/ openstack

IPv6 temporary addresses and busted networks

openstack | cloud | networking | ops

When deploying IPv6 on an OpenStack cloud it may be useful to disable IPv6 privacy extensions within the instance to ensure there's nothing being assumed within the instance.

IPv6 privacy extensions can cause issues by preferring a temporary private network over a public one. This preference may limit connectivity in certain situations. An example of a connectivity issue can be seen where the command traceroute6 fails or misses all hops while all other traffic to a given domain with a AAAA record succeeds. To "fix" this issue the RFC3041 extensions can be disabled.

Here is a quick bash loop to disable the IPv6 use_tempaddr extensions.

V6TEMPADDR_SYSCTLS="$(sysctl -a | grep '^net.ipv6.conf.*use_tempaddr' | sed 's/\s//g')"
for i in ${V6TEMPADDR_SYSCTLS}; do
    name=$(echo "$i" | awk -F'=' '{print $1}')
    value=$(echo "$i" | awk -F'=' '{print $2}')
    if [[ "${value}" != "0" ]];then
        if ! grep -q "^${name}" /etc/sysctl.conf; then
            (sudo sysctl -w ${name}=0 | tee -a /etc/sysctl.conf) || true
        else
            sed -i "s|^${name}.*|$(sudo sysctl -w ${name}=0)|" /etc/sysctl.conf || true
        fi
    fi
done
Related bugs