ipv6 secondary ips and default ipv6 ip for new outbound connections

ipv6 secondary ips and default ipv6 ip for new outbound connections

[Jim Westfall]

Hi

On ipv4 the first ip added to a nic will be used as the source ip for 
new outbound connections.  Any additional ips, in the same netblock, 
will be added as secondaries.

ipv6 seems to have the opposite behavior.  The last ipv6 ip added to a 
nic is be used for new outbound connections.

~# ip -6 addr list br0
11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 
    inet6 fe80::21a:64ff:fe12:54bd/64 scope link 
       valid_lft forever preferred_lft forever

~# ip addr add 2600:c00:0:1::1101/64 dev br0
~# traceroute6 www.kame.net | head -0
traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets

~# ip addr add 2600:c00:0:1::1102/64 dev br0
~# traceroute6 www.kame.net | head -0
traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1102, 30 hops max, 16 byte packets

~# ip -6 addr list br0
11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 
    inet6 2600:c00:0:1::1102/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 2600:c00:0:1::1101/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::21a:64ff:fe12:54bd/64 scope link 
       valid_lft forever preferred_lft forever

This makes things a bit of a pita when dealing with floater ipv6 ips for 
HA.

This there some way to change this behavior to be like ipv4 or force 
a specific ipv6 ip to be the default used for new outbound connections?

thanks
Jim Westfall

Re: ipv6 secondary ips and default ipv6 ip for new outbound connections

[Brian Haley]

On 03/18/2011 07:03 PM, Jim Westfall wrote:
> Hi
> 
> On ipv4 the first ip added to a nic will be used as the source ip for 
> new outbound connections.  Any additional ips, in the same netblock, 
> will be added as secondaries.
> 
> ipv6 seems to have the opposite behavior.  The last ipv6 ip added to a 
> nic is be used for new outbound connections.
> 
> ~# ip -6 addr list br0
> 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 
>     inet6 fe80::21a:64ff:fe12:54bd/64 scope link 
>        valid_lft forever preferred_lft forever
> 
> ~# ip addr add 2600:c00:0:1::1101/64 dev br0
> ~# traceroute6 www.kame.net | head -0
> traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets
> 
> ~# ip addr add 2600:c00:0:1::1102/64 dev br0
> ~# traceroute6 www.kame.net | head -0
> traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1102, 30 hops max, 16 byte packets
> 
> ~# ip -6 addr list br0
> 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 
>     inet6 2600:c00:0:1::1102/64 scope global 
>        valid_lft forever preferred_lft forever
>     inet6 2600:c00:0:1::1101/64 scope global 
>        valid_lft forever preferred_lft forever
>     inet6 fe80::21a:64ff:fe12:54bd/64 scope link 
>        valid_lft forever preferred_lft forever
> 
> This makes things a bit of a pita when dealing with floater ipv6 ips for 
> HA.
> 
> This there some way to change this behavior to be like ipv4 or force 
> a specific ipv6 ip to be the default used for new outbound connections?

According to commit 8a6ce0c083f5736e90dabe6d8ce077e7dd0fa35f it's done this
way for backward-compatibility - we used to always put new addresses at the
front, then we started sorting them by scope.  I couldn't find in the archives
who needed the backward-compatible behavior (it was way back in 2006), but
Yoshifuji proposed it and I Acked it.

You could see if this patch helps you out, but I'm not sure if changing this
would break someone else, you'd have to see about putting a knob to control
this.

-Brian

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 3daaf3c..8c7d5a5 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -577,7 +577,7 @@ ipv6_link_dev_addr(struct inet6_dev *idev, struct inet6_ifaddr *ifp)
 	list_for_each(p, &idev->addr_list) {
 		struct inet6_ifaddr *ifa
 			= list_entry(p, struct inet6_ifaddr, if_list);
-		if (ifp_scope >= ipv6_addr_src_scope(&ifa->addr))
+		if (ifp_scope > ipv6_addr_src_scope(&ifa->addr))
 			break;
 	}
 

Re: ipv6 secondary ips and default ipv6 ip for new outbound connections

[Jim Westfall]

Brian Haley <brian.haley@hp.com> wrote [03.18.11]:
> On 03/18/2011 07:03 PM, Jim Westfall wrote:
> > Hi
> > 
> > On ipv4 the first ip added to a nic will be used as the source ip for 
> > new outbound connections.  Any additional ips, in the same netblock, 
> > will be added as secondaries.
> > 
> > ipv6 seems to have the opposite behavior.  The last ipv6 ip added to a 
> > nic is be used for new outbound connections.
> > 
> > ~# ip -6 addr list br0
> > 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 
> >     inet6 fe80::21a:64ff:fe12:54bd/64 scope link 
> >        valid_lft forever preferred_lft forever
> > 
> > ~# ip addr add 2600:c00:0:1::1101/64 dev br0
> > ~# traceroute6 www.kame.net | head -0
> > traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets
> > 
> > ~# ip addr add 2600:c00:0:1::1102/64 dev br0
> > ~# traceroute6 www.kame.net | head -0
> > traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1102, 30 hops max, 16 byte packets
> > 
> > ~# ip -6 addr list br0
> > 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 
> >     inet6 2600:c00:0:1::1102/64 scope global 
> >        valid_lft forever preferred_lft forever
> >     inet6 2600:c00:0:1::1101/64 scope global 
> >        valid_lft forever preferred_lft forever
> >     inet6 fe80::21a:64ff:fe12:54bd/64 scope link 
> >        valid_lft forever preferred_lft forever
> > 
> > This makes things a bit of a pita when dealing with floater ipv6 ips for 
> > HA.
> > 
> > This there some way to change this behavior to be like ipv4 or force 
> > a specific ipv6 ip to be the default used for new outbound connections?
> 
> According to commit 8a6ce0c083f5736e90dabe6d8ce077e7dd0fa35f it's done this
> way for backward-compatibility - we used to always put new addresses at the
> front, then we started sorting them by scope.  I couldn't find in the archives
> who needed the backward-compatible behavior (it was way back in 2006), but
> Yoshifuji proposed it and I Acked it.
> 
> You could see if this patch helps you out, but I'm not sure if changing this
> would break someone else, you'd have to see about putting a knob to control
> this.
> 
> -Brian
> 
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index 3daaf3c..8c7d5a5 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -577,7 +577,7 @@ ipv6_link_dev_addr(struct inet6_dev *idev, struct inet6_ifaddr *ifp)
>  	list_for_each(p, &idev->addr_list) {
>  		struct inet6_ifaddr *ifa
>  			= list_entry(p, struct inet6_ifaddr, if_list);
> -		if (ifp_scope >= ipv6_addr_src_scope(&ifa->addr))
> +		if (ifp_scope > ipv6_addr_src_scope(&ifa->addr))
>  			break;
>  	}
>  

Hi

Your patch fixes it for me.

# ip addr add 2600:c00:0:1::1101/64 dev eth0
~# traceroute6 www.kame.net | head -0
traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets

~# ip addr add 2600:c00:0:1::1102/64 dev eth0
~# traceroute6 www.kame.net | head -0
traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets

~# ip addr add 2600:c00:0:1::1103/64 dev eth0
~# traceroute6 www.kame.net | head -0
traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets

~# ip -6 addr show dev eth0
3: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000
    inet6 2600:c00:0:1::1101/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 2600:c00:0:1::1102/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 2600:c00:0:1::1103/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::21a:64ff:fe12:54bd/64 scope link 
       valid_lft forever preferred_lft forever

thanks
Jim

Re: ipv6 secondary ips and default ipv6 ip for new outbound connections

[Andreas Schwab]

Jim Westfall <jwestfall@surrealistic.net> writes:

> Your patch fixes it for me.
>
> # ip addr add 2600:c00:0:1::1101/64 dev eth0
> ~# traceroute6 www.kame.net | head -0
> traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets
>
> ~# ip addr add 2600:c00:0:1::1102/64 dev eth0
> ~# traceroute6 www.kame.net | head -0
> traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets
>
> ~# ip addr add 2600:c00:0:1::1103/64 dev eth0
> ~# traceroute6 www.kame.net | head -0
> traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets

Does this also affect the selected address if use_tempaddr=2?

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: ipv6 secondary ips and default ipv6 ip for new outbound connections

[Jim Westfall]

Andreas Schwab <schwab@linux-m68k.org> wrote [03.19.11]:
> Jim Westfall <jwestfall@surrealistic.net> writes:
> 
> > Your patch fixes it for me.
> >
> > # ip addr add 2600:c00:0:1::1101/64 dev eth0
> > ~# traceroute6 www.kame.net | head -0
> > traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets
> >
> > ~# ip addr add 2600:c00:0:1::1102/64 dev eth0
> > ~# traceroute6 www.kame.net | head -0
> > traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets
> >
> > ~# ip addr add 2600:c00:0:1::1103/64 dev eth0
> > ~# traceroute6 www.kame.net | head -0
> > traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:0:1::1101, 30 hops max, 16 byte packets
> 
> Does this also affect the selected address if use_tempaddr=2?
> 
> Andreas.
> 

I am new to using temp addresses, but it appears to be working as 
expected.

With the interface down I set use_tempaddr=2, brought the interface up 
and added my 2 static ipv6 ips, then ran rdisc6 on the interface.

This resulted in the following 

13: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 00:10:18:17:a0:e6 brd ff:ff:ff:ff:ff:ff
    inet6 2600:c00:1002:2::101/64 scope global
       valid_lft forever preferred_lft forever
    inet6 2600:c00:1002:2::102/64 scope global
       valid_lft forever preferred_lft forever
    inet6 2600:c00:1002:2:210:18ff:fe17:a0e6/64 scope global dynamic
       valid_lft 2591996sec preferred_lft 604796sec
    inet6 2600:c00:1002:2:ccd2:cf82:efb0:8dc5/64 scope global temporary dynamic
       valid_lft 604796sec preferred_lft 85796sec
    inet6 fe80::210:18ff:fe17:a0e6/64 scope link
       valid_lft forever preferred_lft forever

~# traceroute6 www.kame.net
traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:1002:2:ccd2:cf82:efb0:8dc5, 30 hops max, 16 byte packets

It correctly sourced from 2600:c00:1002:2:ccd2:cf82:efb0:8dc5.

I repeated the same steps but reset use_tempaddr=1

~# traceroute6 www.kame.net
traceroute to orange.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7) from 2600:c00:1002:2::101, 30 hops max, 16 byte packets

For which 2600:c00:1002:2::101 was my first added static ip.

In testing the above I observed that downing the interface resulted in 
all ipv6 addressing being removed.  Is this expected?  I can see 
removing the dynamic/temp addresses, but seems weird for the statics I 
added.

thanks
Jim

Re: ipv6 secondary ips and default ipv6 ip for new outbound connections

[Brian Haley]

On 03/18/2011 11:35 PM, Jim Westfall wrote:
> Brian Haley <brian.haley@hp.com> wrote [03.18.11]:
>> On 03/18/2011 07:03 PM, Jim Westfall wrote:
>>> Hi
>>>
>>> On ipv4 the first ip added to a nic will be used as the source ip for 
>>> new outbound connections.  Any additional ips, in the same netblock, 
>>> will be added as secondaries.
>>>
>>> ipv6 seems to have the opposite behavior.  The last ipv6 ip added to a 
>>> nic is be used for new outbound connections.

<snip>

>> According to commit 8a6ce0c083f5736e90dabe6d8ce077e7dd0fa35f it's done this
>> way for backward-compatibility - we used to always put new addresses at the
>> front, then we started sorting them by scope.  I couldn't find in the archives
>> who needed the backward-compatible behavior (it was way back in 2006), but
>> Yoshifuji proposed it and I Acked it.
>>
>> You could see if this patch helps you out, but I'm not sure if changing this
>> would break someone else, you'd have to see about putting a knob to control
>> this.
>>
>> -Brian
>>
>> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
>> index 3daaf3c..8c7d5a5 100644
>> --- a/net/ipv6/addrconf.c
>> +++ b/net/ipv6/addrconf.c
>> @@ -577,7 +577,7 @@ ipv6_link_dev_addr(struct inet6_dev *idev, struct inet6_ifaddr *ifp)
>>  	list_for_each(p, &idev->addr_list) {
>>  		struct inet6_ifaddr *ifa
>>  			= list_entry(p, struct inet6_ifaddr, if_list);
>> -		if (ifp_scope >= ipv6_addr_src_scope(&ifa->addr))
>> +		if (ifp_scope > ipv6_addr_src_scope(&ifa->addr))
>>  			break;
>>  	}
>>  
> 
> Hi
> 
> Your patch fixes it for me.

Then we need to get Yoshifuji to Ack it since he wanted the previous behavior of
newest-added being first.

-Brian