Global IPV6 auto-configuration does not work as expected.

Global IPV6 auto-configuration does not work as expected.

[greg]

Good afternoon, hope this note finds everyone's week starting well.

We are in the process of beginning full scale deployment of IPv6 and
have run into the following issue.  It is probably user error so feel
free to note it as such.

We want to turn off auto-configuration of IPv6 by our routers on all
interfaces on our servers.  From a bit of Googling and intuition we
assumed the following sysctl key would do this:

net.ipv6.conf.all.autoconf=0

But this seems to have no effect.  We have booted the machines and set
the above directive before the network configures and have also tried
setting the directive after boot followed by manual deletion of the
router assigned addresses but they keep returning.  It's happening
with 2.6.31.x and 2.6.32.x kernels.

The only way we have been able to disable the auto-configuration has
been to explicitly disable it at the individual interface level with
net.ipv6.conf.ethN.autoconf=0 directives.

We've noted the net.ipv6.conf.default.autoconf and experimented with
that a bit as well but haven't been able to accomplish our objective.

Thoughts?

Best wishes for a productive week.

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"Quidquid latine dictum sit, altum viditur."
        (Whatever is said in Latin, sounds profound.)
                                -- Kevin M Bealer

Re: Global IPV6 auto-configuration does not work as expected.

[Neil Horman]

On Mon, Jan 18, 2010 at 01:06:06PM -0600, greg@enjellic.com wrote:
> Good afternoon, hope this note finds everyone's week starting well.
> 
> We are in the process of beginning full scale deployment of IPv6 and
> have run into the following issue.  It is probably user error so feel
> free to note it as such.
> 
> We want to turn off auto-configuration of IPv6 by our routers on all
> interfaces on our servers.  From a bit of Googling and intuition we
> assumed the following sysctl key would do this:
> 
> net.ipv6.conf.all.autoconf=0
> 
> But this seems to have no effect.  We have booted the machines and set
> the above directive before the network configures and have also tried
> setting the directive after boot followed by manual deletion of the
> router assigned addresses but they keep returning.  It's happening
> with 2.6.31.x and 2.6.32.x kernels.
> 
> The only way we have been able to disable the auto-configuration has
> been to explicitly disable it at the individual interface level with
> net.ipv6.conf.ethN.autoconf=0 directives.
> 
> We've noted the net.ipv6.conf.default.autoconf and experimented with
> that a bit as well but haven't been able to accomplish our objective.
> 
> Thoughts?
> 
> Best wishes for a productive week.
> 

First guess would be that you have autoconf configured for you interfaces in the
config files.  The default sysctl directory just controls the state of the
device when its first registered, while the all sysctl directory provides a
1-shot mechanism to affect the state of all devices at once.  Neither prevents
autoconfiguration from getting set on devices when udev responds to their
creation.  Do the following:
1) cd /etc/sysconfig/network-scripts
2) grep IPV6_AUTOCONF ifcfg*

If you get any results in step 2 that read like this:
IPV6_AUTOCONF=yes

Then your configuration is teling the system to enable autoconf on those
interfaces.  You can correct that by removing those lines from those config
file, or changing them to:
IPV6_AUTOCONF=no

Best
Neil

Re: Global IPV6 auto-configuration does not work as expected.

[greg]

On Jan 18,  3:17pm, Neil Horman wrote:
} Subject: Re: Global IPV6 auto-configuration does not work as expected.

Hi Neil, thanks for the note.

> > The only way we have been able to disable the auto-configuration has
> > been to explicitly disable it at the individual interface level with
> > net.ipv6.conf.ethN.autoconf=0 directives.
> > 
> > We've noted the net.ipv6.conf.default.autoconf and experimented with
> > that a bit as well but haven't been able to accomplish our objective.
> > 
> > Thoughts?
> > 
> > Best wishes for a productive week.
> > 

> First guess would be that you have autoconf configured for you
> interfaces in the config files.  The default sysctl directory just
> controls the state of the device when its first registered, while
> the all sysctl directory provides a 1-shot mechanism to affect the
> state of all devices at once.  Neither prevents autoconfiguration
> from getting set on devices when udev responds to their creation.
> Do the following:
>
> 1) cd /etc/sysconfig/network-scripts
> 2) grep IPV6_AUTOCONF ifcfg*
> 
> If you get any results in step 2 that read like this:
> IPV6_AUTOCONF=yes
> 
> Then your configuration is teling the system to enable autoconf on those
> interfaces.  You can correct that by removing those lines from those config
> file, or changing them to:
> IPV6_AUTOCONF=no

The boxes are not running any of the standard distributions.  They are
running a very minimalistic distribution that I put together in early
1992 and have been maintaining ever since.... :-) So the network
configuration script isn't playing a role in this.

The 'sysctl -p' command is issued by the rc.sysinit script very early
in the boot process.  Long before the interfaces are actually
'upped'.  I'm assuming from your description that the:

net.ipv6.conf.default.autoconf 

If set to 0 before the network interfaces are configured should
prevent auto-configuration from occuring.  I will re-test but I don't
think that is happening.

Also from your description I'm assuming the following:

net.ipv6.conf.all.autoconf=0

If set should globally turn off auto-configuration.

I just tested that again.  After setting the 'all' directive to zero I
removed the IPv6 addresses and after a short time the were
auto-configured again.

For good measure I also set net.ipv6.conf.default.autoconf=0 and
removed the IPv6 addresses.  With both directives set to 0 the IPv6
autoconf address returned.

I'm certainly not discounting user error but according to your
description the net.ipv6.conf.all.autoconf=0 should globally disable
auto-configuration on the interfaces, yet it doesn't seem to.  Unless
the interfaces need to be 'downed' and 'upped' after the sysctl value
is set but that seems counter-intuitive.

> Best
> Neil

Greg

}-- End of excerpt from Neil Horman

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"Programming without software engineering is like sculpting with a
 chain saw.  The very talented can produce a work of art, the mediocre
 wind up with a misshapen lump in a pile of rubble, and in neither case
 does the end result have more than a passing resemblance to the
 original intent."
                                -- Bill Davidsen

Re: Global IPV6 auto-configuration does not work as expected.

[Neil Horman]

On Mon, Jan 18, 2010 at 03:08:49PM -0600, greg@enjellic.com wrote:
> On Jan 18,  3:17pm, Neil Horman wrote:
> } Subject: Re: Global IPV6 auto-configuration does not work as expected.
> 
> Hi Neil, thanks for the note.
> 
> > > The only way we have been able to disable the auto-configuration has
> > > been to explicitly disable it at the individual interface level with
> > > net.ipv6.conf.ethN.autoconf=0 directives.
> > > 
> > > We've noted the net.ipv6.conf.default.autoconf and experimented with
> > > that a bit as well but haven't been able to accomplish our objective.
> > > 
> > > Thoughts?
> > > 
> > > Best wishes for a productive week.
> > > 
> 
> > First guess would be that you have autoconf configured for you
> > interfaces in the config files.  The default sysctl directory just
> > controls the state of the device when its first registered, while
> > the all sysctl directory provides a 1-shot mechanism to affect the
> > state of all devices at once.  Neither prevents autoconfiguration
> > from getting set on devices when udev responds to their creation.
> > Do the following:
> >
> > 1) cd /etc/sysconfig/network-scripts
> > 2) grep IPV6_AUTOCONF ifcfg*
> > 
> > If you get any results in step 2 that read like this:
> > IPV6_AUTOCONF=yes
> > 
> > Then your configuration is teling the system to enable autoconf on those
> > interfaces.  You can correct that by removing those lines from those config
> > file, or changing them to:
> > IPV6_AUTOCONF=no
> 
> The boxes are not running any of the standard distributions.  They are
> running a very minimalistic distribution that I put together in early
> 1992 and have been maintaining ever since.... :-) So the network
> configuration script isn't playing a role in this.
> 
Um, wow, ok.  What kernel version is this running?  Are you managing any udev
events?

> The 'sysctl -p' command is issued by the rc.sysinit script very early
> in the boot process.  Long before the interfaces are actually
> 'upped'.  I'm assuming from your description that the:
> 
> net.ipv6.conf.default.autoconf 
> 
> If set to 0 before the network interfaces are configured should
> prevent auto-configuration from occuring.  I will re-test but I don't
> think that is happening.
> 
Only if nothing else changes the default on a per-interface basis.  Hence my
comment regarding the use of network config scripts.

If you set the default value of autoconf, then insmod a network driver that
registers (for example) eth0, what does /proc/sys/net/ipv6/conf/eth0/autoconf
contain?  If its 0, then you should be good.  If its 1, then something else is
afoot, changing the config value.

> Also from your description I'm assuming the following:
> 
> net.ipv6.conf.all.autoconf=0
> 
> If set should globally turn off auto-configuration.
> 
As a 1-shot, yes, but again, that doesn't stop someone from overriding it after
its issued.  Its the same as doing this:
for i in `every interface`
do
	echo 0 > /proc/sys/net/ipv6/conf/$i/autoconf
done


> I just tested that again.  After setting the 'all' directive to zero I
> removed the IPv6 addresses and after a short time the were
> auto-configured again.
> 
> For good measure I also set net.ipv6.conf.default.autoconf=0 and
> removed the IPv6 addresses.  With both directives set to 0 the IPv6
> autoconf address returned.
> 
> I'm certainly not discounting user error but according to your
> description the net.ipv6.conf.all.autoconf=0 should globally disable
> auto-configuration on the interfaces, yet it doesn't seem to.  Unless
> the interfaces need to be 'downed' and 'upped' after the sysctl value
> is set but that seems counter-intuitive.
> 
What address values are you seeing on here?
Neil

> > Best
> > Neil
> 
> Greg
> 
> }-- End of excerpt from Neil Horman
> 
> As always,
> Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
> 4206 N. 19th Ave.           Specializing in information infra-structure
> Fargo, ND  58102            development.
> PH: 701-281-1686
> FAX: 701-281-3949           EMAIL: greg@enjellic.com
> ------------------------------------------------------------------------------
> "Programming without software engineering is like sculpting with a
>  chain saw.  The very talented can produce a work of art, the mediocre
>  wind up with a misshapen lump in a pile of rubble, and in neither case
>  does the end result have more than a passing resemblance to the
>  original intent."
>                                 -- Bill Davidsen
> 

Re: Global IPV6 auto-configuration does not work as expected.

[Brian Haley]

greg@enjellic.com wrote:
> On Jan 18,  3:17pm, Neil Horman wrote:
> } Subject: Re: Global IPV6 auto-configuration does not work as expected.
> 
> Hi Neil, thanks for the note.
> 
>>> The only way we have been able to disable the auto-configuration has
>>> been to explicitly disable it at the individual interface level with
>>> net.ipv6.conf.ethN.autoconf=0 directives.

If done after module load, then that's currently the only way to do it.

> The 'sysctl -p' command is issued by the rc.sysinit script very early
> in the boot process.  Long before the interfaces are actually
> 'upped'.  I'm assuming from your description that the:
> 
> net.ipv6.conf.default.autoconf 
> 
> If set to 0 before the network interfaces are configured should
> prevent auto-configuration from occuring.  I will re-test but I don't
> think that is happening.

I can confirm that this works correctly, for example if you set this to
zero then rmmod/modprobe one of your network drivers, you'll see it get
set correctly.

To fix your reported problem, I added a module parameter to control
the setting of autoconf at load time in June 2009
(see Documentation/networking/ipv6.txt).  Basically, just add this to
/etc/modprobe.conf:

	options ipv6 autoconf=0

Your distro might require it somewhere else.

> Also from your description I'm assuming the following:
> 
> net.ipv6.conf.all.autoconf=0
> 
> If set should globally turn off auto-configuration.

Actually, I don't think that's ever done that, the "all" settings only
affects some things, like forwarding, proxy_ndp, and disable_ipv6.

Even if the "all" setting did have control over this, if its setting was 0
and the device setting was 1, shouldn't the device setting override it?

Hope this helps,

-Brian

Re: Global IPV6 auto-configuration does not work as expected.

[greg]

On Jan 19,  1:21pm, Brian Haley wrote:
} Subject: Re: Global IPV6 auto-configuration does not work as expected.

Hi Brian, thanks for the note.

> greg@enjellic.com wrote:
> > On Jan 18,  3:17pm, Neil Horman wrote:
> > } Subject: Re: Global IPV6 auto-configuration does not work as expected.
> > 
> > Hi Neil, thanks for the note.
> > 
> >>> The only way we have been able to disable the auto-configuration has
> >>> been to explicitly disable it at the individual interface level with
> >>> net.ipv6.conf.ethN.autoconf=0 directives.

> If done after module load, then that's currently the only way to do it.

Well that is probably the root of the problem.  We only use statically
compiled custom kernels.  Based on that it would seem that our only
alternative is to use the interface specific directive.

Or hack the kernel sources to neuter it.

> > The 'sysctl -p' command is issued by the rc.sysinit script very early
> > in the boot process.  Long before the interfaces are actually
> > 'upped'.  I'm assuming from your description that the:
> > 
> > net.ipv6.conf.default.autoconf 
> > 
> > If set to 0 before the network interfaces are configured should
> > prevent auto-configuration from occuring.  I will re-test but I don't
> > think that is happening.

> I can confirm that this works correctly, for example if you set this to
> zero then rmmod/modprobe one of your network drivers, you'll see it get
> set correctly.
> 
> To fix your reported problem, I added a module parameter to control
> the setting of autoconf at load time in June 2009
> (see Documentation/networking/ipv6.txt).  Basically, just add this to
> /etc/modprobe.conf:
> 
> 	options ipv6 autoconf=0
> 
> Your distro might require it somewhere else.

That would only be effective with a modular implementation of ipv6.
As I noted above these are completely static kernels.

I will have to take a look at the source.  I would assume the IPv6
code is looking at that variable.  It may be a straight forward
exercise to just unconditionally disable it for these static kernels.

Thoughts?

> > Also from your description I'm assuming the following:
> > 
> > net.ipv6.conf.all.autoconf=0
> > 
> > If set should globally turn off auto-configuration.

> Actually, I don't think that's ever done that, the "all" settings only
> affects some things, like forwarding, proxy_ndp, and disable_ipv6.
> 
> Even if the "all" setting did have control over this, if its setting was 0
> and the device setting was 1, shouldn't the device setting override
> it?

Good question, somewhat of a chicken and egg problem.

Right now the the interpretation of all this seems to be somewhat
muddled.  I've been doing this for a long time and the current
behavior had me confused.

It seems to me there should be some type of conditional knob, arguably
in the sysctl infra-structure which can make auto-configuration go
away, modular kernel or not.

> Hope this helps,
> 
> -Brian

I do appreciate the insight.  At least we are not fumbling around
trying to figure out if we are using this stuff wrong.

Have a good evening.

}-- End of excerpt from Brian Haley

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"I can only provide the information, I can't make you hear it."
                                -- Shelley Bainter

Re: Global IPV6 auto-configuration does not work as expected.

[David Miller]

From: greg@enjellic.com
Date: Tue, 19 Jan 2010 14:34:00 -0600

> That would only be effective with a modular implementation of ipv6.
> As I noted above these are completely static kernels.

That's incorrect, you can still set the parameter if ipv6 is
built statically into your kernel.

You can set "module" parameters on the kernel command line by
saying, f.e., "ipv6.autoconf=0"

Re: Global IPV6 auto-configuration does not work as expected.

[greg]

On Jan 19, 12:35pm, David Miller wrote:
} Subject: Re: Global IPV6 auto-configuration does not work as expected.
> From: greg@enjellic.com

Hi, hope the day is going well for everyone.

> Date: Tue, 19 Jan 2010 14:34:00 -0600
> 
> > That would only be effective with a modular implementation of ipv6.
> > As I noted above these are completely static kernels.

> That's incorrect, you can still set the parameter if ipv6 is
> built statically into your kernel.
> 
> You can set "module" parameters on the kernel command line by
> saying, f.e., "ipv6.autoconf=0"

Dave to the rescue.... :-)

That option works perfectly well.  I had actually hacked the kernel
source to set the default but the kernel command-line is less
invasive.

Thanks to everyone for the input.

Best wishes for a pleasant week.

}-- End of excerpt from David Miller

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"Boy, it must not take much to make a phone work.  Looking at
 everthing else here it must be the same way with the INTERNET."
                                -- Francis 'Fritz' Wettstein