[arch-projects] [netctl][patch] Remove DAD detection
seblu at seblu.net
Sat Mar 9 09:11:52 EST 2013
On Sat, Mar 9, 2013 at 2:07 PM, Jouke Witteveen <j.witteveen at gmail.com> wrote:
> On Wed, Mar 6, 2013 at 7:20 PM, Sébastien Luttringer <seblu at seblu.net> wrote:
>> On Fri, Feb 8, 2013 at 5:16 PM, Jouke Witteveen <j.witteveen at gmail.com> wrote:
>>> On Fri, Feb 8, 2013 at 1:03 AM, Sébastien Luttringer <seblu at seblu.net> wrote:
>>>> On Thu, Feb 7, 2013 at 12:36 PM, Jouke Witteveen <j.witteveen at gmail.com> wrote:
>>>>> On Wed, Feb 6, 2013 at 11:48 PM, Sébastien Luttringer <seblu at seblu.net> wrote:
>>>>>> DAD detection is detected via the presence of tentative flag in ip command.
>>>>>> This flag can only be setted if interface is up (obviously).
>>>>>> So, setting an IPv6 address will fail when you:
>>>>>> - the cable is not plugged
>>>>>> - any interface of a bridge is not set
>>>>>> The code was (before rewriting of netctl) reference this bug report:
>>>>> This bug will reopen after your proposed changes.
>>>> I don't think so. The bug was about DAD no waiting enough time. This
>>>> patch drop the DAD check logic by userland (same behaviour than ipv4).
>>> The lines you delete are exactly the lines that were added to fix the bug.
>>>>> If the cable is not plugged there is no point in trying to connect anyway
>>>> Connect, but configure? Setting a IP address to an interface doesn't
>>>> mean trying to connect to anything or having an internet connection.
>>>> It just mean setting an ip.
>>>> Port can be up or down, or change of states every minutes. We don't
>>>> care. netctl should not fail to setup a static ip on iface when no
>>>> link is detected at boot.
>>>> Sometimes, setting an IP on iface can be used to allow kernel to
>>>> accept packet to this destination without really own it (lvs by
>>>>> so it would be nice if you describe in some more detail what problem your changes solve.
>>>> Imagine a router on archlinux, with a bridge of n ports. People can
>>>> plug (or not) their computers when they wants. Mostly, when you boot
>>>> your router, noboby is plugged.
>>>> When the router starts, it defines IPv4 and IPv6 on the bridge (where
>>>> all ethernet ports are added).
>>>> With the current netcfg/netctl, it's impossible because when nobody is
>>>> plugged, DAD cannot do is job of checking ip address, because all the
>>>> underlying interface can't send icmpv6 ND messages.
>>>> I've tested to disable dad (sysctl accept_dad) but interface stay
>>>> in tentative mode and netctl timeout and rollback configuration.
>>> The way to prevent your interface from entering the 'tentative' state
>>> is by specifying addresses as follows:
>>> Address6=('1234:bcd::11/64 nodad')
>> Tested for 4 weeks and avoid netctl units to fail during tentative mode.
>>> I will soon add a note on such modifiers to the manual.
>> Unfortunately on normal setup, where we should not disable DAD, I got
>> a DAD failure sometimes. It append more on slow computer.
> So here you say we should not disable DAD on normal setups, with which
> I agree and which is the default behavior of `ip`.
>> It's a bit rude to fail the network, sometimes the only way to connect
>> to the computer, because dad is not finished.
>> Up the value of the timeout is a quick workaround, but a good value is
>> difficult to guess and can let us without network if hardware lag.
>> Why not reverse the logic and check for the dadfailed flag (with a
>> TIMEOUT) and only consider the network failed with this flag?
> Here you state the reverse: we should disable DAD by default. The
> timeout isn't really a workaround, it depends on your network setup
> what timeouts are to be expected.
I don't state the reverse. We should always let DAD enabled (in the
kernel) as RFC recommend.
My point is to avoid disabling of kernel DAD handling because netctl
make it difficult to let it enabled because it fails randomly based on
The kernel is in charge of DAD, and advertise us by being in tentative
mode and then dadfailed if an address is already taken.
Here netctl try to guess if there is a conflict by looking tentative
flag, which doesn't means there is a conflict or not. It only tells us
if kernel as finished its job.
My suggestion, if we want to keeps the timeout logic on ip6 static
address, we can try to really detect failure and not guess there is an
ip conflict whereas the DAD process is still ongoing.
With the both approach, on the network layer, they will never have
conflict on ip, as DAD is done by kernel. The only difference is
netctl will not mark interface failed if the result of DAD is not
available before the timeout. This will save us of a lot of false
positive DAD failure, as conflict in ipv6 is less frequent.
Sébastien "Seblu" Luttringer
More information about the arch-projects