T5533: Fix VRRP IPv6 FAULT state due to IPv6 tentative state

Checks if an IPv6 address on a specific network interface is
in the tentative state. IPv6 tentative addresses are not fully configured
and are undergoing Duplicate Address Detection (DAD) to ensure they are
unique on the network.

inet6 2001:db8::3/125 scope global tentative

It tentative state the group enters in FAULT state. Fix it.

2 files changed, 43 insertions, 1 deletions

diff --git a/python/vyos/util.py b/python/vyos/util.py
index 20c743b35..e83a17e18 100644
--- a/python/vyos/util.py
+++ b/python/vyos/util.py
@@ -920,6 +920,34 @@ def is_ipv6_enabled() -> bool:
     """ Check if IPv6 support on the system is enabled or not """
     return (sysctl_read('net.ipv6.conf.all.disable_ipv6') == '0')
 
+def is_ipv6_tentative(iface: str, ipv6_address: str) -> bool:
+    """Check if IPv6 address is in tentative state.
+    This function checks if an IPv6 address on a specific network interface is
+    in the tentative state. IPv6 tentative addresses are not fully configured
+    and are undergoing Duplicate Address Detection (DAD) to ensure they are
+    unique on the network.
+    Args:
+        iface (str): The name of the network interface.
+        ipv6_address (str): The IPv6 address to check.
+    Returns:
+        bool: True if the IPv6 address is tentative, False otherwise.
+    """
+    import json
+    from vyos.util import rc_cmd
+
+    rc, out = rc_cmd(f'ip -6 --json address show dev {iface} scope global')
+    if rc:
+        return False
+
+    data = json.loads(out)
+    for addr_info in data[0]['addr_info']:
+        if (
+            addr_info.get('local') == ipv6_address and
+            addr_info.get('tentative', False)
+        ):
+            return True
+    return False
+
 def interface_exists(interface) -> bool:
     import os
     return os.path.exists(f'/sys/class/net/{interface}')
diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py
index ad38adaec..86b11b6c4 100755
--- a/src/conf_mode/vrrp.py
+++ b/src/conf_mode/vrrp.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2021 VyOS maintainers and contributors
+# Copyright (C) 2018-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
+import time
 
 from sys import exit
 from ipaddress import ip_interface
@@ -28,6 +29,7 @@ from vyos.template import render
 from vyos.template import is_ipv4
 from vyos.template import is_ipv6
 from vyos.util import call
+from vyos.util import is_ipv6_tentative
 from vyos.util import is_systemd_service_running
 from vyos.xml import defaults
 from vyos import ConfigError
@@ -147,6 +149,18 @@ def apply(vrrp):
         call(f'systemctl stop {service_name}')
         return None
 
+    # Check if IPv6 address is tentative T5533
+    for group, group_config in vrrp['group'].items():
+        if 'hello_source_address' in group_config:
+            if is_ipv6(group_config['hello_source_address']):
+                ipv6_address = group_config['hello_source_address']
+                interface = group_config['interface']
+                checks = 20
+                interval = 0.1
+                for _ in range(checks):
+                    if is_ipv6_tentative(interface, ipv6_address):
+                        time.sleep(interval)
+
     # XXX: T3944 - reload keepalived configuration if service is already running
     # to not cause any service disruption when applying changes.
     if is_systemd_service_running(service_name):