ifupdown2: Disable IPv6 duplicate address detection on VRR interfaces

Ticket: CM-11511
Reviewed By: CCR-4890
Testing Done: Used "address-virtual" keyword to create VRR interface with IPv6
address. Checked sysctl and dad failures.

In a VRR setup, both switches are programmed with the same IPv6 address and that
address is active on both switches. This causes the IPv6 duplicate address
detection to kick in and diable the use of one of the address on one of the
switches. This patch causes duplicate address detection to be disabled on VRR
interfaces by setting the net.ipv6.conf.<ifname>.accept_dad and
net.ipv6.conf.<ifname>.dad_transmits sysctl's to 0. The only IPv6 addresses
which are defined on these interfaces are the virtual addresses and the link
local address (which is unused). No other operational IPv6 addresses should ever
be assigned to these interfaces. Instead, operational IPv6 addresses should be
assigned to the "base", or lower, interface of the VRR interface.

diff --git a/addons/addressvirtual.py b/addons/addressvirtual.py
index 73f2d4c8fcd227c30926b19f17d92160bbf5cdbe..18cc7121418719536958355afb2372ea6655744c 100644 (file)
--- a/addons/addressvirtual.py
+++ b/addons/addressvirtual.py
@@ -196,6 +196,12 @@ class addressvirtual(moduleBase):
                 if lower_iface_mtu and lower_iface_mtu != self.ipcmd.link_get_mtu(macvlan_ifacename):
                     self.ipcmd.link_set_mtu(macvlan_ifacename, lower_iface_mtu)
 
+            # Disable IPv6 duplicate address detection on VRR interfaces
+            for key, sysval in { 'accept_dad' : '0', 'dad_transmits' : '0' }.iteritems():
+                syskey = 'net.ipv6.conf.%s.%s' % (macvlan_ifacename, key)
+                if self.sysctl_get(syskey) != sysval:
+                    self.sysctl_set(syskey, sysval)
+
             av_idx += 1
         self.ipcmd.batch_commit()