" I tested:

* openSUSE Leap 42.2 (ami-2af53a45)
* SLES 12 SP2 (ami-c425e4ab)
* Amazon Linux AMI 2016.09.1 (ami-af0fc0c0)

When the Amazon Linux instance boots, it is automatically set up with the configured IPv4 and IPv6 addresses.
The openSUSE / SLES instances are successfully set up with the configured IPv4 address, but instead of getting the configured IPv6 address, it just uses an "fe60:" link-local address.

The following workaround is possible to retrieve the desired IPv6 address:

# systemctl disable wicked.service
Disabling the wicked.service seems to be mandatory for running the following commands.

# dhclient6 -v eth0
This does not work. "dhclient6" just fetches the IPv4 address which the system already knows, so it doesn't change anything relevant.

# dhclient -6 -v eth0
This command temporarily solves the issue by fetching the desired IPv6 address:


Internet Systems Consortium DHCP Client 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on Socket/eth0
Sending on Socket/eth0
Created duid \000\001\000\001 <,\024\006\3746\273!\305.
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT: X-- IA_NA 36:bb:21:c5
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: Solicit on eth0, interval 1060ms.
RCV: Advertise message on eth0 from fe80::47a:xxxx:xxxx:xxxx.
RCV: X-- Preference 255.
RCV: X-- IA_NA 36:bb:21:c5
RCV: | X-- starts 1487499156
RCV: | X-- t1 - renew +75
RCV: | X-- t2 - rebind +120
RCV: | X-- [Options]
RCV: | | X-- IAADDR 2a05:d014:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
RCV: | | | X-- Preferred lifetime 150.
RCV: | | | X-- Max lifetime 450.
RCV: X-- Server ID: 00:03:00:01:06:7a:8f:xx:xx:xx
RCV: Advertisement immediately selected.
PRC: Selecting best advertised lease.
PRC: Considering best lease.
PRC: X-- Initial candidate 00:03:00:01:06:7a:8f:xx:xx:xx (s: 152, p: 255).
XMT: Forming Request, 0 ms elapsed.
XMT: X-- IA_NA 36:bb:21:c5
XMT: | X-- Requested renew +3600
XMT: | X-- Requested rebind +5400
XMT: | | X-- IAADDR 2a05:d014:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
XMT: | | | X-- Preferred lifetime +7200
XMT: | | | X-- Max lifetime +7500
XMT: V IA_NA appended.
XMT: Request on eth0, interval 930ms.
RCV: Reply message on eth0 from fe80::47a:xxxx:xxxx:xxxx.
RCV: X-- IA_NA 36:bb:21:c5
RCV: | X-- starts 1487499156
RCV: | X-- t1 - renew +75
RCV: | X-- t2 - rebind +120
RCV: | X-- [Options]
RCV: | | X-- IAADDR 2a05:d014:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
RCV: | | | X-- Preferred lifetime 150.
RCV: | | | X-- Max lifetime 450.
RCV: X-- Server ID: 00:03:00:01:06:7a:8f:xx:xx:xx
PRC: Bound to lease 00:03:00:01:06:7a:8f:xx:xx:xx.
Checking DAD results for 2a05:d014:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

Of course this does not survive a reboot, so I'd need to find a way to set up IPv4/IPv6 automatically.
Please note that I'm able to reproduce this issue with every new EC2 instance, as long as Wicked is involved.
No additional configuration changes were done, so all config files should contain the original values.

Any suggestions?

Thanks!
Thomas

mtomaschewski
20-Feb-2017, 10:55
Is there an IPv6 router advertising to use DHCPv6 on the network in it's RA
(the managed [=IP + dns,...] or other-config [dns, ... info] bit set) ?

You can install radvd and run "radvdump" while "ip link set up" or for a while
as it is sent periodically to see if there is an RA and what it contains.

When there is no RA [which is also used to set the default IPv6 route], or when
the IPv6 router advertises to not use DHCPv6 (managed off, other-config off] and
you want to override it, set DHCLIENT6_MODE=managed in the ifcfg file.

You can also pass this kernel parameters to _linuxrc_ at installation time:
ifcfg=*=dhcp6,DHCLIENT6_MODE=managed

tschulte79
20-Feb-2017, 11:26
Thanks a lot for the fast reply! I installed radvd on a fresh SLES 12 SP2 instance and received the following data during radvddump:


#
# radvd configuration generated by radvdump 1.9.7
# based on Router Advertisement from fe80::47a:8fff:fe31:d557
# received by interface eth0
#

interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag on;
AdvOtherConfigFlag off;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;

prefix 2a05:d014:70b:xxxx::/64
{
AdvValidLifetime infinity; # (0xffffffff)
AdvPreferredLifetime infinity; # (0xffffffff)
AdvOnLink off;
AdvAutonomous off;
AdvRouterAddr off;
}; # End of prefix definition

}; # End of interface definition

So, there is an RA, "managed" is "on" and "other-config" is "off", right?
If I understand you correctly, this advertisement should be fine.

Explicitly setting DHCLIENT6_MODE=managed in the ifcfg file did not help.

BTW, I also tried SLES 11 SP4 as EC2 instance and IPv6 worked fine after enabling general IPv6 support and installing the RPM "dhcpv6".


Regards,
Thomas

mtomaschewski
27-Feb-2017, 10:50
OK,

then please stop and disable any other dhcp client that may run, e.g. NetworkManager.service:


systemctl status network.service NetworkManager.service wicked.service # shows active services
systemctl disable -f NetworkManager.service
systemctl kill --kill-who=all NetworkManager.service
systemctl stop NetworkManager.service


[the kill is required, because NetworkManager leaves running dhcp clients by default].
You can reboot here to ensure, there are no conflicting network service/dhcp clients running.

Further, please set WICKED_DEBUG=all /etc/sysconfig/network/config and call:


systemctl disable -f wicked.service
systemctl enable -f wicked.service
systemctl restart wickedd.service


Then use the following ifcfg file ifcfg-eth0 (adopt eth0 to match the interface name):



STARTMODE=auto
BOOTPROTO=dhcp


and call "wicked ifup lo eth0". Provide the config using "wicked show-config" and
the logs "journalctl -b -o short-precise" and a "ps aux" output to me (mt at suse de)
or open a bug report and attach the files there.

See also: https://en.opensuse.org/openSUSE:Bugreport_wicked

mtomaschewski
27-Feb-2017, 17:56
Hi!

We've tested it and found out what the problem is: wicked requests some options
(from newer RFCs) by default, causing that the amazon dhcp6 server does not
respond then at all.

An initial patch that disables the request of the further options will appear here soon:
http://users.suse.com/~mt/dhcp6_req_basis_options_only.diff

With the patch applied, DHCP6 works.

With enabled SDK repository, you can apply it and rebuild the RPMs with:


zypper in git-core rpm-build gcc make pkg-config \
autoconf automake libtool systemd-devel \
libnl3-devel libiw-devel dbus-1-devel \
libgcrypt-devel
git clone https://github.com/openSUSE/wicked.git
cd wicked
wget http://users.suse.com/~mt/wicked/dhcp6_req_basis_options_only.diff
patch -p1 < dhcp6_req_basis_options_only.diff
./autogen.sh
make rpmbuild


We are about to open a bug report to discuss and fix (also to make it configurable) it the right way.

tschulte79
28-Feb-2017, 11:21
We've tested it and found out what the problem is: wicked requests some options
(from newer RFCs) by default, causing that the amazon dhcp6 server does not
respond then at all.

An initial patch that disables the request of the further options will appear here soon:
http://users.suse.com/~mt/dhcp6_req_basis_options_only.diff

With the patch applied, DHCP6 works.


That's great, thanks a lot!
I can confirm that this procedure fixes the problem!

I tested this with:
* openSUSE Leap 42.2 (ami-2af53a45)
* SLES 12 SP2 (ami-c425e4ab)



We are about to open a bug report to discuss and fix (also to make it configurable) it the right way.

I've Cc'ed myself to the bug.


Thanks a lot for working on this and providing this very useful information!

Regards,
Thomas

sarath_ch1
09-Aug-2017, 11:36
Hi!

I'm trying to setup an IPv6 address, but this seems to fail when running openSUSE and SLES instances which use Wicked for network configuration.

At first I enabled IPv6 in a fresh VPC according to this documentation:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/get-started-ipv6.html

In "eu-central-1" I tested:

* openSUSE Leap 42.2 (ami-2af53a45)
* SLES 12 SP2 (ami-c425e4ab)
* Amazon Linux AMI 2016.09.1 (ami-af0fc0c0)

When the Amazon Linux instance boots, it is automatically set up with the configured IPv4 and IPv6 addresses.
The openSUSE / SLES instances are successfully set up with the configured IPv4 address, but instead of getting the configured IPv6 address, it just uses an "fe60:" link-local address.

The following workaround is possible to retrieve the desired IPv6 address:

# systemctl disable wicked.service
Disabling the wicked.service seems to be mandatory for running the following commands.

# dhclient6 -v eth0
This does not work. "dhclient6" just fetches the IPv4 address which the system already knows, so it doesn't change anything relevant.

# dhclient -6 -v eth0
This command temporarily solves the issue by fetching the desired IPv6 address:


Internet Systems Consortium DHCP Client 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on Socket/eth0
Sending on Socket/eth0
Created duid \000\001\000\001 <,\024\006\3746\273!\305.
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT: X-- IA_NA 36:bb:21:c5
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: Solicit on eth0, interval 1060ms.
RCV: Advertise message on eth0 from fe80::47a:xxxx:xxxx:xxxx.
RCV: X-- Preference 255.
RCV: X-- IA_NA 36:bb:21:c5
RCV: | X-- starts 1487499156
RCV: | X-- t1 - renew +75
RCV: | X-- t2 - rebind +120
RCV: | X-- [Options]
RCV: | | X-- IAADDR 2a05:d014:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
RCV: | | | X-- Preferred lifetime 150.
RCV: | | | X-- Max lifetime 450.
RCV: X-- Server ID: 00:03:00:01:06:7a:8f:xx:xx:xx
RCV: Advertisement immediately selected.
PRC: Selecting best advertised lease.
PRC: Considering best lease.
PRC: X-- Initial candidate 00:03:00:01:06:7a:8f:xx:xx:xx (s: 152, p: 255).
XMT: Forming Request, 0 ms elapsed.
XMT: X-- IA_NA 36:bb:21:c5
XMT: | X-- Requested renew +3600
XMT: | X-- Requested rebind +5400
XMT: | | X-- IAADDR 2a05:d014:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
XMT: | | | X-- Preferred lifetime +7200
XMT: | | | X-- Max lifetime +7500
XMT: V IA_NA appended.
XMT: Request on eth0, interval 930ms.
RCV: Reply message on eth0 from fe80::47a:xxxx:xxxx:xxxx.
RCV: X-- IA_NA 36:bb:21:c5
RCV: | X-- starts 1487499156
RCV: | X-- t1 - renew +75
RCV: | X-- t2 - rebind +120
RCV: | X-- [Options]
RCV: | | X-- IAADDR 2a05:d014:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
RCV: | | | X-- Preferred lifetime 150.
RCV: | | | X-- Max lifetime 450.
RCV: X-- Server ID: 00:03:00:01:06:7a:8f:xx:xx:xx
PRC: Bound to lease 00:03:00:01:06:7a:8f:xx:xx:xx.
Checking DAD results for 2a05:d014:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

Of course this does not survive a reboot, so I'd need to find a way to set up IPv4/IPv6 automatically.
Please note that I'm able to reproduce this issue with every new EC2 instance, as long as Wicked is involved.
No additional configuration changes were done, so all config files should contain the original values.

Any suggestions?

Thanks!
Thomas



Can you check if you enabled IPv6 forwarding . If its enabled IPv6 auto assign will not work .

May be you can try setting net.ipv6.conf.all.accept_ra = 2 if you still want to forward traffic on server

Thanks,
Sarath

tschulte79
14-Aug-2017, 10:25
Thanks a lot for your suggestion, Sarath.
This issue was already identified and fixed in the meantime. Please have a look at the other thread for details.

Regards,
Thomas