Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to accept IPv6 RA route information (prefixes reachable via other routers) #6727

Closed
zargony opened this issue Jan 11, 2023 · 0 comments · Fixed by siderolabs/pkgs#653
Closed

Allow to accept IPv6 RA route information (prefixes reachable via other routers) #6727

zargony opened this issue Jan 11, 2023 · 0 comments · Fixed by siderolabs/pkgs#653
Assignees
@smira

Comments

@zargony
Copy link

zargony commented Jan 11, 2023

Feature Request

Enable kernel configuration CONFIG_IPV6_ROUTE_INFO to allow Talos OS to enable accepting IPv6 RA route information options (24) on the local network.

Description

IPv6 routers broadcast ICMPv6 router advertisement (RA) packets on the local network containing information for autoconfiguration. RA packets can countain prefix information (option 3) which describe prefixes used on the local network. They can also contain route information (option 24) which describe what other prefixes are reachable via the router (RFC 4191).

Accepting RA prefix information is enabled by default and used for interface auto-configuration (SLAAC). It can be controlled by sysctl net.ipv6.conf.*.accept_ra. (Although Talos OS currently needs a small workaround as mentioned in #5632)

Accepting RA route information can be controlled by sysctls net.ipv6.conf.*.accept_ra_rtr_pref, net.ipv6.conf.*.accept_ra_rt_info_max_plen and net.ipv6.conf.*.accept_ra_rt_info_min_plen. It is disabled by kernel defaults (but I see it working on several systems, so distributions are probably enabling it for autoconfiguration). However, this needs a kernel compiled with CONFIG_IPV6_ROUTE_INFO, therefore it currently doesn't work in Talos OS.

Use-case

Whenever there's multiple router in an IPv6 network and hosts are using auto-configuration. E.g. in my home, there's multiple HomePod mini acting as border gateways for Thread IoT devices. A Thread border gateway maps IoT devices to an IPv6 ULA prefix which is announced on LAN via RA route information. This works out of the box on macOS, iOS, Ubuntu and Windows devices (they add routes for the Thread prefixes), so I assume these accept RA route information by default.

Workaround

If the default router has routes to other local prefixes installed (either by static configuration or by accepting the RA route information), they're reachable from a Talos host with an additional hop via default route.

Version Information

Client:
	Tag:         v1.3.1
	SHA:         4469ad12
	Built:
	Go version:  go1.19.4
	OS/Arch:     darwin/arm64
Server:
	NODE:        node1
	Tag:         v1.3.1
	SHA:         4469ad12
	Built:
	Go version:  go1.19.4
	OS/Arch:     linux/arm64
	Enabled:     RBAC
        <2 more>...
@smira smira self-assigned this Jan 11, 2023
smira added a commit to smira/pkgs that referenced this issue Jan 11, 2023
@smira
feat: update Linux to 6.1.4, restore RPi support
31a35df 
Also restored support for other SoCs which got lost in 6.1 update (as
much as I could).

Enabled IPv6 RA support.

Fixes siderolabs#642

Fixes siderolabs/talos#6727

Signed-off-by: Andrey Smirnov <[email protected]>
@smira smira mentioned this issue Jan 11, 2023
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@smira smira

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: update Linux to 6.1.4, restore RPi support smira/pkgs
2 participants
@zargony @smira