/ openstack

IPv6 temporary addresses and busted networks

openstack | cloud | networking | ops

When deploying IPv6 on an OpenStack cloud it may be useful to disable IPv6 privacy extensions within the instance to ensure there's nothing being assumed within the instance.

IPv6 privacy extensions can cause issues by preferring a temporary private network over a public one. This preference may limit connectivity in certain situations. An example of a connectivity issue can be seen where the command traceroute6 fails or misses all hops while all other traffic to a given domain with a AAAA record succeeds. To "fix" this issue the RFC3041 extensions can be disabled.

Here is a quick bash loop to disable the IPv6 use_tempaddr extensions.

V6TEMPADDR_SYSCTLS="$(sysctl -a | grep '^net.ipv6.conf.*use_tempaddr' | sed 's/\s//g')"
for i in ${V6TEMPADDR_SYSCTLS}; do
    name=$(echo "$i" | awk -F'=' '{print $1}')
    value=$(echo "$i" | awk -F'=' '{print $2}')
    if [[ "${value}" != "0" ]];then
        if ! grep -q "^${name}" /etc/sysctl.conf; then
            (sudo sysctl -w ${name}=0 | tee -a /etc/sysctl.conf) || true
            sed -i "s|^${name}.*|$(sudo sysctl -w ${name}=0)|" /etc/sysctl.conf || true
Related bugs

Kevin Carter

Kevin Carter

I'm me! Developer, Operator, Cloud Builder, Lover of Open Source, and hater of Nonsense (I know they're all related, leave me alone).

Read More