From: Stefano Brivio <sbrivio@redhat.com>
To: Tj <tj.iam.tj@proton.me>
Cc: "Íñigo Huguet" <ihuguet@redhat.com>,
"Thorsten Leemhuis" <regressions@leemhuis.info>,
"Fernando Fernandez Mancera" <fmancera@suse.de>,
"Jakub Kicinski" <kuba@kernel.org>,
netdev@vger.kernel.org, "Yumei Huang" <yuhuang@redhat.com>,
"Ido Schimmel" <idosch@idosch.org>,
"Justin Iurman" <justin.iurman@gmail.com>,
"David Ahern" <dsahern@kernel.org>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Linux kernel regressions list" <regressions@lists.linux.dev>,
"Beniamino Galvani" <bgalvani@redhat.com>
Subject: Re: Problem with IPv6 privacy addresses in 7.0
Date: Fri, 29 May 2026 22:04:15 +0200 (CEST) [thread overview]
Message-ID: <20260529220415.22d0be8d@elisabeth> (raw)
In-Reply-To: <ahnaz3ppxyVHl3xB@mail.iam.tj>
On Fri, 29 May 2026 18:28:58 +0000
Tj <tj.iam.tj@proton.me> wrote:
> I believe I hit this on a router using Debian 13 with v7.0.* kernel this week that
> uses systemd-networkd to configure IPV6 RA and prefix delegation after
> moving from v6.19.*.
>
> Symptom was the router could no longer reach public IPv6 addresses
> itself but forwarding was unaffected.
>
> The ISP (Starlink) provides a /64 prefix via RA and a /56 via DHCPv6. networkd
> allocates a static suffix address from both to the WAN-side interface.
>
> I discovered after much experimentation that instead of the usual /56
> address being the source it was choosing the /64 and failing.
Do you really mean an address configured as /56, or a /64 address that
systemd-networkd derives from a /56 delegated prefix?
Because more specific addresses / longest matching prefixes (RFC 6724
Section 5., Rule 8, implemented by ipv6_get_saddr_eval()) should anyway
be preferred as source addresses, regardless of the order of insertion
of addresses with the same scope.
I'm looking into possible assumptions made by systemd-networkd in this
case. *If* this is confirmed, I also start thinking that a revert and
exporting the correct implementation as non-default using a netlink
flag would be preferable. at this point.
> Router uses policy routing so my work-around was to add a rule so the
> /64 address is added to the WAN interface's route table.
>
> [RoutingPolicyRule]
> To=::/0
> From=2a0d:3344:aaaa:bbbb::/64
> Priority=30100
> Table=starlink
>
> The WAN interface config for RA and PD is:
>
> [IPv6AcceptRA]
> UseGateway=yes
> UseDNS=no
> UseDomains=no
> Token=static:::ff
> # when RouteTable is set a table name is explicitly required in any [Route] section without a Table= of its own
> # names defined in /etc/systemd/networkd.conf.d/51-RouteTable.conf as: [Network] RouteTable=
> RouteTable=starlink
>
> [DHCPv6]
> UseAddress=no
> UseDNS=no
> UseNTP=no
> UseHostname=no
> UseDomains=no
> UseDelegatedPrefix=yes
> PrefixDelegationHint=::/56
> ## asked for in RFE https://github.com/systemd/systemd/issues/31566
> ##RouteTable=starlink
>
> [DHCPPrefixDelegation]
> Announce=false
> UplinkInterface=:self
> Assign=yes
> Token=static:::1
> SubnetId=0xff
--
Stefano
next prev parent reply other threads:[~2026-05-29 20:04 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-29 18:28 Problem with IPv6 privacy addresses in 7.0 Tj
2026-05-29 20:04 ` Stefano Brivio [this message]
2026-05-29 20:18 ` Tj
-- strict thread matches above, loose matches on Subject: below --
2026-05-21 13:53 Chris Adams
2026-05-27 0:57 ` Jakub Kicinski
2026-05-27 1:06 ` Chris Adams
2026-05-27 1:31 ` Jakub Kicinski
2026-05-27 21:13 ` Chris Adams
2026-05-27 21:16 ` Fernando Fernandez Mancera
2026-05-27 21:51 ` Jakub Kicinski
2026-05-27 21:51 ` Chris Adams
2026-05-27 21:59 ` Fernando Fernandez Mancera
2026-05-27 23:07 ` Jakub Kicinski
2026-05-28 5:38 ` Stefano Brivio
2026-05-28 10:46 ` Fernando Fernandez Mancera
2026-05-28 11:12 ` Stefano Brivio
2026-05-28 11:29 ` Fernando Fernandez Mancera
2026-05-28 12:29 ` Thorsten Leemhuis
2026-05-28 13:32 ` Stefano Brivio
2026-05-28 14:02 ` Thorsten Leemhuis
2026-05-28 14:15 ` Íñigo Huguet
2026-05-28 14:53 ` Stefano Brivio
2026-05-28 15:24 ` Íñigo Huguet
2026-05-28 16:01 ` Beniamino Galvani
2026-05-28 17:21 ` Stefano Brivio
2026-05-28 18:42 ` Fernando Fernandez Mancera
2026-05-28 18:50 ` Fernando Fernandez Mancera
2026-05-28 19:22 ` Stefano Brivio
2026-05-29 4:47 ` David Gibson
2026-05-29 8:40 ` Beniamino Galvani
2026-05-29 17:40 ` Stefano Brivio
2026-05-28 14:34 ` Andrew Lunn
2026-05-28 15:17 ` Stefano Brivio
2026-05-29 4:48 ` David Gibson
2026-05-29 9:42 ` Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260529220415.22d0be8d@elisabeth \
--to=sbrivio@redhat.com \
--cc=bgalvani@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=dsahern@kernel.org \
--cc=fmancera@suse.de \
--cc=idosch@idosch.org \
--cc=ihuguet@redhat.com \
--cc=justin.iurman@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=regressions@leemhuis.info \
--cc=regressions@lists.linux.dev \
--cc=tj.iam.tj@proton.me \
--cc=yuhuang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox