Bug #14392
closed
``find_interface_ipv6_ll()`` can return a VIP instead of the interface address
100%
Description
While looking at #14383 and #14385 I noticed that find_interface_ipv6_ll() would return the last link local address on an interface instead of the first, and as a consequence, it would return the interface address before a VIP was added, but would return a VIP when run later. This inconsistency makes it unsuitable for use for finding the LL address of the firewall itself rather than what could potentially be a shared CARP VIP. For example, when attempting to determine what address an HA cluster peer should communicate with.
I can see some use in the current behavior, however, since some cases may want to latch onto a VIP for local services, so perhaps the behavior should be optional (e.g. a new function parameter to conditionally exclude VIPs).
For reference, this is what the LAN interface of a lab cluster system looks like:
: ifconfig vtnet1
vtnet1: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN
options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
ether f2:65:47:9c:58:a8
inet6 fe80::f065:47ff:fe9c:58a8%vtnet1 prefixlen 64 scopeid 0x2
inet6 2001:db8:1:df30::2 prefixlen 64
inet6 2001:db8:1:df30::1 prefixlen 64 vhid 2
inet6 2001:db8:1:df30::4 prefixlen 64 vhid 5
inet6 fe80::1:10%vtnet1 prefixlen 64 scopeid 0x2 vhid 10
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 vhid 1
inet 192.168.1.4 netmask 0xffffffff broadcast 192.168.1.4 vhid 4
carp: MASTER vhid 1 advbase 1 advskew 1
peer 224.0.0.18 peer6 ff02::12
carp: MASTER vhid 4 advbase 1 advskew 1
peer 192.168.1.3 peer6 ff02::12
carp: MASTER vhid 2 advbase 1 advskew 1
peer 224.0.0.18 peer6 ff02::12
carp: MASTER vhid 5 advbase 1 advskew 1
peer 224.0.0.18 peer6 2001:db8:1:df30::3
carp: MASTER vhid 10 advbase 1 advskew 1
peer 224.0.0.18 peer6 2001:db8:1:df30::3
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Note that it has both its own LL address plus an LL CARP VIP.
Now try to fetch the LL address of the interface:
var_dump( find_interface_ipv6_ll('vtnet1') );
And it gets the VIP back instead:
string(17) "fe80::1:10%vtnet1"
Flipping the behavior to use the first and not last can be changed by adding a break; after locating an LL address on the interface, though as we've seen in the past (#11545) that alone may not be sufficient to ensure a VIP is never selected.
Updated by Jim Pingle about 1 year ago
- Assignee set to Jim Pingle
- Target version changed from CE-Next to 2.8.0
Updated by Jim Pingle about 1 year ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 5df71c77b6b03a30b8f6425da331a892eb9876ad.
Updated by Jim Pingle about 1 year ago
- Status changed from Feedback to Resolved
Works as expected on snapshots. A unicast CARP VIP peer syncs via XMLRPC and uses the expected LL address when fixing up the peer for the other node.
Before this change it was putting the VIP address in which made it fail.
Updated by Jim Pingle about 1 year ago
- Target version changed from 2.8.0 to 2.7.1