Update from update/networkservicemesh/cmd-forwarder-vpp #7674
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d-forwarder-vpp@main PR link: networkservicemesh/cmd-forwarder-vpp#739 Commit: a2c0b6d Author: Ed Warnicke Date: 2022-10-25 02:59:01 -0500 Message: - Final fix to disable IPv6 RA when NSM_TUNNEL_IP is IPv6 (#739) VPP, being a router, presumes that any IPv6 enabled interface should, by default, be sending IPv6 Router Announcements (RAs). In our case, this is an incorrect behavior. In the past we had attempted using: 'ip6 nd host-%s ra-cease' this did not work as expected for two reasons: 1. It was done before assigning an IPv6 address to the interface. Because of this the interface does not yet have IPv6 enabled, and therefore the 'ip6 nd host-%s ra-cease' has no effect. 2. 'ip6 nd host-%s ra-cease' only precluded repetition of RAs after the interface is up. Initial RAs are still sent. This can be fixed by adding 'ra-suppress' So in short, we use: 'enable ip6 interface host-%s' 'ip6 nd host-%s ra-cease ra-suppress' which disables any sending of RAs from the interface prior to it being 'upped'. This has been tested using tcpdump. Tcpdump was used in the uncorrected case to ensure it correctly detects RAs being sent out (it does) Tcpdump was used to determine that with: 'enable ip6 interface host-%s' 'ip6 nd host-%s ra-cease' the initial RA is sent, but no subsequent RAs. The actual fix was tested with tcpdump to ensure that 'enable ip6 interface host-%s' 'ip6 nd host-%s ra-cease ra-suppress' results in *no* RAs being sent. Finally, tcpdump was used to ensure that with the code being submitted was used, not RAs were sent out. Signed-off-by: Ed Warnicke <hagbard@gmail.com> Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
nsmbot
pushed a commit
to networkservicemesh/integration-tests
that referenced
this pull request
Oct 25, 2022
…ployments-k8s@main PR link: networkservicemesh/deployments-k8s#7674 Commit: 16d84a9 Author: Network Service Mesh Bot Date: 2022-10-24 07:33:54 -0500 Message: - Update go.mod and go.sum to latest version from networkservicemesh/de… Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update go.mod and go.sum to latest version from networkservicemesh/cmd-forwarder-vpp@main
PR link: networkservicemesh/cmd-forwarder-vpp#739
Commit: a2c0b6d
Author: Ed Warnicke
Date: 2022-10-25 02:59:01 -0500
Message:
VPP, being a router, presumes that any IPv6 enabled interface should,
by default, be sending IPv6 Router Announcements (RAs).
In our case, this is an incorrect behavior.
In the past we had attempted using:
'ip6 nd host-%s ra-cease'
this did not work as expected for two reasons:
Because of this the interface does not yet have IPv6 enabled,
and therefore the 'ip6 nd host-%s ra-cease' has no effect.
after the interface is up. Initial RAs are still sent.
This can be fixed by adding 'ra-suppress'
So in short, we use:
'enable ip6 interface host-%s'
'ip6 nd host-%s ra-cease ra-suppress'
which disables any sending of RAs from the interface prior to it
being 'upped'.
This has been tested using tcpdump. Tcpdump was used in the uncorrected
case to ensure it correctly detects RAs being sent out (it does)
Tcpdump was used to determine that with:
'enable ip6 interface host-%s'
'ip6 nd host-%s ra-cease'
the initial RA is sent, but no subsequent RAs.
The actual fix was tested with tcpdump to ensure that
'enable ip6 interface host-%s'
'ip6 nd host-%s ra-cease ra-suppress'
results in no RAs being sent.
Finally, tcpdump was used to ensure that with the code being submitted
was used, not RAs were sent out.
Signed-off-by: Ed Warnicke hagbard@gmail.com