I have been using RHEL/CentOS lineage Linuces for a good while now, and I believe the strength and distro mindset is their dedication to package dependencies. Some packages or software that require bleeding edge or even not so recently updated/released libraries/CPAN perl modules etc don’t behave well or won’t install/compile without breaking those dependencies without installing source packages. This paradoxally is the weakness of RHEL/CentOS, their dedication to dependencies They occasionally are a bit behind when it comes to the latest and greatest, and you cat get handcuffed if you want to remain within the confines of the dependancy sandbox.
In any case I wanted to toy with some software that clearly seems written for Ubuntu (first tell-tale sign is that you need to add a bunch of user-contributed repositories so you can install it….) This software requires IPv6 connectivity so I decided to trash a BIND virtual server I was using and replace it with Ubuntu 14.04 from the .ISO. I am not totally foreign to Ubuntu as I use Ubuntu desktop on a couple laptops, however in a server environment I have never bothered to consider it out of laziness, mostly. Here are a few observations, some of which I am still trying to wrap my head around.
My first challenge was getting BIND to start correctly. I usually use “listen-on-v6” to specify what interfaces I allow BIND to bind to, and was seeing this incredibly annoying message on bootup and BIND was not binding to any IPv6 addresses, defeating the purpose of running BIND on this server in the first place:
yet 2001:db8:9::37/64 is statically configured in my interface config (!!):
apparently, Ubuntu is in such a hurry to boot that it starts daemons before the interface init is even finished (!) Major-wtf. So it would seem that it is prudent (and necessary?) to put the IPv6 definition of eth0 inet6 *before* IPv4. Guess that is good to know Once thats done, BIND starts correctly and we can move on.
IPv6 default gateway gong-show
My next hurdle was not far away. Even if I manually set the gateway, for some reason Ubuntu seems to feel it necessary to send a router solicitation… My network has regular router advertisements disabled, just because I don’t want SLAAC to work in that particular test environment. So even if I statically configure Ubuntu with a prefix, mask and gateway, it still seems to feel a need to go exploring for routers and sends out an ICMPv6 router solicitation…so when I check the routing table:
now wait a minute! My network does not send periodic RAs, I have statically defined my gateway, and Ubuntu overrides whatever I defined with auto-learned crap?? After 500 seconds, the RS-learned gateways disappear and whatever I defined as default then remains, and sometimes no gateway at all…..
Remember I mentioned above the bit about putting the IPv6 config before IPv4? My network uses HSRP as first-hop redundancy, and IOS didn’t allow for global addressing (and some supported IOS trains do not have this feature) until “recently”. In any case, I want to use a link-local address as a gateway. For some reason, if the IPv6 interface in Ubuntu is defined *after* the IPv4 address, the LL gateway sometimes is ignored (what?) So not only do I get possibly bogus gateways via ICMPv6 router solicitation, I might end up with no gateway at all once those RAs lifetime is up. not good.
The solution is to disable router-advertisement learning in /etc/sysctl.conf by adding the following:
and contrary to RHEL/CentOS (and pretty much any environment where a link-local is used to route something that I have seen), it is not necessary to specify the interface – I suppose Ubuntu is doing some logic there:
Network restart broken
My last adventure was trying to restart networking in some controlled way after making changes. I believed I had broken my install when I got the following as a result:
After some googling, apparently this is known. So shucks, another thing that will hopefully get fixed At the rate Ubuntu seems to update packages, I suppose it might not be a long wait