nonlocal_bind & IPv6

nonlocal_bind & IPv6

[Michal Humpula]

Hi, 

I was just wondering, what's wrong with this?

*** linux-2.6.34/net/ipv6/af_inet6.c    2010-05-16 23:17:36.000000000 +0200
--- linux-2.6.34-hack/net/ipv6/af_inet6.c       2010-06-25 19:50:19.000000000 +0200
***************
*** 345,354 ****
--- 345,356 ----
                        if (!(addr_type & IPV6_ADDR_MULTICAST)) {
                                if (!ipv6_chk_addr(net, &addr->sin6_addr,
                                                   dev, 0)) {
+           if (!sysctl_ip_nonlocal_bind) {
                                        err = -EADDRNOTAVAIL;
                                        goto out_unlock;
            }
                                }
+                       }
                        rcu_read_unlock();
                }
        }

Motivation: just want to balance one IPv6 address between two nodes with the help of 
keepalived the same way I do it with IPv4 without the need of restarting the daemons 
binding on that IP.

Regards

Michal Humpula

Re: nonlocal_bind & IPv6

[Rémi Denis-Courmont]

On Fri, 25 Jun 2010 20:43:45 +0200, Michal Humpula
<michal.humpula@hudrydum.cz> wrote:
> I was just wondering, what's wrong with this?

It's not in unified format :D

> *** linux-2.6.34/net/ipv6/af_inet6.c    2010-05-16 23:17:36.000000000
> +0200
> --- linux-2.6.34-hack/net/ipv6/af_inet6.c       2010-06-25
> 19:50:19.000000000 +0200
> ***************
> *** 345,354 ****
> --- 345,356 ----
>                         if (!(addr_type & IPV6_ADDR_MULTICAST)) {
>                                 if (!ipv6_chk_addr(net, &addr->sin6_addr,
>                                                    dev, 0)) {
> +           if (!sysctl_ip_nonlocal_bind) {
>                                         err = -EADDRNOTAVAIL;
>                                         goto out_unlock;
>             }
>                                 }
> +                       }
>                         rcu_read_unlock();
>                 }
>         }
> 
> Motivation: just want to balance one IPv6 address between two nodes with
> the help of keepalived the same way I do it with IPv4 without the need
> of restarting the daemons binding on that IP.

nonlocal_bind seems a bit 80's to me. Why don't you bind the daemon to
[::]? If it needs to know its own address, it can always use getsockname()
for connected sockets and IPV6_PKTINFO ancillary data for datagram sockets.

-- 
Rémi Denis-Courmont
http://www.remlab.net
http://fi.linkedin.com/in/remidenis

Re: nonlocal_bind & IPv6

[Michal Humpula]

Ok, more detail example. 

Let on each node be an apache (just for an example), and you configure VirtualHost for 
specific IP. So when node A fails, keepalived move IP to the node B and everything is 
still running. No need for restart of apache or anything else. There is a probably a 
better solution, but I can't find anything more simple than the posted patch:)

On Friday 25 of June 2010 20:59:58 Rémi Denis-Courmont wrote:
> On Fri, 25 Jun 2010 20:43:45 +0200, Michal Humpula
> 
> <michal.humpula@hudrydum.cz> wrote:
> > I was just wondering, what's wrong with this?
> 
> It's not in unified format :D
> 
> > *** linux-2.6.34/net/ipv6/af_inet6.c    2010-05-16 23:17:36.000000000
> > +0200
> > --- linux-2.6.34-hack/net/ipv6/af_inet6.c       2010-06-25
> > 19:50:19.000000000 +0200
> > ***************
> > *** 345,354 ****
> > --- 345,356 ----
> > 
> >                         if (!(addr_type & IPV6_ADDR_MULTICAST)) {
> >                         
> >                                 if (!ipv6_chk_addr(net, &addr->sin6_addr,
> >                                 
> >                                                    dev, 0)) {
> > 
> > +           if (!sysctl_ip_nonlocal_bind) {
> > 
> >                                         err = -EADDRNOTAVAIL;
> >                                         goto out_unlock;
> >             
> >             }
> >             
> >                                 }
> > 
> > +                       }
> > 
> >                         rcu_read_unlock();
> >                 
> >                 }
> >         
> >         }
> > 
> > Motivation: just want to balance one IPv6 address between two nodes with
> > the help of keepalived the same way I do it with IPv4 without the need
> > of restarting the daemons binding on that IP.
> 
> nonlocal_bind seems a bit 80's to me. Why don't you bind the daemon to
> [::]? If it needs to know its own address, it can always use getsockname()
> for connected sockets and IPV6_PKTINFO ancillary data for datagram sockets.

Re: nonlocal_bind & IPv6

[Simon Horman]

On Fri, Jun 25, 2010 at 09:10:08PM +0200, Michal Humpula wrote:
> Ok, more detail example. 
> 
> Let on each node be an apache (just for an example), and you configure
> VirtualHost for specific IP. So when node A fails, keepalived move IP to
> the node B and everything is still running. No need for restart of apache
> or anything else. There is a probably a better solution, but I can't find
> anything more simple than the posted patch:)

Not an answer to your original question, but that sounds like a problem
that can be resolved using IP_TRANSPARENT. Although I have only tested
that feature in conjunction with IPv4, it seems to support IPv6 too.

See Documentation/networking/tproxy.txt

Re: nonlocal_bind & IPv6

[Michal Humpula]

On Saturday 26 of June 2010 15:25:40 Simon Horman wrote:
> On Fri, Jun 25, 2010 at 09:10:08PM +0200, Michal Humpula wrote:
> > Ok, more detail example.
> > 
> > Let on each node be an apache (just for an example), and you configure
> > VirtualHost for specific IP. So when node A fails, keepalived move IP to
> > the node B and everything is still running. No need for restart of apache
> > or anything else. There is a probably a better solution, but I can't find
> > anything more simple than the posted patch:)
> 
> Not an answer to your original question, but that sounds like a problem
> that can be resolved using IP_TRANSPARENT. Although I have only tested
> that feature in conjunction with IPv4, it seems to support IPv6 too.
> 
> See Documentation/networking/tproxy.txt

Thanks for redirection. I don't think that IP_TRANSPARENT is suited well for my problem, 
but I did find the IP_FREEBIND in the process. Unfortunately it seems that both are 
enabled only for IPv4 and IPv6 mapped addresses. 

So, is there any reason why IP_FREEBIND or nonlocal_bind sysctl is not in current IPv6 
kernel implementation?

> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: nonlocal_bind & IPv6

[Simon Horman]

On Sat, Jun 26, 2010 at 10:42:16PM +0200, Michal Humpula wrote:
> On Saturday 26 of June 2010 15:25:40 Simon Horman wrote:
> > On Fri, Jun 25, 2010 at 09:10:08PM +0200, Michal Humpula wrote:
> > > Ok, more detail example.
> > > 
> > > Let on each node be an apache (just for an example), and you configure
> > > VirtualHost for specific IP. So when node A fails, keepalived move IP to
> > > the node B and everything is still running. No need for restart of apache
> > > or anything else. There is a probably a better solution, but I can't find
> > > anything more simple than the posted patch:)
> > 
> > Not an answer to your original question, but that sounds like a problem
> > that can be resolved using IP_TRANSPARENT. Although I have only tested
> > that feature in conjunction with IPv4, it seems to support IPv6 too.
> > 
> > See Documentation/networking/tproxy.txt
> 
> Thanks for redirection. I don't think that IP_TRANSPARENT is suited well
> for my problem, but I did find the IP_FREEBIND in the process.
> Unfortunately it seems that both are enabled only for IPv4 and IPv6
> mapped addresses. 
> 
> So, is there any reason why IP_FREEBIND or nonlocal_bind sysctl is not in
> current IPv6 kernel implementation?

My suspicion is that its just an oversight.  A good way to either get it
fixed or have the idea buried would be to send some patches.