search

siderolabs / talos

Talos Linux is a modern Linux distribution built for Kubernetes.
https://www.talos.dev
Mozilla Public License 2.0
6.39k stars 514 forks source link

Ignore in interface configuration still applies ipv6 local routes #8385

Open WinterNis opened 6 months ago

WinterNis commented 6 months ago

Bug Report

When Ignore: true in an interface configuration in the machine config some ipv6 local routes are created for these interface.

Description

Here is the interface config:

- deviceSelector:
    hardwareAddr: a0:88:c2:69:5e:4e
    physical: true
  ignore: true

Here is the talosctl get links output for the interface:

192.168.71.60 network LinkStatus ens3f0 2 ether a0:88:c2:69:5e:4e up true (Note that state is up)

And here are the relevant routes for the interfaces using talosctl get routes

192.168.71.60   network     RouteStatus   ens3f0/inet6//fe80::/64/256                                 1         fe80::/64                                      ens3f0         256
192.168.71.60   network     RouteStatus   local/ens3f0/inet6//fe80::/128/0                            1         fe80::/128                                     ens3f0         0
192.168.71.60   network     RouteStatus   local/ens3f0/inet6//fe80::a288:c2ff:fe69:5e4e/128/0         1         fe80::a288:c2ff:fe69:5e4e/128                  ens3f0         0
192.168.71.60   network     RouteStatus   local/ens3f0/inet6//ff00::/8/256                            1         ff00::/8                                       ens3f0         256

Concerning routespecs, there is no relevant routespecs for this interface (which seems correct and expected since we did not configure the interface in the config).

Also, IMHO interface should be disabled (state down) when using ignore: true, or we should have another way to completely disable the interface from the machine config.

Logs

Environment

smira commented 6 months ago

IPv6 link-local addresses are assigned automatically by Linux, so if you want to drop them, you have to disable that in the Linux kernel.

If you want the link to be down, you probably need to make it ignored in the kernel args, as Talos can bring it up before the machine config is available. We don't have a way to express down link in the machine config at the moment.

WinterNis commented 6 months ago

Thanks for the answer.

We don't have a way to express down link in the machine config at the moment.

Is this planned in a future talos release ? We will manage without for now, but just curious :)

smira commented 6 months ago

Is this planned in a future talos release ?

yes

sanmai-NL commented 3 months ago

@WinterNis So this can be closed, and the link status config can be tracked or is tracked in another issue.