Page MenuHomeVyOS Platform
Create Task
Maniphest T6218

Container network interface in VRF fails to generate IPv6 link-local address
Closed, ResolvedPublicBUG
Actions

Description

When a container network is created and attached to a VRF, the container network interface on the host fails to generate an IPv6 Link-Local address for itself:

6: pod-SERVICES: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master SERVICE state UP group default qlen 1000
    link/ether 8a:61:51:a0:21:09 brd ff:ff:ff:ff:ff:ff
    inet 169.254.1.1/24 brd 169.254.1.255 scope global pod-SERVICES
       valid_lft forever preferred_lft forever
    inet6 fd00:169:254:1::1/64 scope global
       valid_lft forever preferred_lft forever

There is no fe80::/10 address shown above.

It appears the EUI64 address is generated before assigning the interface to the VRF. This causes the address to be lost when the VRF is changed in the next line:

/src/conf_mode/container.py#L476:

if interface_exists(network_name):
    tmp = Interface(network_name)
    tmp.add_ipv6_eui64_address('fe80::/64')
    tmp.set_vrf(network_config.get('vrf', ''))

Swapping lines 476 and 477 resolved this issue:

6: pod-SERVICES: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master SERVICE state UP group default qlen 1000
    link/ether 8a:61:51:a0:21:09 brd ff:ff:ff:ff:ff:ff
    inet 169.254.1.1/24 brd 169.254.1.255 scope global pod-SERVICES
       valid_lft forever preferred_lft forever
    inet6 fd00:169:254:1::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::8861:51ff:fea0:2109/64 scope link
       valid_lft forever preferred_lft forever

Link-local address now present (fe80::8861:51ff:fea0:2109/64)

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.5-rolling-202404040019
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

jvoss claimed this task.Tue, Apr 9, 6:19 PM
jvoss created this task.
jvoss updated the task description. (Show Details)Tue, Apr 9, 6:28 PM
Viacheslav triaged this task as Normal priority.Tue, Apr 9, 7:35 PM
pasik added a subscriber: pasik.Tue, Apr 9, 7:48 PM
Viacheslav added a subscriber: Viacheslav.Thu, Apr 11, 5:27 AM

Recheck and close it iff it was solved

Viacheslav closed this task as Resolved.Fri, Apr 12, 4:28 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.
Viacheslav added a project: VyOS 1.4 Sagitta (1.4.0-epa3).

Looks working

set container network NET02 prefix '2001:db8::/32'
set container network NET02 vrf 'red'

set container name alp01 image 'alpine:3.19'
set container name alp01 network NET02
commit

Checked on VyOS 1.5-rolling-202404120636

vyos@r4# ip a show dev pod-NET02
38: pod-NET02: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master red state UP group default qlen 1000
    link/ether 22:a1:24:0c:db:42 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8::1/32 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::20a1:24ff:fe0c:db42/64 scope link 
       valid_lft forever preferred_lft forever
[edit]
vyos@r4# run connect container alp01 
/ # 
/ # ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0@if39: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 state UP qlen 1000
    inet6 2001:db8::3/32 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::891:bdff:fe6e:3f77/64 scope link 
       valid_lft forever preferred_lft forever
/ # ping 2001:db8::1
PING 2001:db8::1 (2001:db8::1): 56 data bytes
64 bytes from 2001:db8::1: seq=0 ttl=64 time=0.306 ms
64 bytes from 2001:db8::1: seq=1 ttl=64 time=0.119 ms
^C
--- 2001:db8::1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.119/0.212/0.306 ms
/ #
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.Fri, Apr 12, 4:28 PM