[draft] [v3.29] fix for issues on ipv6 enabled clusters #834
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aritrbas
changed the title
aritrbas
force-pushed
the
abasu-dhcp6-fix-v329
branch
3 times, most recently
from
d70ee5c to
326b60f
Compare
added 2 commits
December 3, 2025 17:02
Signed-off-by: Aritra Basu <[email protected]>
Signed-off-by: Aritra Basu <[email protected]>
aritrbas
force-pushed
the
abasu-dhcp6-fix-v329
branch
from
326b60f to
cab1a3c
Compare
aritrbas
changed the title
aritrbas
force-pushed
the
abasu-dhcp6-fix-v329
branch
4 times, most recently
from
e828b47 to
825298e
Compare
Signed-off-by: Aritra Basu <[email protected]>
aritrbas
force-pushed
the
abasu-dhcp6-fix-v329
branch
from
825298e to
93c2486
Compare
Signed-off-by: Aritra Basu <[email protected]>
Signed-off-by: Aritra Basu <[email protected]>
This patch removes the nodeIP from the tap0 interface in VPP.
With this patch, for each uplink interface eth0 with IP 192.168.0.1/24
we create a corresponding tap0 set up the following way:
* In VRF:0
* we create the af_packet interface with IP 192.168.0.1/24
* we receive 192.168.0.1/32 locally, traffic to 192.168.0.1 without listeners
will end up in punt
* In the punt table
* we route 192.168.0.1/24 via tap0 192.168.0.1
* In linux
* tap0 has the 192.168.0.1/24 address
* tap0 will respond to ARPs as VPP has arp proxy enabled
* In a host-tap-eth0-v4 VRF
* we place the tap0 interface
* we give it the 169.254.0.1/32 address, overridable with CALICOVPP_TAP0_ADDR
* we enable IP6 without setting an address
* we add a static neighbor for 192.168.0.1 to the MAC of the linux side of the tap
* If we specify a rule in redirectToHostRules (e.g. for DNS in kind)
* we will have the classifier entry redirect to tap0 192.168.0.1
Signed-off-by: Nathan Skrzypczak <[email protected]>
aritrbas
force-pushed
the
abasu-dhcp6-fix-v329
branch
7 times, most recently
from
a72d00a to
86f489e
Compare
aritrbas
force-pushed
the
abasu-dhcp6-fix-v329
branch
from
dd9f8a6 to
8d985ce
Compare
IPv6 gateway traffic (DHCPv6/ICMP) fails when VPP takes over the uplink. - Without gateway ND proxy, host NS for the default gateway is dropped by VPP with "neighbor solicitations for unknown targets" error due to missing /128 target entry in the tap FIB. Fix: - Enable ND proxy for the gateway on the tap so the host can resolve the gateway via VPP. Signed-off-by: Aritra Basu <[email protected]>
aritrbas
force-pushed
the
abasu-dhcp6-fix-v329
branch
from
8d985ce to
838d59d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[WIP] cherry-pick of fixes from
masterfor issues on ipv6 enabled clusters