From 5fb77805f0fcc507c6af7b897fcf5a532bf20e42 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Fri, 1 Sep 2023 10:40:24 +0000 Subject: T5533: Fix VRRP IPv6 group enters in FAULT state Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it --- python/vyos/utils/network.py | 31 +++++++++++++++++++++++++++++++ src/conf_mode/high-availability.py | 16 ++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/python/vyos/utils/network.py b/python/vyos/utils/network.py index 2f181d8d9..bc6899e45 100644 --- a/python/vyos/utils/network.py +++ b/python/vyos/utils/network.py @@ -117,6 +117,37 @@ def get_interface_namespace(iface): if iface == tmp["ifname"]: return netns +def is_ipv6_tentative(iface: str, ipv6_address: str) -> bool: + """Check if IPv6 address is in tentative state. + + This function checks if an IPv6 address on a specific network interface is + in the tentative state. IPv6 tentative addresses are not fully configured + and are undergoing Duplicate Address Detection (DAD) to ensure they are + unique on the network. + + Args: + iface (str): The name of the network interface. + ipv6_address (str): The IPv6 address to check. + + Returns: + bool: True if the IPv6 address is tentative, False otherwise. + """ + import json + from vyos.utils.process import rc_cmd + + rc, out = rc_cmd(f'ip -6 --json address show dev {iface} scope global') + if rc: + return False + + data = json.loads(out) + for addr_info in data[0]['addr_info']: + if ( + addr_info.get('local') == ipv6_address and + addr_info.get('tentative', False) + ): + return True + return False + def is_wwan_connected(interface): """ Determine if a given WWAN interface, e.g. wwan0 is connected to the carrier network or not """ diff --git a/src/conf_mode/high-availability.py b/src/conf_mode/high-availability.py index 626a3757e..0121df11c 100755 --- a/src/conf_mode/high-availability.py +++ b/src/conf_mode/high-availability.py @@ -15,6 +15,8 @@ # along with this program. If not, see . +import time + from sys import exit from ipaddress import ip_interface from ipaddress import IPv4Interface @@ -26,11 +28,13 @@ from vyos.ifconfig.vrrp import VRRP from vyos.template import render from vyos.template import is_ipv4 from vyos.template import is_ipv6 +from vyos.utils.network import is_ipv6_tentative from vyos.utils.process import call from vyos import ConfigError from vyos import airbag airbag.enable() + def get_config(config=None): if config: conf = config @@ -171,6 +175,18 @@ def apply(ha): call(f'systemctl stop {service_name}') return None + # Check if IPv6 address is tentative T5533 + for group, group_config in ha['vrrp']['group'].items(): + if 'hello_source_address' in group_config: + if is_ipv6(group_config['hello_source_address']): + ipv6_address = group_config['hello_source_address'] + interface = group_config['interface'] + checks = 20 + interval = 0.1 + for _ in range(checks): + if is_ipv6_tentative(interface, ipv6_address): + time.sleep(interval) + call(f'systemctl reload-or-restart {service_name}') return None -- cgit v1.2.3