[Solved] systemd-networkd+vlan and IPv6

Issues related to configuring your network
silvio
Posts: 67
Joined: 2008/11/10 13:06:03

[Solved] systemd-networkd+vlan and IPv6

Post by silvio » 2021/04/22 10:41:52

Hi,

i have a IPv6 configuration question with systemd-networkd.
Our systems have one network card and i have a external connection/IP and additional a internal vlan connection/IP.
To configure this i create a config file for the normal connection and a network and a netdev file for the vlan.
So we have:
enp41s0.network
enp41s0.4001.network
enp41s0.4001.netdev

The external connection has a IPv4 and a IPv6 address and all is working.
For the vlan dev we will ONLY use a IPv4 address. In the network file of the vlan is only the IPv4 address configured and additional the parameter:
net.ipv6.conf.enp41s0/4001.disable_ipv6 = 1
is set in /etc/sysctl.conf.

The config for the vlan dev is:
[Match]
#netdev name
Name=enp41s0.4001
[Network]
Description="VLAN 4001"
Address=192.168.100.56/24

Now my problem:
If i reboot the machine the vlan interface has a IPv6 address but if i do "sysctl -p" the ip disappears.
After reboot:
3: enp41s0.4001@enp41s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default qlen 1000
link/ether a2:c9:70:f3:95:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.56/24 brd 192.168.100.255 scope global enp41s0.4001
valid_lft forever preferred_lft forever
inet6 fe80::a0c9:70ff:fef3:951c/64 scope link
valid_lft forever preferred_lft forever
sysctl -p
3: enp41s0.4001@enp41s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default qlen 1000
link/ether a2:c9:70:f3:95:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.56/24 brd 192.168.100.255 scope global enp41s0.4001
valid_lft forever preferred_lft forever
Why is the parameter in the sysctl.conf ignored after reboot or what can i change to get this working as expected?

Best

Silvio
Last edited by silvio on 2021/04/22 14:35:17, edited 1 time in total.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: systemd-networkd+vlan and IPv6

Post by jlehtone » 2021/04/22 11:42:57

First, I have link-local fe80:* IPv6 address on every interface even though I don't have IPv6 in use. (nmcli "ipv6.method ignore").
Do you really need to get rid of the link-local address? IME, things are more likely to break if you do.

As implied above, I do use NetworkManager and have never installed systemd-networkd. Can't help with that.

You have both untagged and tagged VLAN on same wire. While probably fine, why don't you simply tag both VLANs?


As for the question about sysctl, I'd guess that the order of operations during boot is such that sysctl is set first and then configuration of connections resets/overrides that.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: systemd-networkd+vlan and IPv6

Post by TrevorH » 2021/04/22 11:47:04

Also I think systemd-networkd is entirely unsupported. It's gone from RHEL 8.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

silvio
Posts: 67
Joined: 2008/11/10 13:06:03

Re: systemd-networkd+vlan and IPv6

Post by silvio » 2021/04/22 12:15:53

Thanks for the answers.
To @jllehtone, yes i know this but if i set a kernel variable why should a program ignore this. And on the other hand , why is it working if i call sysctl -p per commandline?
Eventually i'm a little bit old but i think all unused services should be disabled (and we definitly do knot need IPv6 here) and if i do not know/understand why a services is activated or how it works, i'm a little bit paranoid especially if this is a offical system.

@Trevor, I know that systemd-networkd is not in C8 but in C7 is it a offical packet. We had "some" trouble with the network-manager in the last years and the service provider have a little bit tricky network configuration so they recommend also systemd-networkd.

Ok, i will check if i can find out what happens here.

Best

Silvio

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: systemd-networkd+vlan and IPv6

Post by jlehtone » 2021/04/22 12:33:08

silvio wrote:
2021/04/22 12:15:53
To @jllehtone, yes i know this but if i set a kernel variable why should a program ignore this. And on the other hand , why is it working if i call sysctl -p per commandline?
Like I said, perhaps on boot:
0. variable has initial state
1. your config sets disabled=1
2. systemd-networkd sets disabled=0
and during runtime:
3. your command sets disabled=1
All three change the state as one-shot commands. There is no service that would frequently reset (or lock) the state to specific value.
Eventually i'm a little bit old but i think all unused services should be disabled (and we definitly do knot need IPv6 here) and if i do not know/understand why a services is activated or how it works, i'm a little bit paranoid especially if this is a offical system.
Ah, the days in the far past, when I did learn (the "hard way") that many services were actually in use. :oops:

silvio
Posts: 67
Joined: 2008/11/10 13:06:03

Re: systemd-networkd+vlan and IPv6

Post by silvio » 2021/04/22 12:45:55

jlehtone wrote:
2021/04/22 12:33:08
Like I said, perhaps on boot:
0. variable has initial state
1. your config sets disabled=1
2. systemd-networkd sets disabled=0
and during runtime:
3. your command sets disabled=1
All three change the state as one-shot commands. There is no service that would frequently reset (or lock) the state to specific value.
First step was to make sure that sysctl parameters with ipv6 are working. So i set "net.ipv6.conf.all.disable_ipv6 = 1" and i have no IPv6 address anymore on every device. So it looks like
1. reading sysctl with all parameters but vlan device does not exist at this moment
2. start systemd-networkd and create vlan device
3. -> IPv6 to now existing device
4. commandline call, rule is now working

Ah, the days in the far past, when I did learn (the "hard way") that many services were actually in use. :oops:
:-D
Yes this is part of the job. Especially systemd does a lot in this direction. But i do my best to understand my systems and her services :-)

Best

Silvio

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: systemd-networkd+vlan and IPv6

Post by jlehtone » 2021/04/22 13:19:53

silvio wrote:
2021/04/22 12:45:55
1. reading sysctl with all parameters but vlan device does not exist at this moment
2. start systemd-networkd and create vlan device
3. -> IPv6 to now existing device
Wait! Where did I ..?

Bridges! There was similar episode about software bridges (a network device too). IIRC.

Most users have bridges for virtualization. The sysctl loads config at some point in boot. Virtualization service (libvirtd) starts "later". The service creates bridges. New network devices. In order to do that, it has to load kernel module for bridge support.
In other words, some sysctl variables do not exist in the kernel when sysctl is run during boot. They have to be set later.

Not 100% whether it was the bridge's variables, but there definitely have been something where the order of initialization, the startup sequence is crucial and solutions (or workarounds) to that problem have evolved (beyond "its not our package that should do it").

silvio
Posts: 67
Joined: 2008/11/10 13:06:03

Re: systemd-networkd+vlan and IPv6

Post by silvio » 2021/04/22 13:45:10

jlehtone wrote:
2021/04/22 13:19:53

Wait! Where did I ..?

Bridges! There was similar episode about software bridges (a network device too). IIRC.

Most users have bridges for virtualization. The sysctl loads config at some point in boot. Virtualization service (libvirtd) starts "later". The service creates bridges. New network devices. In order to do that, it has to load kernel module for bridge support.
In other words, some sysctl variables do not exist in the kernel when sysctl is run during boot. They have to be set later.
Thanks a lot for this.
I found a bugzilla record:
https://bugzilla.redhat.com/show_bug.cgi?id=634736

I can not see a error message in my logs but the description sounds like my "problem".
I will have a look what they have done and a "dirty solution" could be a "sysctl -p" in the rc.local file ...

Best

Silvio

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: systemd-networkd+vlan and IPv6

Post by TrevorH » 2021/04/22 13:46:18

net.ipv6.conf.default.disable_ipv6 ?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

silvio
Posts: 67
Joined: 2008/11/10 13:06:03

Re: systemd-networkd+vlan and IPv6

Post by silvio » 2021/04/22 13:53:45

TrevorH wrote:
2021/04/22 13:46:18
net.ipv6.conf.default.disable_ipv6 ?
Tested and not working :-)
# Disable IPv6 unless required
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.disable_ipv6 = 0
If i set "net.ipv6.conf.all.disable_ipv6 = 1" all IPv6 addresses are gone.

Best
Silvio

Post Reply