Skip to content

Commit

Permalink
Can't use ULA addresses in NAT64
Browse files Browse the repository at this point in the history 
Ran into an issue where routing on the OCP cluster gets confused by the
use of ULA addresses on the machine network.

OCP uses ULA addresses for internal networks, OVN kubernetes for
example. When using ULA addressing on the machine network there is race
when building the routing tables - and in some cases the hosts end up
using the wrong source address in outgoing traffic.

To fix this, switch to GUA addresses.
  • Loading branch information
@hjensas
hjensas committed Jun 15, 2024
1 parent 143ea56 commit 39d7b21
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 16 deletions.
8 changes: 4 additions & 4 deletions roles/nat64_appliance/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,16 @@ cifmw_nat64_network_ipv4_prefix: 24

cifmw_nat64_network_ipv6_name: nat64-net-v6
cifmw_nat64_network_ipv6_bridge_name: br-64v6
cifmw_nat64_network_ipv6_address: fc00:abcd:abcd:fc00::1
cifmw_nat64_network_ipv6_address: 2620:cf:cf:abcd:abcd:fc00::1
cifmw_nat64_network_ipv6_prefix: 64
cifmw_nat64_appliance_name: nat64-appliance
cifmw_nat64_appliance_ipv4_address: 172.31.255.2
cifmw_nat64_appliance_ipv6_address: fc00:abcd:abcd:fc00::2
cifmw_nat64_appliance_ipv6_address: 2620:cf:cf:abcd:abcd:fc00::2

cifmw_nat64_appliance_memory: 2
cifmw_nat64_appliance_cpus: 2
cifmw_nat64_appliance_ssh_pub_keys: []


cifmw_nat64_ipv6_prefix: "fc00:abcd:abcd:fc00::/64"
cifmw_nat64_ipv6_tayga_address: "fc00:abcd:abcd:fc00::3"
cifmw_nat64_ipv6_prefix: "2620:cf:cf:abcd:abcd:fc00::/64"
cifmw_nat64_ipv6_tayga_address: "2620:cf:cf:abcd:abcd:fc00::3"
2 changes: 1 addition & 1 deletion roles/nat64_appliance/files/elements/nat64-router/static/usr/local/sbin/configure-nat64
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ if [ -z "${NAT64_TAYGA_IPV6}" ]; then
echo "Please set NAT64_TAYGA_IPV6"; exit 1
fi

NAT64_TAYGA_IPV6_PREFIX=${NAT64_TAYGA_IPV6_PREFIX:-"fc00:abcd:abcd:fcff::/96"}
NAT64_TAYGA_IPV6_PREFIX=${NAT64_TAYGA_IPV6_PREFIX:-"2620:cf:cf:abcd:abcd:fcff::/96"}
NAT64_TAYGA_DYNAMIC_POOL=${NAT64_TAYGA_DYNAMIC_POOL:-"192.168.255.0/24"}
NAT64_TAYGA_IPV4=${NAT64_TAYGA_IPV4:-"192.168.255.1"}

Expand Down
14 changes: 7 additions & 7 deletions roles/nat64_appliance/molecule/default/converge.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,9 @@
<name>br-mol</name>
<forward mode='open'/>
<bridge name='br-mol' stp='on' delay='0'/>
<ip family='ipv6' address='fc00:abcd:aaaa::1' prefix='64'/>
<ip family='ipv6' address='2620:cf:cf:abcd:aaaa::1' prefix='64'/>
<dns>
<forwarder addr='fc00:abcd:abcd:fc00::2'/>
<forwarder addr='2620:cf:cf:abcd:abcd:fc00::2'/>
</dns>
</network>
uri: 'qemu:///system'
Expand Down Expand Up @@ -137,14 +137,14 @@
match:
macaddress: "{{ test_node_mac_address }}"
addresses:
- 'fc00:abcd:aaaa::101/64'
- '2620:cf:cf:abcd:aaaa::101/64'
routes:
- to: '::/0'
via: 'fc00:abcd:aaaa::1'
via: '2620:cf:cf:abcd:aaaa::1'
on-link: true
nameservers:
addresses:
- 'fc00:abcd:aaaa::1'
- '2620:cf:cf:abcd:aaaa::1'
ansible.builtin.include_role:
name: config_drive

Expand Down Expand Up @@ -252,7 +252,7 @@

- name: Wait for test node to be reachable via ssh
ansible.builtin.wait_for:
host: 'fc00:abcd:aaaa::101'
host: '2620:cf:cf:abcd:aaaa::101'
port: 22
state: present
delay: 10
Expand All @@ -262,7 +262,7 @@
name: test-node
groups:
- test_nodes
ansible_host: 'fc00:abcd:aaaa::101'
ansible_host: '2620:cf:cf:abcd:aaaa::101'
ansible_ssh_user: 'cloud-user'
ansible_ssh_private_key_file: "{{ _test_key.filename }}"
ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
Expand Down
6 changes: 3 additions & 3 deletions roles/nat64_appliance/templates/config-data.j2
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# The IPv6 ip subnet, for example: fc00:abcd:abcd:fc00::/64
# The IPv6 ip subnet, for example: 2620:cf:cf:abcd:abcd:fc00::/64
NAT64_IPV6_PREFIX={{ cifmw_nat64_ipv6_prefix }}

# The IPv6 host address, for example: fc00:abcd:abcd:fc00::2
# The IPv6 host address, for example: 2620:cf:cf:abcd:abcd:fc00::2
NAT64_HOST_IPV6={{ cifmw_nat64_appliance_ipv6_address }}

# The IPv6 address used for the tayga tun interface, for example: fc00:abcd:abcd:fc00::3
# The IPv6 address used for the tayga tun interface, for example: 2620:cf:cf:abcd:abcd:fc00::3
NAT64_TAYGA_IPV6={{ cifmw_nat64_ipv6_tayga_address }}
2 changes: 1 addition & 1 deletion roles/nat64_appliance/templates/ipv6_network.xml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
/>
<route
family='ipv6'
address='fc00:abcd:abcd:fcff::'
address='2620:cf:cf:abcd:abcd:fcff::'
prefix='96'
gateway='{{ cifmw_nat64_appliance_ipv6_address }}'
/>
Expand Down

0 comments on commit 39d7b21

Please sign in to comment.