Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Primary IPv6 not set for dualstack VMware VM using SLAAC #394

Closed
yaiqsa opened this issue May 29, 2024 · 11 comments
Closed

Primary IPv6 not set for dualstack VMware VM using SLAAC #394

yaiqsa opened this issue May 29, 2024 · 11 comments
Labels
awaiting reply Awaiting reply from issue owner
Milestone
1.7.0

Comments

@yaiqsa
Copy link

yaiqsa commented May 29, 2024

Hi there,

This is my current environment:
Netbox: v3.7.6
Netbox-sync: Current master (3b36133)
VMware: vCenter 8.0.2

These Netbox-sync settings seemed relevant:

set_primary_ip = when-undefined
permitted_subnets = 0.0.0.0/0, ::/0

I'm running across a problem with my dual-stack VMs. They have one vNIC, which has one IPv4 address, and one SLAAC IPv6 address. These addresses are both picked up by Netbox-sync. However, while the IPv4 address is automatically set as Primary address for the VM, the Primary IPv6 field remains empty.

The funny thing I noticed is that 'staticly' configured IPv6 addresses seem to work normally (and are set as Primary IPv6), but SLAAC addresses don't.

Is this by design, or can it be fixed?

Thank you in advance
@bb-Ricardo
Copy link
Owner

Hi,

this is intentional as you would have otherwise your NetBox instance filled with link local addresses:

netbox-sync/module/sources/common/permitted_subnets.py

Lines 96 to 102 in 3b36133

if ip_a.is_link_local is True:
log.debug(f"IP address {ip_text} is a link local address. Skipping.")
return False
if ip_a.is_loopback is True:
log.debug(f"IP address {ip_text} is a loopback address. Skipping.")
return False

@yaiqsa
Copy link
Author

yaiqsa commented May 30, 2024

I agree that most people wouldn't want their instance filled up with link local addresses, but there is a pretty significant difference between a link local address, and a (global unicast) SLAAC address right?

( Link local addresses are in the fe80::/10 prefix, SLAAC addresses are normal ::/128 publicly routable addresses, which are just automatically provisioned by the gateway, instead of manually configured on the host. In that way SLAAC serves a similar purpose to DHCP )

@bb-Ricardo
Copy link
Owner

Would you be able to run netbox-sync with the -l DEBUG2 option and post the relevant part of output here? A GUA is not a link local address and therefore should be included in the sync (as long as the address is part of a network defined in permitted_subnets)

@yaiqsa
Copy link
Author

yaiqsa commented May 30, 2024

Of course! I have redacted the addresses and names quite a bit, but the logs should still paint the correct picture.

2024-05-30 13:24:07,039 - DEBUG2: Found default IPv4 gateway 192.168.0.1
2024-05-30 13:24:07,039 - DEBUG2: Found default IPv6 gateway fe80::111:1ff:fe11:11
2024-05-30 13:24:07,039 - DEBUG2: Parsing device VirtualVmxnet3: 22:22:22:22:22:22
2024-05-30 13:24:07,042 - DEBUG: IP address 'fe80::2022:22ff:fe22:2222/64' for vNIC 1 (my-vlan) is a link local address. Skipping.
2024-05-30 13:24:07,043 - DEBUG2: Trying to find a virtual machine based on the collected name, cluster, IP and MAC addresses
2024-05-30 13:24:07,080 - DEBUG2: Found a exact matching virtual machine object: my-vm (my-cluster)
2024-05-30 13:24:07,080 - DEBUG2: Found a matching virtual machine object: my-vm (my-cluster)
2024-05-30 13:24:07,080 - DEBUG2: Parsing 'virtual machine' data structure: my-vm
2024-05-30 13:24:07,080 - DEBUG2: Parsing 'site' data structure: My Site
2024-05-30 13:24:07,081 - DEBUG2: Parsing 'platform' data structure: Ubuntu Linux (64-bit)
2024-05-30 13:24:07,083 - DEBUG2: Parsing 'Virtual Disk' data structure: Hard disk 1
2024-05-30 13:24:07,083 - DEBUG2: Trying to match current object interfaces in NetBox with discovered interfaces
2024-05-30 13:24:07,086 - DEBUG2: Found '1' NICs in NetBox for 'my-vm'
2024-05-30 13:24:07,086 - DEBUG2: Found 1:1 name match for NIC 'vNIC 1 (my-vlan)'
2024-05-30 13:24:07,087 - DEBUG2: Parsing 'virtual machine interface' data structure: vNIC 1 (my-vlan) (my-vm)
2024-05-30 13:24:07,087 - DEBUG2: Trying to find prefix for IP: 192.168.0.10/24
2024-05-30 13:24:07,089 - DEBUG2: Found IP '192.168.0.10/24' matches site 'My Site' prefix '192.168.0.0/24'
2024-05-30 13:24:07,097 - DEBUG2: Found existing NetBox IP address object: 192.168.0.10/24
2024-05-30 13:24:07,097 - DEBUG2: Parsing 'IP address' data structure: 192.168.0.10/24
2024-05-30 13:24:07,097 - DEBUG2: Trying to find prefix for IP: 2001:db8:1::2022:22ff:fe22:2222/64
2024-05-30 13:24:07,099 - DEBUG2: Found IP '2001:db8:1::2022:22ff:fe22:2222/64' matches site 'My Site' prefix '2001:db8:1::/64'
2024-05-30 13:24:07,109 - DEBUG2: Found existing NetBox IP address object: 2001:db8:1::2022:22ff:fe22:2222/64
2024-05-30 13:24:07,110 - DEBUG2: Parsing 'IP address' data structure: 2001:db8:1::2022:22ff:fe22:2222/64
2024-05-30 13:24:07,115 - DEBUG2: Found matching prefix VLAN 2 (My Site) for untagged interface VLAN.
2024-05-30 13:24:07,115 - DEBUG2: Parsing 'virtual machine interface' data structure: vNIC 1 (my-vlan) (my-vm)

One thing that didn't really realize before: Found default IPv6 gateway fe80::111:1ff:fe11:11.

This is accurate, sort of. In the IPv6 routing table on the host, the router's link-local address is the default gateway. I tried to find information about this online, but couldn't quickly find anything more authoritative than this stack-exchange comment:

Yes, all networks on a link have the gateway set to the router's link-local address. That is how IPv6 RAs (Router Advertisements) work, so all networks advertised on the link are in the RAs, and all use the router's link-local address as the gateway.

Reading this, I'm afraid it might be a matter of taste whether my 2001:db8:1::2022:22ff:fe22:2222 address should be regarded as a primary IP address.. I would like it to be though 😅

@bb-Ricardo
Copy link
Owner

Great, thank you for the output.

This narrows down the issue. If you have more then one IPv6 GUA then there is no real way which one to pick as the primary one.

What do you think?

@yaiqsa
Copy link
Author

yaiqsa commented May 30, 2024

Hmm, I've just read through rfc6724 looking for a generic answer, but there isn't really one when you don't have a destination address.

I think the problem here is that there isn't always one primary address when talking about IPv6, because of it's design taking multiple addresses into account.

I think there are two easy options:

  • Don't pick a SLAAC GUA, because priority can be environment specific. (This is what happens now)
  • If there is just one IPv6 GUA, pick that one 😅. This would work great for me, but how do you feel about that in general?

@bb-Ricardo
Copy link
Owner

I thought about your second suggestion already and think this would be an option. Just needs some special "IPv6" case changes.

Will probably do that.

@bb-Ricardo bb-Ricardo added this to the 1.7.0 milestone May 30, 2024
@yaiqsa
Copy link
Author

yaiqsa commented May 30, 2024

Awesome, thank you for your time already 👍🏻

bb-Ricardo added a commit that referenced this issue Oct 21, 2024
@bb-Ricardo
adds VM IPv6 as primary IPv6 if only one candidate was found #394
654d30e
@bb-Ricardo
Copy link
Owner

Hi @yaiqsa,

this took a while but I added the function to set primary IPv6 if only one candidate was found.

would you be able to test this?

Thank you

@bb-Ricardo bb-Ricardo added the awaiting reply Awaiting reply from issue owner label Oct 21, 2024
@yaiqsa
Copy link
Author

yaiqsa commented Oct 24, 2024

@bb-Ricardo Yes, it works!

Thank you ^^

@bb-Ricardo
Copy link
Owner

Perfect, thanks for the confirmation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting reply Awaiting reply from issue owner
Projects
None yet
Milestone
1.7.0
Development

No branches or pull requests
2 participants
@bb-Ricardo @yaiqsa