[draft] [v3.29] fix for issues on ipv6 enabled clusters #864
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Aritra Basu <[email protected]>
Signed-off-by: Aritra Basu <[email protected]>
Signed-off-by: Aritra Basu <[email protected]>
Signed-off-by: Aritra Basu <[email protected]>
Signed-off-by: Aritra Basu <[email protected]>
This patch removes the nodeIP from the tap0 interface in VPP.
With this patch, for each uplink interface eth0 with IP 192.168.0.1/24
we create a corresponding tap0 set up the following way:
* In VRF:0
* we create the af_packet interface with IP 192.168.0.1/24
* we receive 192.168.0.1/32 locally, traffic to 192.168.0.1 without listeners
will end up in punt
* In the punt table
* we route 192.168.0.1/24 via tap0 192.168.0.1
* In linux
* tap0 has the 192.168.0.1/24 address
* tap0 will respond to ARPs as VPP has arp proxy enabled
* In a host-tap-eth0-v4 VRF
* we place the tap0 interface
* we give it the 169.254.0.1/32 address, overridable with CALICOVPP_TAP0_ADDR
* we enable IP6 without setting an address
* we add a static neighbor for 192.168.0.1 to the MAC of the linux side of the tap
* If we specify a rule in redirectToHostRules (e.g. for DNS in kind)
* we will have the classifier entry redirect to tap0 192.168.0.1
Signed-off-by: Nathan Skrzypczak <[email protected]>
IPv6 gateway traffic (DHCPv6/ICMP) fails when VPP takes over the uplink. - Without gateway ND proxy, host NS for the default gateway is dropped by VPP with "neighbor solicitations for unknown targets" error due to missing /128 target entry in the tap FIB. Fix: - Enable ND proxy for the gateway on the tap so the host can resolve the gateway via VPP. Signed-off-by: Aritra Basu <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
sknat
force-pushed
the
nsk-dhcp6-fix-v329
branch
from
74020c2 to
df3305a
Compare
added 2 commits
January 25, 2026 03:13
Configure ip6tables mangle rule to set hop limit to 2 for DHCPv6 OUTPUT traffic from client (sport 546) to server (dport 547). This prevents VPP from dropping DHCPv6 SOLICIT/REQUEST packets when it decrements hop-limit by 1 during forwarding. Since clients generate SOLICIT/REQUEST with hop-limit=1, without this rule VPP drops the packet (ip6 ttl <= 1) with ICMP time exceeded, causing DHCPv6 lease negotiation to fail. The rule is checked for existence before adding to prevent duplicates since ip6tables does not auto-dedupe rules. The rule is also cleaned up during configuration restoration. Signed-off-by: Aritra Basu <[email protected]>
Link-local addresses are not routable. When synchronizing Linux routes to VPP's uplink interface, filter out link-local addresses so that they are not added to VPP's main VRF routing table. Signed-off-by: Aritra Basu <[email protected]>
aritrbas
force-pushed
the
nsk-dhcp6-fix-v329
branch
5 times, most recently
from
ebafe73 to
b18bb49
Compare
Capture ID_NET_NAME_* properties before VPP driver unbind and restore them via udev rules after VPP creates host-facing tap/tun interface. This is needed for IAID generation by DHCPv6 client in systemd-networkd to be consistent across VPP lifecycle on the node. Key changes: - Add new CAPTURE_HOST_UDEV_PROPS hook that runs before PreconfigureLinux() - Store ID_NET_NAME_* values and MAC address while interface still has original driver - Create udev rules for the interface to restore ID_NET_NAME_* values after VPP runs - Cleanup udev rules on VPP shutdown - CAPTURE_HOST_UDEV_PROPS → capture, VPP_DONE_OK/ERRORED → cleanup Signed-off-by: Aritra Basu <[email protected]>
aritrbas
force-pushed
the
nsk-dhcp6-fix-v329
branch
from
b18bb49 to
b163a1d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[WIP] cherry-pick of fixes from master for issues on ipv6 enabled clusters
This superseeds #834