Redhat的网站上报告 IPV6 loopback PING不通的问题

最新推荐文章于 2023-02-16 11:53:14 发布

废言Pro

最新推荐文章于 2023-02-16 11:53:14 发布

阅读量792

点赞数

CC 4.0 BY-SA版权

分类专栏： # IPV6

本文链接：https://blog.youkuaiyun.com/armlinuxww/article/details/108477712

IPV6 专栏收录该内容

4 篇文章

订阅专栏

本文档记录了在Red Hat Enterprise Linux 6中，尝试将IPv6子网地址添加到环回接口时遇到的问题，并提供了解决方案。详细描述了如何通过增加内核参数和添加本地路由条目来实现IPv6子网地址的正常工作。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Bug 969950 - cant not add a range of virtual IPv6 addresses to interface

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 6
Component:	iproute
Version:	6.4
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Šabata
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-03 07:13 UTC by Geng Sheng Liu
Modified:	2018-12-01 14:32 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-13 12:38:00 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

DescriptionGeng Sheng Liu 2013-06-03 07:13:40 UTC

Description of problem:

In IPv4 we can use the following command to add a ip subnet address to a interface like lo

#ip addr add 10.1.0.0/16 dev lo

But it failed in IPv6 with same command 

# ip -6 addr add 2001:4860:0:2001::68/64  dev lo 
# ping6 2001:4860:0:2001::68 
PING 2001:4860:0:2001::68(2001:4860:0:2001::68) 56 data bytes 
64 bytes from 2001:4860:0:2001::68: icmp_seq=0 ttl=64 time=0.036 ms 
 
--- 2001:4860:0:2001::68 ping statistics --- 
1 packets transmitted, 1 received, 0% packet loss, time 0ms 
rtt min/avg/max/mdev = 0.036/0.036/0.036/0.000 ms, pipe 2 
# ping6 2001:4860:0:2001::69 
connect: Network is unreachable 

Version-Release number of selected component (if applicable):


How reproducible:

always

Steps to Reproduce:
1. add ipv6 subnet address to a interface

#ip -6 addr add 2001:4860:0:2001::68/64  dev lo 





Actual results:

only 2001:4860:0:2001::68 get response from a ping command.

Expected results:

all address in 2001:4860:0:2001::68/64 should be available.

Additional info:

https://access.redhat.com/site/solutions/36876

http://post-office.corp.redhat.com/archives/tech-list/2010-February/msg00468.html

Comment 2Petr Šabata 2013-06-03 13:02:45 UTC

(In reply to Geng Sheng Liu from comment #0)
> Additional info:
> 
> https://access.redhat.com/site/solutions/36876

This seems completely unrelated.

> http://post-office.corp.redhat.com/archives/tech-list/2010-February/msg00468.
> html

Basically I'd say the same as Neil did back in 2010, meaning IPv4 behaves incorrectly here.

Out of curiosity, could you elaborate on use cases of this "feature"?

Comment 4Geng Sheng Liu 2013-06-04 02:09:00 UTC

Correction:

KBase related is as below

https://access.redhat.com/site/solutions/27284

Comment 5Hafid Lin 2013-06-04 02:24:55 UTC

(In reply to Petr Šabata from comment #2)
> (In reply to Geng Sheng Liu from comment #0)
> > Additional info:
> > 
> > https://access.redhat.com/site/solutions/36876
> 
> This seems completely unrelated.
> 
> > http://post-office.corp.redhat.com/archives/tech-list/2010-February/msg00468.
> > html
> 
> Basically I'd say the same as Neil did back in 2010, meaning IPv4 behaves
> incorrectly here.
> 
> Out of curiosity, could you elaborate on use cases of this "feature"?
This feature is useful for stress testing. We used to simulated tens of thousands clients or severs on one blade server in IPv4 scenario, but in IPv6 scenario, we can't do same things again.

Comment 6Hafid Lin 2013-06-13 07:56:52 UTC

Hi,

We found a workaround for this issue:

Steps:
1. add a IPv6 address on loopback interface
2. delete the unreachable route entry
3. add a local route entry

Example:
[root@bee12 ~]# ip -6 addr add fd96:38d8:6f3d:5e::/64 dev lo
[root@bee12 ~]# ip -6 route del unreachable fd96:38d8:6f3d:5e::/64
[root@bee12 ~]# ip -6 route add table local local fd96:38d8:6f3d:5e::/64 dev lo proto  kernel scope host

All IPv6 addresses under that network prefix can be accessed:
[root@bee12 ~]# ping6 fd96:38d8:6f3d:5e::1
PING fd96:38d8:6f3d:5e::1(fd96:38d8:6f3d:5e::1) 56 data bytes
64 bytes from fd96:38d8:6f3d:5e::1: icmp_seq=1 ttl=64 time=0.028 ms
^C
--- fd96:38d8:6f3d:5e::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 730ms
rtt min/avg/max/mdev = 0.028/0.028/0.028/0.000 ms
[root@bee12 ~]# ping6 fd96:38d8:6f3d:5e::2
PING fd96:38d8:6f3d:5e::2(fd96:38d8:6f3d:5e::2) 56 data bytes
64 bytes from fd96:38d8:6f3d:5e::2: icmp_seq=1 ttl=64 time=0.024 ms
^C
--- fd96:38d8:6f3d:5e::2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 453ms
rtt min/avg/max/mdev = 0.024/0.024/0.024/0.000 ms
[root@bee12 ~]# ping6 fd96:38d8:6f3d:5e::fff1
PING fd96:38d8:6f3d:5e::fff1(fd96:38d8:6f3d:5e::fff1) 56 data bytes
64 bytes from fd96:38d8:6f3d:5e::fff1: icmp_seq=1 ttl=64 time=0.027 ms
^C
--- fd96:38d8:6f3d:5e::fff1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 676ms
rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms

Comment 7Pavel Šimerda (pavlix) 2013-06-21 13:19:23 UTC

I would like to note that this issue is specific to the loopback interface, as this bug report is used as a reference elsewhere.

It is related to the fact that the IPv6 standards do not define a loopback subnet but a single loopback address and therefore there is no need for it under normal circumstances.

(In reply to Hafid Lin from comment #6)
> Hi,
> 
> We found a workaround for this issue:
> 
> Steps:
> 1. add a IPv6 address on loopback interface
> 2. delete the unreachable route entry
> 3. add a local route entry

You might also want to try skipping steps #1 and #2 and only do #3 if the only thing you need to get it work is the local route entry itself.

> Example:
> [root@bee12 ~]# ip -6 addr add fd96:38d8:6f3d:5e::/64 dev lo
> [root@bee12 ~]# ip -6 route del unreachable fd96:38d8:6f3d:5e::/64
> [root@bee12 ~]# ip -6 route add table local local fd96:38d8:6f3d:5e::/64 dev
> lo proto  kernel scope host

As a sidenote, when I test this on 3.8.11 kernel (3.8.11-200.fc18.x86_64), and perform the three steps above, the ping won't work and reports 'Invalid argument' instead. Tried several times, used different IP ranges but might still be doing something wrong.

Comment 8Geng Sheng Liu 2013-06-27 07:17:19 UTC

increase the kernel parameter below can solve the problem.

"net/core/dst.c"

    if (ops->gc && atomic_read(&ops->entries) > ops->gc_thresh) {
                if (ops->gc(ops))     <-----通过函数指针调用ip6_dst_gc
                        return NULL;

"net/ipv6/route.c"

static int ip6_dst_gc(struct dst_ops *ops)     <---------ipv6的gc函数
{
        unsigned long now = jiffies;
        struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops);
        int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
        int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;       <----------rt max size
        int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity;
        int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout;
        unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc;

        if (time_after(rt_last_gc + rt_min_interval, now) &&
            atomic_read(&ops->entries) <= rt_max_size)
                goto out;

        net->ipv6.ip6_rt_gc_expire++;
        fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net);
        net->ipv6.ip6_rt_last_gc = now;
        if (atomic_read(&ops->entries) < ops->gc_thresh)
                net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1;
out:
        net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity;
        return (atomic_read(&ops->entries) > rt_max_size);        ------->here......
}

"net/ipv6/route.c" 
        net->ipv6.sysctl.flush_delay = 0;
        net->ipv6.sysctl.ip6_rt_max_size = 4096;    ----> default value of rt_max_size is 4096
        net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
        net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ;


net.ipv6.route.max_size = 116184
(In reply to Pavel Šimerda from comment #7)
> I would like to note that this issue is specific to the loopback interface,
> as this bug report is used as a reference elsewhere.
> 
> It is related to the fact that the IPv6 standards do not define a loopback
> subnet but a single loopback address and therefore there is no need for it
> under normal circumstances.
> 
> (In reply to Hafid Lin from comment #6)
> > Hi,
> > 
> > We found a workaround for this issue:
> > 
> > Steps:
> > 1. add a IPv6 address on loopback interface
> > 2. delete the unreachable route entry
> > 3. add a local route entry
> 
> You might also want to try skipping steps #1 and #2 and only do #3 if the
> only thing you need to get it work is the local route entry itself.
> 
> > Example:
> > [root@bee12 ~]# ip -6 addr add fd96:38d8:6f3d:5e::/64 dev lo
> > [root@bee12 ~]# ip -6 route del unreachable fd96:38d8:6f3d:5e::/64
> > [root@bee12 ~]# ip -6 route add table local local fd96:38d8:6f3d:5e::/64 dev
> > lo proto  kernel scope host
> 
> As a sidenote, when I test this on 3.8.11 kernel (3.8.11-200.fc18.x86_64),
> and perform the three steps above, the ping won't work and reports 'Invalid
> argument' instead. Tried several times, used different IP ranges but might
> still be doing something wrong.

Comment 9Petr Šabata 2013-08-13 12:38:00 UTC

As per Pavel's comment, this is not really an issue and the requested behavior can be achieved by adding the local route.

The proposed change in Comment #8 is for kernel and the customer ticket is already resolved.  I'm closing this as NOTABUG.