Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to avoid deleting the kernel_ll address from bridges. #47771

Merged
merged 1 commit into from Apr 30, 2024
Merged

Option to avoid deleting the kernel_ll address from bridges. #47771

merged 1 commit into from Apr 30, 2024
+64 −34

Conversation

robmry
Copy link
Contributor

@robmry robmry commented Apr 28, 2024
edited

- What I did

As discussed in this Slack thread, replacing the kernel-assigned link local address on bridges may be causing issues.

It'd be better not to replace it, and there shouldn't be any consequences but, to avoid the risk of a breaking change in a patch release - this PR introduces an environment variable that only modifies the current behaviour when set.

The kernel-ll address has been removed since #46850 - part of an attempt to prevent daemon startup failures following changes in fixed-cidr-v6. But, by treating the standard LL prefix as a special case, removal of the kernel-assigned LL address can be avoided.

This will make it possible to experiment and hopefully work around the problem. In 27.0 we should remove the env var and make the new behaviour the default, or revert this change - #47778.

- How I did it

If env var DOCKER_BRIDGE_PRESERVE_KERNEL_LL=1, don't assign fe80::1/64 to a bridge, and don't delete any link local address with prefix fe80::/64.

- How to verify it

Modified regression test, just to make sure setting the new env var doesn't cause any startup problems for the default bridge, and that it still ends up with a link-local address.

Without the env var set, for a user-defined network ...

docker network create n6 --ipv6 --subnet fdaa::/64
docker run --rm --name c1 -dti --network n6 alpine

12: br-6ae7b0edf268: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:07:85:54:ba brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-6ae7b0edf268
       valid_lft forever preferred_lft forever
    inet6 fdaa::1/64 scope global tentative
       valid_lft forever preferred_lft forever
    inet6 fe80::42:7ff:fe85:54ba/64 scope link tentative
       valid_lft forever preferred_lft forever
    inet6 fe80::1/64 scope link tentative
       valid_lft forever preferred_lft forever

dockerd restart ...

12: br-6ae7b0edf268: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:07:85:54:ba brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-6ae7b0edf268
       valid_lft forever preferred_lft forever
    inet6 fdaa::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::1/64 scope link
       valid_lft forever preferred_lft forever

With the env var set ...

Initially, and after daemon restart ...

17: br-e476bcfaa2de: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:c8:2b:c2:4a brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-e476bcfaa2de
       valid_lft forever preferred_lft forever
    inet6 fdaa::1/64 scope global tentative
       valid_lft forever preferred_lft forever
    inet6 fe80::42:c8ff:fe2b:c24a/64 scope link tentative
       valid_lft forever preferred_lft forever

- Description for the changelog

Experimental environment variable `DOCKER_BRIDGE_PRESERVE_KERNEL_LL=1` will prevent the daemon from removing the kernel-assigned link local address on a Linux bridge.

@robmry
Option to avoid deleting the kernel_ll address from bridges.
57ada4b 
If env var DOCKER_BRIDGE_PRESERVE_KERNEL_LL=1, don't assign fe80::1/64
to a bridge, and don't delete any link local address with prefix fe80::/64.

Signed-off-by: Rob Murray <rob.murray@docker.com>
@robmry robmry self-assigned this Apr 28, 2024
@robmry robmry added this to the 26.0.3 milestone Apr 29, 2024
@robmry robmry modified the milestones: 26.0.3, 26.1.1 Apr 29, 2024
@robmry robmry marked this pull request as ready for review April 29, 2024 16:32
@vvoland vvoland mentioned this pull request Apr 29, 2024
Merged
vvoland
vvoland approved these changes Apr 30, 2024
View reviewed changes
Copy link
Contributor

@vvoland vvoland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Behavior stays the same without an explicit opt-in via the env var, so LGTM

@vvoland vvoland merged commit 9d07820 into moby:master Apr 30, 2024
186 checks passed
@robmry robmry mentioned this pull request Apr 30, 2024
Closed
@robmry robmry deleted the dont_delete_kernel_ll_addrs branch May 1, 2024 09:09
@robmry robmry mentioned this pull request May 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akerouanton akerouanton akerouanton approved these changes

@vvoland vvoland vvoland approved these changes

@corhere corhere Awaiting requested review from corhere

Assignees

@robmry robmry

Labels
area/networking/ipv6 Issues related to ipv6 area/networking impact/changelog kind/experimental process/cherry-picked status/2-code-review version/25.0
Projects
None yet
Milestone
26.1.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@robmry @akerouanton @vvoland