12

I'm running Debian 8 on a vServer. After installing docker and enabling IPv6 i noted something strange. I don't know if docker has anything to do with this, it's just that i noticed this problem after installing it.

My default route is configured to expire after ca. 1800secs. I actually vanishes after this timeout. This is when i (obviously) loose IPv6 connectivity.

root@wopr:~#  ip -6 route
xxxx:yyyy:zzz:xxxx::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev br-5c1ce68ea951  proto kernel  metric 256
fe80::/64 dev br-61f6bbfdbe87  proto kernel  metric 256
[a lot more routed for my docker containers]
default via fe80::1 dev eth0  proto ra  metric 1024  expires 1259sec hoplimit 64

Why is it that the rout is configured to expire after 1800 s? Where can i configure this?

[edit 2016-05-14 16:08]

Adding a default route manually seems to work just fine. It stays put. But i need to have a non-expiring route after boot.

[edit 2016-05-14 16:13]

The machine is running on a KVM host hosted by netcup.de. It's using the virtio driver, as recommended by my provider.

root@wopr:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eth0
iface eth0 inet dhcp

iface eth0 inet6 static
       address xxxx:yyyy:zzz:xxxx::1
       netmask 64
       gateway fe80::1

virt-what says:

root@wopr:~# virt-what
kvm

[edit 2016-05-14 15:34] It looks like i missed that net.ipv6.conf.default.autoconf was set to 1. Now i added a file in /etc/sysctl.d to suppress this at boot:

root@wopr:~# cat /etc/sysctl.d/ipv6.conf
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.eth0.accept_ra=0
net.ipv6.conf.eth0.autoconf=0
lajuette
  • 771
  • 6
  • 16

3 Answers3

9

It looks like i missed that net.ipv6.conf.default.autoconf was set to 1. Adding a file in /etc/sysctl.d to suppress this at boot solved the problem for me:

root@wopr:~# cat /etc/sysctl.d/ipv6.conf
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.eth0.accept_ra=0
net.ipv6.conf.eth0.autoconf=0

Now i get a defaualt route that won't expire at boot time. Problem solved. Thanks for pointing me in the right direction, Sander.

lajuette
  • 771
  • 6
  • 16
5

1800 seconds sounds like a default timeout for a Router Advertisement.

My first guess would be that there is a Cisco router on the network that is configured with ipv6 nd ra suppress on the interface. In that mode the router will send out an RA when a host requests one with an RS, but doesn't refresh it regularly. A host sends an RS when bringing up the interface, which would explain why it gets a default route after boot.

That setting is a weird useless Cisco setting. A router should either send RAs when asked + regularly (the default on Cisco), or not at all (ipv6 nd ra suppress all). The half-way setting ipv6 nd ra suppress causes weird behaviour like this and should not be used.

Sander Steffann
  • 7,712
  • 19
  • 29
1

Actually, the marked answer is wrong. The problem is that docker enables forwarding on interface(s) and that makes Linux kernel to ignore RAs on that particular interface, see: https://www.mattb.net.nz/blog/2011/05/12/linux-ignores-ipv6-router-advertisements-when-forwarding-is-enabled/

So, the correct solution in this case is to set accept_ra to 2:

# cat /etc/sysctl.d/ipv6.conf
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=2
net.ipv6.conf.eth0.accept_ra=2

instead of completely disabling the route discovery.

oerdnj
  • 111
  • 3
  • I added this, still the host running docker does not get a default route Another non-docker host does get a default route. – Lenne Jun 15 '18 at 20:24