search

xapi-project / xcp-networkd

The XCP networking daemon
Other
14 stars 42 forks source link

Enable IPv6 on interfaces when enabled globally and configured #156

Closed mas90 closed 5 years ago

mas90 commented 5 years ago

By default XenServer disables IPv6 globally in /etc/sysconfig/network and via the sysctl net.ipv6.conf.{default,all}.disable_ipv6=1. xe-enable-ipv6 changes /etc/sysconfig/network but leaves the sysctl alone, for good reason since enabling IPv6 on every interface would cause dom0 to configure link-local addresses on every bridge. Currently, xcp-networkd refuses to configure IPv6 on an interface when sysctl net.ipv6.conf.all.disable_ipv6 is set.

Instead, distinguish between the two and have xcp-networkd enable IPv6 on an interface when xe-enable-ipv6 has been used and an IPv6 configuration mode has been set on that interface.

This has no effect by default on XenServer, unless the user has run xe-enable-ipv6 or otherwise manually enabled it system-wide (or where /etc/sysconfig/network doesn't exist).

Also, correct a couple of cases where IPv6 users might end up with no DNS or no link-local address.

robhoes commented 5 years ago

I'm not convinced that this is the fix that we need, or that the xe-enable-ipv6 is just wrong now and needs to be updated. The file I don't think that the file /etc/sysconfig/network is actually used, since it is xcp-networkd that configures the interfaces based on config from xapi.

Should we instead update xe-enable-ipv6 to update /etc/sysctl.d/90-net.conf? It currently has the following hardcoded:

# Disable IPv6 on interfaces
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
robhoes commented 5 years ago

I'll close this for the moment, though please reopen if there is any news.

olivierlambert commented 4 years ago

Hi @robhoes

We might put some resources to add IPv6 support in XCP-ng. I suppose this is the first place to try? Do you have suggestion on what to do first? Should we go into a different direction or continuing the work started here?

robhoes commented 4 years ago

@olivierlambert We'll probably need something like this plus an update to the xe-enable-ipv6 script (in xen-api/scripts). At least, it wasn't clear to me how this PR alone is enough (though I haven't looked very carefully).

olivierlambert commented 4 years ago

Understood. Pinging @benjamreis as he'll be in charge of this :+1:

olivierlambert commented 4 years ago

Also ping @mas90 we'll contact you somehow to discuss together your PR, helping us to get to the end result faster :+1:

benjamreis commented 3 years ago

So, I've been playing around with the IPv6 settings on a host and I'll post here what I found, it might be obvious to some but it might be useful for others.

From my testing it seems only /etc/sysctl.d/90-net.conf has an impact on wether the host can have IPv6 addresses or not. So I wonder what's xe-enable-ipv6 is used for.

If I understood correctly @robhoes suggested to modify xe-enable-ipv6 to modify /etc/sysctl.d/90-net.conf as well. Am I correct?

@mas90 since your the original author of this PR, would you be comfortable with that?

I think this PR contains necessary fix regardless of the POV about xe-enable-ipv6