Wicked: Received IPv6 address not configured to interface

jiivee · October 23, 2021, 2:43pm

Trouble with missing IPv6 address started when my ISP did some maintenance work few days ago. Before that ISP provided nicely both IPv4 and IPv6 address for my router. After maintenance IPv6 address was lost and IPv4 address just changed. Case is not that simple: IPS stiil provides IPv6 address and default route. For some reason wicked does not apply received IPv6 address to interface. IPv6 default route is configured into routing table.

Below is some information I believe might be useful for figuring out why IPv6 address is not applied even when IPv6 default route is configured. Hosts using IPv6 in my internal network are quite confused of current situation.

$ uname -a
Linux Routing-machine 5.14.11-2-default #1 SMP Sun Oct 10 08:34:34 UTC 2021 (834dddd) x86_64 x86_64 x86_64 GNU/Linux

$ zypper info wicked 
Loading repository data... 
Reading installed packages... 


Information for package wicked: 
------------------------------- 
Repository     : Main Repository (OSS) 
Name           : wicked 
Version        : 0.6.66-1.2 
Arch           : x86_64 
Vendor         : openSUSE 
Installed Size : 3.6 MiB 
Installed      : Yes 
Status         : up-to-date 
Source package : wicked-0.6.66-1.2.src 
Summary        : Network configuration infrastructure 
Description    :  
    Wicked is a network configuration infrastructure incorporating a number 
    of existing frameworks into a unified architecture, providing a DBUS 
    interface to network configuration.

$ ip -6 addr show dev enp8s0 
2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 
    inet6 fe80::aa5e:45ff:feb3:2c01/64 scope link  
       valid_lft forever preferred_lft forever

$ ip -6 route | grep default 
**default** via fe80::217:10ff:fe97:df02 dev enp8s0 proto ra metric 1024 expires 1795sec hoplimit 64 pref medium

Relevant excerpt from radvdump output:

# 
# radvd configuration generated by radvdump 2.19 
# based on Router Advertisement from fe80::217:10ff:fe97:df02 
# received by interface enp8s0 
# 

interface enp8s0 
{ 
        AdvSendAdvert on; 
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump 
        AdvManagedFlag on; 
        AdvOtherConfigFlag on; 
        AdvReachableTime 0; 
        AdvRetransTimer 0; 
        AdvCurHopLimit 64; 
        AdvDefaultLifetime 1800; 
        AdvHomeAgentFlag off; 
        AdvDefaultPreference medium; 
        AdvSourceLLAddress on; 
        AdvLinkMTU 1500; 
}; # End of interface definition

Configuration:

# cat /etc/sysconfig/network/ifcfg-enp8s0 
MTU='0' 
BOOTPROTO='dhcp' 
STARTMODE='auto' 
ZONE='external' 
IPV6INIT='yes' 
DHCLIENT6_MODE='managed' 
IPV6_AUTOCONF='yes'


# cat /etc/sysctl.d/70-yast.conf  
net.ipv4.ip_forward = 1 
net.ipv6.conf.all.forwarding = 1 
net.ipv6.conf.all.disable_ipv6 = 0 

# Accept default IPv6 route from ISP 
net.ipv6.conf.enp8s0.accept_ra = 2 
#net.ipv6.conf.enp8s0.autoconf = 0

[FONT=monospace]**#** sysctl -a | egrep 'ipv6.*enp8s0' 
net.**ipv6.conf.enp8s0**.accept_dad = 1 
net.**ipv6.conf.enp8s0**.accept_ra = 2 
net.**ipv6.conf.enp8s0**.accept_ra_defrtr = 1 
net.**ipv6.conf.enp8s0**.accept_ra_from_local = 0 
net.**ipv6.conf.enp8s0**.accept_ra_min_hop_limit = 1 
net.**ipv6.conf.enp8s0**.accept_ra_mtu = 1 
net.**ipv6.conf.enp8s0**.accept_ra_pinfo = 1 
net.**ipv6.conf.enp8s0**.accept_ra_rt_info_max_plen = 0 
net.**ipv6.conf.enp8s0**.accept_ra_rt_info_min_plen = 0 
net.**ipv6.conf.enp8s0**.accept_ra_rtr_pref = 1 
net.**ipv6.conf.enp8s0**.accept_redirects = 0 
net.**ipv6.conf.enp8s0**.accept_source_route = 0 
net.**ipv6.conf.enp8s0**.addr_gen_mode = 0 
net.**ipv6.conf.enp8s0**.autoconf = 1 
net.**ipv6.conf.enp8s0**.dad_transmits = 1 
net.**ipv6.conf.enp8s0**.disable_ipv6 = 0 
net.**ipv6.conf.enp8s0**.disable_policy = 0 
net.**ipv6.conf.enp8s0**.drop_unicast_in_l2_multicast = 0 
net.**ipv6.conf.enp8s0**.drop_unsolicited_na = 0 
net.**ipv6.conf.enp8s0**.enhanced_dad = 1 
net.**ipv6.conf.enp8s0**.force_mld_version = 0 
net.**ipv6.conf.enp8s0**.force_tllao = 0 
net.**ipv6.conf.enp8s0**.forwarding = 1 
net.**ipv6.conf.enp8s0**.hop_limit = 64 
net.**ipv6.conf.enp8s0**.ignore_routes_with_linkdown = 0 
net.**ipv6.conf.enp8s0**.keep_addr_on_down = 0 
net.**ipv6.conf.enp8s0**.max_addresses = 16 
net.**ipv6.conf.enp8s0**.max_desync_factor = 600 
net.**ipv6.conf.enp8s0**.mc_forwarding = 0 
net.**ipv6.conf.enp8s0**.mldv1_unsolicited_report_interval = 10000 
net.**ipv6.conf.enp8s0**.mldv2_unsolicited_report_interval = 1000 
net.**ipv6.conf.enp8s0**.mtu = 1500 
net.**ipv6.conf.enp8s0**.ndisc_notify = 0 
net.**ipv6.conf.enp8s0**.ndisc_tclass = 0 
net.**ipv6.conf.enp8s0**.proxy_ndp = 0 
net.**ipv6.conf.enp8s0**.ra_defrtr_metric = 1024 
net.**ipv6.conf.enp8s0**.regen_max_retry = 3 
net.**ipv6.conf.enp8s0**.router_probe_interval = 60 
net.**ipv6.conf.enp8s0**.router_solicitation_delay = 1 
net.**ipv6.conf.enp8s0**.router_solicitation_interval = 4 
net.**ipv6.conf.enp8s0**.router_solicitation_max_interval = 3600 
net.**ipv6.conf.enp8s0**.router_solicitations = -1 
net.**ipv6.conf.enp8s0**.rpl_seg_enabled = 0 
net.**ipv6.conf.enp8s0**.seg6_enabled = 0 
net.**ipv6.conf.enp8s0**.seg6_require_hmac = 0 
net.**ipv6.conf.enp8s0**.suppress_frag_ndisc = 1 
net.**ipv6.conf.enp8s0**.temp_prefered_lft = 86400 
net.**ipv6.conf.enp8s0**.temp_valid_lft = 604800 
net.**ipv6.conf.enp8s0**.use_oif_addrs_only = 0 
net.**ipv6.conf.enp8s0**.use_tempaddr = 1 
net.**ipv6.neigh.enp8s0**.anycast_delay = 100 
net.**ipv6.neigh.enp8s0**.app_solicit = 0 
net.**ipv6.neigh.enp8s0**.base_reachable_time_ms = 30000 
net.**ipv6.neigh.enp8s0**.delay_first_probe_time = 5 
net.**ipv6.neigh.enp8s0**.gc_stale_time = 60 
net.**ipv6.neigh.enp8s0**.locktime = 0 
net.**ipv6.neigh.enp8s0**.mcast_resolicit = 0 
net.**ipv6.neigh.enp8s0**.mcast_solicit = 3 
net.**ipv6.neigh.enp8s0**.proxy_delay = 80 
net.**ipv6.neigh.enp8s0**.proxy_qlen = 64 
net.**ipv6.neigh.enp8s0**.retrans_time_ms = 1000 
net.**ipv6.neigh.enp8s0**.ucast_solicit = 3 
net.**ipv6.neigh.enp8s0**.unres_qlen = 101 
net.**ipv6.neigh.enp8s0**.unres_qlen_bytes = 212992
[/FONT]

I moved /var/lib/wicked/lease-enp8s0-dhcp-ipv6.xml as I also changed DUID and IAID for the case that old values are causing trouble at ISP end.

Command sequence for restarting wicked (and dhcp servers):

# systemctl stop wicked; systemctl stop wickedd-dhcp6.service ;systemctl start wickedd-dhcp6.service ;systemctl start wicked;systemctl restart dhcpd;systemctl restart dhcpd6

(Dhcp servers are used for internal networks and they must be restarted at this point.)

Tcpdump output of IPv6 traffic is below. ISP offered IPv6 address is highlighed in blue.


15:00:09.643885 IP6 (hlim 1, next-header Options (0) payload length: 76) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s)
 [gaddr ff02::1:ff00:0 to_in { }] [gaddr ff02::1:ffb3:2c01 to_ex { }] [gaddr ff02::2 to_ex { }] 
15:00:09.792373 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ffb3:2c01: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::aa5e:45ff:feb3:2c01 
          unknown option (14), length 8 (1):  
            0x0000:  3b8d cd80 c954 
15:00:10.379893 IP6 (hlim 1, next-header Options (0) payload length: 76) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ff00:0 to_in { }] [gaddr ff02::1:ffb3:2c01 to_ex { }] [gaddr ff02::2 to_ex { }] 
15:00:10.795942 IP6 (hlim 1, next-header Options (0) payload length: 76) fe80::aa5e:45ff:feb3:2c01 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ff00:0 to_ex { }] [gaddr ff02::1:ffb3:2c01 to_ex { }] [gaddr ff02::2 to_ex { }] 
15:00:10.795951 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::aa5e:45ff:feb3:2c01 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16 
          source link-address option (1), length 8 (1): a8:5e:45:b3:2c:01 
            0x0000:  a85e 45b3 2c01 
15:00:10.808307 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa5e:45ff:feb3:2c01 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff00:0 to_ex { }] 
15:00:11.308282 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa5e:45ff:feb3:2c01 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff00:0 to_ex { }] 
15:00:11.340366 IP6 (hlim 1, next-header Options (0) payload length: 76) fe80::aa5e:45ff:feb3:2c01 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 3 group record(s) [gaddr ff02::1:ff00:0 to_ex { }] [gaddr ff02::1:ffb3:2c01 to_ex { }] [gaddr ff02::2 to_ex { }] 
15:00:11.869129 IP6 (flowlabel 0x6da14, hlim 1, next-header UDP (17) payload length: 97) fe80::aa5e:45ff:feb3:2c01.546 > ff02::1:2.547: [bad udp cksum 0x190c -> 0xe433!] dhcp6 solicit (xid=4358b1 (elapsed-time 0) (client-ID hwaddr/time type 1 time 688302003 a85e45b32c01) (rapid-commit) (option-request preference opt_82 DNS-server DNS-search-list SNTP-servers NIS-server 
NIS-domain-name POSIX-timezone POSIX-tz-database opt_59 opt_60) (Client-FQDN) (IA_NA IAID:1169370114 T1:0 T2:0)) 
15:00:11.883200 IP6 (hlim 64, next-header UDP (17) payload length: 128) fe80::217:10ff:fe97:df02.547 > fe80::aa5e:45ff:feb3:2c01.546: [udp sum ok] dhcp6 advertise (xid=4358b1 (server-ID hwaddr type 1 e48184d02f34) (client-ID hwaddr/time type 1 time 688302003 a85e45b32c01) (rapid-commit) (IA_NA IAID:1169370114 T1:450 T2:600 (IA_ADDR 2001:14ba:4900:7b48::1 pltime:900 vlti
me:900)) (DNS-server 2001:14b8:1000::1 2001:14b8:1000::2)) 
15:00:12.963546 IP6 (flowlabel 0x6da14, hlim 1, next-header UDP (17) payload length: 97) fe80::aa5e:45ff:feb3:2c01.546 > ff02::1:2.547: [bad udp cksum 0x190c -> 0xe3c6!] dhcp6 solicit (xid=4358b1 (elapsed-time 109) (client-ID hwaddr/time type 1 time 688302003 a85e45b32c01) (rapid-commit) (option-request preference opt_82 DNS-server DNS-search-list SNTP-servers NIS-serve
r NIS-domain-name POSIX-timezone POSIX-tz-database opt_59 opt_60) (Client-FQDN) (IA_NA IAID:1169370114 T1:0 T2:0)) 
15:00:12.980197 IP6 (hlim 64, next-header UDP (17) payload length: 128) fe80::217:10ff:fe97:df02.547 > fe80::aa5e:45ff:feb3:2c01.546: [udp sum ok] dhcp6 advertise (xid=4358b1 (server-ID hwaddr type 1 e48184d02f34) (client-ID hwaddr/time type 1 time 688302003 a85e45b32c01) (rapid-commit) (IA_NA IAID:1169370114 T1:450 T2:600 (IA_ADDR 2001:14ba:4900:7b48::1 pltime:900 vltime:900)) (DNS-server 2001:14b8:1000::1 2001:14b8:1000::2)) 
15:00:14.924349 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::aa5e:45ff:feb3:2c01 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16 
          source link-address option (1), length 8 (1): a8:5e:45:b3:2c:01 
            0x0000:  a85e 45b3 2c01 
15:00:15.344465 IP6 (flowlabel 0x6da14, hlim 1, next-header UDP (17) payload length: 97) fe80::aa5e:45ff:feb3:2c01.546 > ff02::1:2.547: [bad udp cksum 0x190c -> 0xe2d8!] dhcp6 solicit (xid=4358b1 (elapsed-time 347) (client-ID hwaddr/time type 1 time 688302003 a85e45b32c01) (rapid-commit) (option-request preference opt_82 DNS-server DNS-search-list SNTP-servers NIS-server NIS-domain-name POSIX-timezone POSIX-tz-database opt_59 opt_60) (Client-FQDN) (IA_NA IAID:1169370114 T1:0 T2:0))
15:00:15.364221 IP6 (hlim 64, next-header UDP (17) payload length: 128) fe80::217:10ff:fe97:df02.547 > fe80::aa5e:45ff:feb3:2c01.546: [udp sum ok] dhcp6 advertise (xid=4358b1 (server-ID hwaddr type 1 e48184d02f34) (client-ID hwaddr/time type 1 time 688302003 a85e45b32c01) (rapid-commit) (IA_NA IAID:1169370114 T1:450 T2:600 (IA_ADDR 2001:14ba:4900:7b48::1 pltime:900 vltime:900)) (DNS-server 2001:14b8:1000::1 2001:14b8:1000::2))

Before ISP’s maintenance provided IPv6 address was given as a host with /128 prefix. Now it seems more like there should network prefix /64. Because ISP used to provide only single IPv6 address, I use private IPv6 addresses in my internal network and use NAT for outgoing traffic.

What should I try next to get IPv6 address configured?

arvidjaar · October 23, 2021, 4:14pm

How is “your router” related to openSUSE system? Do you have separate “router” from your ISP and openSUSE system receives its addresses from this router, or is your openSUSE connected directly to your ISP and openSUSE is your router?

Case is not that simple: IPS stiil provides IPv6 address and default route.

Yes and no.

For some reason wicked does not apply received IPv6 address to interface.

See below

IPv6 default route is configured into routing table.

Default router is obtained via RA while IP address is obtained via DHCPv6.

radvd configuration generated by radvdump 2.19

based on Router Advertisement from fe80::217:10ff:fe97:df02

received by interface enp8s0

interface enp8s0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag on;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
AdvLinkMTU 1500;
}; # End of interface definition

That is probably acceptable for point-to-point link where the only “on-link” system is your default router. Anyway, it says IPv6 address must be obtained via DHCPv6 (and there is no other way because no prefix is announced).

15:00:11.869129 IP6 (flowlabel 0x6da14, hlim 1, next-header UDP (17) payload length: 97) fe80::aa5e:45ff:feb3:2c01.546 > ff02::1:2.547: [bad udp cksum 0x190c -> 0xe433!] dhcp6 solicit (xid=4358b1 (elapsed-time 0) (client-ID hwaddr/time type 1 time 688302003 a85e45b32c01) (rapid-commit) (option-request preference opt_82 DNS-server DNS-search-list SNTP-servers NIS-server NIS-domain-name POSIX-timezone POSIX-tz-database opt_59 opt_60) (Client-FQDN) (IA_NA IAID:1169370114 T1:0 T2:0))

Client sends Solicit message indicating it is willing to accept fast response (rapid commit). Server is expected to send Reply message with rapid commit option.

15:00:11.883200 IP6 (hlim 64, next-header UDP (17) payload length: 128) fe80::217:10ff:fe97:df02.547 > fe80::aa5e:45ff:feb3:2c01.546: [udp sum ok] dhcp6 advertise (xid=4358b1 (server-ID hwaddr type 1 e48184d02f34) (client-ID hwaddr/time type 1 time 688302003 a85e45b32c01) (rapid-commit) (IA_NA IAID:1169370114 T1:450 T2:600 (IA_ADDR 2001:14ba:4900:7b48::1 pltime:900 vltime:900)) (DNS-server 2001:14b8:1000::1 2001:14b8:1000::2))

Instead server responds with Advertise message with rapid commit option. As far as I can tell wicked ignores this response. I am not sure whether rapid-commit option is valid in Advertise at all; but wicked probably should not ignore the whole message (rules for validating Advertise message do not require it).

So I would say both server behavior is not quite compliant and wicked is too strict. wicked expects either Reply with rapid commit or Advertise without rapid commit. It does not receive either and so just restarts DHCPv6 transaction. I would suggest opening bug on bugzilla.opensuse.org for wicked providing full binary dump of transaction.

In the meantime you could try NetworkManager or systemd-networkd if they behave better.

arvidjaar · October 23, 2021, 4:24pm

Or you could try adding

DHCLIENT6_RAPID_COMMIT=no

to ifcfg-enp8s0.

jiivee · October 23, 2021, 5:10pm

Thank you. This solved the problem. Machine got a host IPv6 address with /128 mask and IPv6 is now working like before.

I am still curious to find if there is way to find out the true prefix behind assignet IPv6 address.

As this machine is headless server acting as router, I have thought NetworkManager is unable to manage networks, thus I have sticked with wicked.

arvidjaar · October 23, 2021, 7:06pm

There no such thing in IPv6. There are “on-link” prefixes which are directly reachable. The only way to determine such prefixes is from router advertisements. As you did not receive any on-link prefix, the only directly accessible address to you is default gateway. Thus prefix has absolutely no meaning.

Nor does DHCPv6 even provide information about address prefixes.

As this machine is headless server acting as router, I have thought NetworkManager is unable to manage networks.

What makes you think so? NetworkManager is headless background daemon. Do not confuse NetworkManger with (GUI) frontend used to configure NetwotkManager.

You may edit configuration files directly, you may use nmcli or you may use nmtui for full screen menu driven interface. All of it works just fine over console or SSH.

This solved the problem.

Good to know. I still think it deserves bug report. If you submit it, post link here, please.

jiivee · October 24, 2021, 9:28am

GUI related stuff have made me believe NetworkManager has been intended to be used with ordinary user sessions. And as wicked has worked on server side, I have not had a need to replace it. Maybe I give it a try on server side at some point.

I submitted a bug report as 1191982 – Wicked: Received IPv6 address not configured to interface.