Redhat的网站上报告 IPV6 loopback PING不通的问题

本文档记录了在Red Hat Enterprise Linux 6中,尝试将IPv6子网地址添加到环回接口时遇到的问题,并提供了解决方案。详细描述了如何通过增加内核参数和添加本地路由条目来实现IPv6子网地址的正常工作。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Bug 969950 - cant not add a range of virtual IPv6 addresses to interface

Keywords:

 

Status:CLOSED NOTABUG
Alias:None
Product:Red Hat Enterprise Linux 6
Component:iproute  
Version:6.4
Hardware:x86_64
OS:Linux
Priority:unspecified
Severity:medium
Target Milestone:rc
Target Release:---
Assignee:Petr Šabata
QA Contact:BaseOS QE Security Team
Docs Contact: 
URL: 
Whiteboard: 
Depends On: 
Blocks: 
TreeView+depends on / blocked 

 

Reported:2013-06-03 07:13 UTC by Geng Sheng Liu
Modified:2018-12-01 14:32 UTC (History)
CC List:3 users (show)
Fixed In Version: 
Doc Type:Bug Fix 
Doc Text: 
Clone Of: 
Environment: 
Last Closed:2013-08-13 12:38:00 UTC
Target Upstream Version: 

 
Attachments(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)
 

DescriptionGeng Sheng Liu 2013-06-03 07:13:40 UTC

Description of problem:

In IPv4 we can use the following command to add a ip subnet address to a interface like lo

#ip addr add 10.1.0.0/16 dev lo

But it failed in IPv6 with same command 

# ip -6 addr add 2001:4860:0:2001::68/64  dev lo 
# ping6 2001:4860:0:2001::68 
PING 2001:4860:0:2001::68(2001:4860:0:2001::68) 56 data bytes 
64 bytes from 2001:4860:0:2001::68: icmp_seq=0 ttl=64 time=0.036 ms 
 
--- 2001:4860:0:2001::68 ping statistics --- 
1 packets transmitted, 1 received, 0% packet loss, time 0ms 
rtt min/avg/max/mdev = 0.036/0.036/0.036/0.000 ms, pipe 2 
# ping6 2001:4860:0:2001::69 
connect: Network is unreachable 

Version-Release number of selected component (if applicable):


How reproducible:

always

Steps to Reproduce:
1. add ipv6 subnet address to a interface

#ip -6 addr add 2001:4860:0:2001::68/64  dev lo 





Actual results:

only 2001:4860:0:2001::68 get response from a ping command.

Expected results:

all address in 2001:4860:0:2001::68/64 should be available.

Additional info:

https://access.redhat.com/site/solutions/36876

http://post-office.corp.redhat.com/archives/tech-list/2010-February/msg00468.html

Comment 2Petr Šabata 2013-06-03 13:02:45 UTC

(In reply to Geng Sheng Liu from comment #0)
> Additional info:
> 
> https://access.redhat.com/site/solutions/36876

This seems completely unrelated.

> http://post-office.corp.redhat.com/archives/tech-list/2010-February/msg00468.
> html

Basically I'd say the same as Neil did back in 2010, meaning IPv4 behaves incorrectly here.

Out of curiosity, could you elaborate on use cases of this "feature"?

Comment 4Geng Sheng Liu 2013-06-04 02:09:00 UTC

Correction:

KBase related is as below

https://access.redhat.com/site/solutions/27284

Comment 5Hafid Lin 2013-06-04 02:24:55 UTC

(In reply to Petr Šabata from comment #2)
> (In reply to Geng Sheng Liu from comment #0)
> > Additional info:
> > 
> > https://access.redhat.com/site/solutions/36876
> 
> This seems completely unrelated.
> 
> > http://post-office.corp.redhat.com/archives/tech-list/2010-February/msg00468.
> > html
> 
> Basically I'd say the same as Neil did back in 2010, meaning IPv4 behaves
> incorrectly here.
> 
> Out of curiosity, could you elaborate on use cases of this "feature"?
This feature is useful for stress testing. We used to simulated tens of thousands clients or severs on one blade server in IPv4 scenario, but in IPv6 scenario, we can't do same things again.

Comment 6Hafid Lin 2013-06-13 07:56:52 UTC

Hi,

We found a workaround for this issue:

Steps:
1. add a IPv6 address on loopback interface
2. delete the unreachable route entry
3. add a local route entry

Example:
[root@bee12 ~]# ip -6 addr add fd96:38d8:6f3d:5e::/64 dev lo
[root@bee12 ~]# ip -6 route del unreachable fd96:38d8:6f3d:5e::/64
[root@bee12 ~]# ip -6 route add table local local fd96:38d8:6f3d:5e::/64 dev lo proto  kernel scope host

All IPv6 addresses under that network prefix can be accessed:
[root@bee12 ~]# ping6 fd96:38d8:6f3d:5e::1
PING fd96:38d8:6f3d:5e::1(fd96:38d8:6f3d:5e::1) 56 data bytes
64 bytes from fd96:38d8:6f3d:5e::1: icmp_seq=1 ttl=64 time=0.028 ms
^C
--- fd96:38d8:6f3d:5e::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 730ms
rtt min/avg/max/mdev = 0.028/0.028/0.028/0.000 ms
[root@bee12 ~]# ping6 fd96:38d8:6f3d:5e::2
PING fd96:38d8:6f3d:5e::2(fd96:38d8:6f3d:5e::2) 56 data bytes
64 bytes from fd96:38d8:6f3d:5e::2: icmp_seq=1 ttl=64 time=0.024 ms
^C
--- fd96:38d8:6f3d:5e::2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 453ms
rtt min/avg/max/mdev = 0.024/0.024/0.024/0.000 ms
[root@bee12 ~]# ping6 fd96:38d8:6f3d:5e::fff1
PING fd96:38d8:6f3d:5e::fff1(fd96:38d8:6f3d:5e::fff1) 56 data bytes
64 bytes from fd96:38d8:6f3d:5e::fff1: icmp_seq=1 ttl=64 time=0.027 ms
^C
--- fd96:38d8:6f3d:5e::fff1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 676ms
rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms

Comment 7Pavel Šimerda (pavlix) 2013-06-21 13:19:23 UTC

I would like to note that this issue is specific to the loopback interface, as this bug report is used as a reference elsewhere.

It is related to the fact that the IPv6 standards do not define a loopback subnet but a single loopback address and therefore there is no need for it under normal circumstances.

(In reply to Hafid Lin from comment #6)
> Hi,
> 
> We found a workaround for this issue:
> 
> Steps:
> 1. add a IPv6 address on loopback interface
> 2. delete the unreachable route entry
> 3. add a local route entry

You might also want to try skipping steps #1 and #2 and only do #3 if the only thing you need to get it work is the local route entry itself.

> Example:
> [root@bee12 ~]# ip -6 addr add fd96:38d8:6f3d:5e::/64 dev lo
> [root@bee12 ~]# ip -6 route del unreachable fd96:38d8:6f3d:5e::/64
> [root@bee12 ~]# ip -6 route add table local local fd96:38d8:6f3d:5e::/64 dev
> lo proto  kernel scope host

As a sidenote, when I test this on 3.8.11 kernel (3.8.11-200.fc18.x86_64), and perform the three steps above, the ping won't work and reports 'Invalid argument' instead. Tried several times, used different IP ranges but might still be doing something wrong.

Comment 8Geng Sheng Liu 2013-06-27 07:17:19 UTC

increase the kernel parameter below can solve the problem.

"net/core/dst.c"

    if (ops->gc && atomic_read(&ops->entries) > ops->gc_thresh) {
                if (ops->gc(ops))     <-----通过函数指针调用ip6_dst_gc
                        return NULL;

"net/ipv6/route.c"

static int ip6_dst_gc(struct dst_ops *ops)     <---------ipv6的gc函数
{
        unsigned long now = jiffies;
        struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops);
        int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
        int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;       <----------rt max size
        int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity;
        int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout;
        unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc;

        if (time_after(rt_last_gc + rt_min_interval, now) &&
            atomic_read(&ops->entries) <= rt_max_size)
                goto out;

        net->ipv6.ip6_rt_gc_expire++;
        fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net);
        net->ipv6.ip6_rt_last_gc = now;
        if (atomic_read(&ops->entries) < ops->gc_thresh)
                net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1;
out:
        net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity;
        return (atomic_read(&ops->entries) > rt_max_size);        ------->here......
}

"net/ipv6/route.c" 
        net->ipv6.sysctl.flush_delay = 0;
        net->ipv6.sysctl.ip6_rt_max_size = 4096;    ----> default value of rt_max_size is 4096
        net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
        net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ;


net.ipv6.route.max_size = 116184
(In reply to Pavel Šimerda from comment #7)
> I would like to note that this issue is specific to the loopback interface,
> as this bug report is used as a reference elsewhere.
> 
> It is related to the fact that the IPv6 standards do not define a loopback
> subnet but a single loopback address and therefore there is no need for it
> under normal circumstances.
> 
> (In reply to Hafid Lin from comment #6)
> > Hi,
> > 
> > We found a workaround for this issue:
> > 
> > Steps:
> > 1. add a IPv6 address on loopback interface
> > 2. delete the unreachable route entry
> > 3. add a local route entry
> 
> You might also want to try skipping steps #1 and #2 and only do #3 if the
> only thing you need to get it work is the local route entry itself.
> 
> > Example:
> > [root@bee12 ~]# ip -6 addr add fd96:38d8:6f3d:5e::/64 dev lo
> > [root@bee12 ~]# ip -6 route del unreachable fd96:38d8:6f3d:5e::/64
> > [root@bee12 ~]# ip -6 route add table local local fd96:38d8:6f3d:5e::/64 dev
> > lo proto  kernel scope host
> 
> As a sidenote, when I test this on 3.8.11 kernel (3.8.11-200.fc18.x86_64),
> and perform the three steps above, the ping won't work and reports 'Invalid
> argument' instead. Tried several times, used different IP ranges but might
> still be doing something wrong.

Comment 9Petr Šabata 2013-08-13 12:38:00 UTC

As per Pavel's comment, this is not really an issue and the requested behavior can be achieved by adding the local route.

The proposed change in Comment #8 is for kernel and the customer ticket is already resolved.  I'm closing this as NOTABUG.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值