Merge pull request #2200 from sever-sever/T5533-eq

T5533: Fix VRRP IPv6 FAULT state due to IPv6 tentative state

2 files changed, 43 insertions, 1 deletions

diff --git a/python/vyos/util.py b/python/vyos/util.py
index 20c743b35..e83a17e18 100644
--- a/python/vyos/util.py
+++ b/python/vyos/util.py
@@ -920,6 +920,34 @@ def is_ipv6_enabled() -> bool:
     """ Check if IPv6 support on the system is enabled or not """
     return (sysctl_read('net.ipv6.conf.all.disable_ipv6') == '0')
 
+def is_ipv6_tentative(iface: str, ipv6_address: str) -> bool:
+    """Check if IPv6 address is in tentative state.
+    This function checks if an IPv6 address on a specific network interface is
+    in the tentative state. IPv6 tentative addresses are not fully configured
+    and are undergoing Duplicate Address Detection (DAD) to ensure they are
+    unique on the network.
+    Args:
+        iface (str): The name of the network interface.
+        ipv6_address (str): The IPv6 address to check.
+    Returns:
+        bool: True if the IPv6 address is tentative, False otherwise.
+    """
+    import json
+    from vyos.util import rc_cmd
+
+    rc, out = rc_cmd(f'ip -6 --json address show dev {iface} scope global')
+    if rc:
+        return False
+
+    data = json.loads(out)
+    for addr_info in data[0]['addr_info']:
+        if (
+            addr_info.get('local') == ipv6_address and
+            addr_info.get('tentative', False)
+        ):
+            return True
+    return False
+
 def interface_exists(interface) -> bool:
     import os
     return os.path.exists(f'/sys/class/net/{interface}')
diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py
index ad38adaec..86b11b6c4 100755
--- a/src/conf_mode/vrrp.py
+++ b/src/conf_mode/vrrp.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2021 VyOS maintainers and contributors
+# Copyright (C) 2018-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
+import time
 
 from sys import exit
 from ipaddress import ip_interface
@@ -28,6 +29,7 @@ from vyos.template import render
 from vyos.template import is_ipv4
 from vyos.template import is_ipv6
 from vyos.util import call
+from vyos.util import is_ipv6_tentative
 from vyos.util import is_systemd_service_running
 from vyos.xml import defaults
 from vyos import ConfigError
@@ -147,6 +149,18 @@ def apply(vrrp):
         call(f'systemctl stop {service_name}')
         return None
 
+    # Check if IPv6 address is tentative T5533
+    for group, group_config in vrrp['group'].items():
+        if 'hello_source_address' in group_config:
+            if is_ipv6(group_config['hello_source_address']):
+                ipv6_address = group_config['hello_source_address']
+                interface = group_config['interface']
+                checks = 20
+                interval = 0.1
+                for _ in range(checks):
+                    if is_ipv6_tentative(interface, ipv6_address):
+                        time.sleep(interval)
+
     # XXX: T3944 - reload keepalived configuration if service is already running
     # to not cause any service disruption when applying changes.
     if is_systemd_service_running(service_name):