Monday, November 21, 2016

IPv6 & Systemd, another look

by Craig Miller

Lennart Poettering on systemd*

Systemd is coming to a computer near you. All the major linux distributions have adopted it. Systemd is a replacement for init, PID 1, and if the developers had stopped their, there would be no real impact. But the developers have expanded the influence of systemd to include many other aspects of how your linux workstation operates.
  • networkd - Controls the aspects of networking, including DHCPv6 Client, RA processing, SLAAC address assignment, IPv6 route insertion, etc
  • resolved - Acts like DNSMasq (but more limited) in resolving Domain Names. It gets pointed to DNS servers via networkd.
  • Other aspects of the linux host, including logind, hostnamed, locald, timedated, machined, importd to name a few.
The systemd daemons will also process IPv4 information, but that is beyond the scope of this blog.

Another Look at systemd

It has been six months since I took a good look at systemd and IPv6. You may remember that there were some clear issues which may cause one to pause before deploying a systemd host in an IPv6 production network.

A recap of IPv6 issues with systemd

The devs at systemd (and Redhat) have decided to re-implement functionality already in the kernel code. Therefore there are a few things which worked just fine in a non-systemd system, but do not in a modern system. Retesting with systemd version 231, we see there are improvements (below).
Description Issue Status
IPv6 RA flood (THC flood_router6) causes network disconnection even after flood ceases#2977FIXED
Temporary addresses (RFC 4941) are broken from version 224 to 228#2242FIXED
nterface disable/enable IPv4 will reaquire and address, but IPv6 will not (other than link-local), and will remain address-less until restarting networkd#2912Still broken
Fails to send Router Solicitation#2365Still broken
Unable to view DUID (DHCPv6 Identifier) on host#2952Closed but Still broken
Bridged Interfaces get IPv6 SLAAC addresses#2572FIXED
Systemd in a VM failed to start due to RA parsing error#2228FIXED
IPv6 incorrectly not enabled on Virtuozzo containers#2059FIXED
IPv6cceptRouterAdvertisements=yes or unset accepts too many prefixes#2004FIXED
Does not support DHCPV6-PD#1080Still broken
Does not support SLAAC RDNSS#1079FIXED

A few more issues have been added in the past 6 months

networkd does not support DNS List option in RA#4590            Open
Semantically Opaque Interface Identifiers with IPv6 SLAAC RFC 7217#4625Open
networkd: handle MTU field in IPv6 RA#4464Open
RFC 7084 support in networkd (automatic ipv6 prefix delegation)#4073Open

Time will improve systemd

It is unfortunate that the systemd team has decided to re-implement existing functionality (e.g. in the kernel, dnsmasq, odhcpd). But like fine wine, it is improving. Be sure to check the details of the issues which may impact your testing/deployment and save yourself a bunch of time. As always, taking the time to plan your IPv6 deployment will save you time in the end.

*Lennart Poettering T Shirt 

No comments:

Post a Comment