SLAAC failure due to erroneous DAD on virtualization related hosts
Shadow Hawkins on Sunday, 12 April 2015 16:27:37
I have a IPv6 network that I've been running for years, using a SIXXS tunnel connected to a Linux box running aiccu and radvd, which gives out addresses to various OS hosts on my local network.
Lately, I've been having a few problems with the stateless address autoconfiguration on a few hosts on the network. The problem seems to be that during IPv6 address assignment, somehow DAD (Duplicate Address Detection) is getting triggered and thus the ipv6 on the host is not getting assigned.
Typically, I'll see some sort of error in the logs of the host akin to:
2015-03-27T04:07:13+00:00 host0 kernel: [ 1496.519712] eth0: IPv6 duplicate address 2001:48xx:xxxx:0:xxx:xxx:xxxx:33e9 detected!
Even if I manually configure the IPv6 address to different, known unique, addresses, the same sort of DAD error occurs, unique address after unique address.
However, if I disable DAD (via sysctl), the IPv6 address assignment (either auto or manual) occurs without error and the IPv6 address works without conflict on the host/network.
Since I get a duplicate address regardless of how much I vary the host's ipv6 address, and running with these flagged "duplicate" ipv6 addresses by disabling DAD works fine, I'm thinking the duplicate address detection is mistaken. I'm thinking maybe somehow the host is seeing its own DAD packets and thinking the address is in use by another host, when it is just in use by itself. Perhaps there is some problem with those packets getting mirrored back to the host.
The common thread I'm seeing among the problem machines is that they have been either hosts with virtualization added (more specifically VirtualBox), or virtual machines running on these hosts. Trying to search for information on such problems, I found similar (but not really equivalent) problems with the bridging in VirtualBox virtualization breaking ipv6 SLAAC. However, this is an old ticket, and for wireless not wired networking. Also, as I've said, I've only started having this trouble in the last few months, despite running VirtualBox for sometime.
Are there any known issues with DAD and virtualization bridging? Any recommended guides to troubleshoot this problem?
I've been easily able to confirm the router advertisements coming to the problem hosts with tcpdump captures, such as:
# EL7
tcpdump -vv -i eno16777736 ip6 and icmp6 and 'ip6[40] = 134'
# OSX
sudo tcpdump -vv -i en3 ip6 and icmp6 and 'ip6[40] = 134'
but I haven't been able to observe the packets coming back to the host triggering the duplicate address belief to see from where they are coming.
Of course, the easy work around to the problem has been disabling DAD on the problem hosts, e.g.:
# Linux
sysctl -w net.ipv6.conf.eth0.accept_dad=0
# OSX
sysctl net.inet6.ip6.dad_count=0
but if there is a misconfiguration problem, or a bug that needs to be reported somewhere, it'd be better to address the real issue.
Thanks in advance for any advice or suggestions.
SLAAC failure due to erroneous DAD on virtualization related hosts
Jeroen Massar on Sunday, 12 April 2015 17:29:18
You are most very likely running into one of the zillion bugs in VirtualBox. It has a long long history of broken IPv6 support...
(which is odd, as it does not have to do anything but pass packets around... oh well).
Posting is only allowed when you are logged in. |