build_debian: Disable IPv6 DAD (#56)

This change disables DAD (IPv6's Duplicate Address Detection). DAD
protects against IP address conflicts. The way it works is that after
an address is added to an interface, the operating system uses the
Neighbor Discovery Protocol to check if any other host on the network
has the same address. If it finds a neighbor with the same address,
the address is removed from the interface.

The problem here is that the time waiting for DAD to be done is fairly
long and because that we set the host interface operating status to be
down at first, the port cannot exchange the Neighbor Discovery Protocol
and DAD will time out. The host interface is only brought up after we
have received the port admin status up notification from the kernel,
which happens only after the DAD is done or times out. This makes the
whole host interfaces bringing up procedure very slow.

This the DAD is disabled. When it is disabled, addresses are immediately
usable. Without DAD, we need to make sure that the IPv6 addresses don't
have conflicts. For now, we have two IPv6 addresses. One is assigned
manually, which prevents conflicts at first. Another one is the IPv6
link-local address. It is derived from the MAC address and thus all the
link-local addresses are the same on one box. Because link-local addresses
are not used, it will not trigger issues even if they are the same.
This commit is contained in:
Shuotian Cheng 2016-11-03 12:15:00 -07:00
parent 0f10cd4a4d
commit 5405b576e6

View File

@ -203,11 +203,13 @@ set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_announce 0
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_filter 0
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_notify 0
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_ignore 0
set /files/etc/sysctl.conf/net.ipv6.conf.default.accept_dad 0
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_accept 0
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_announce 1
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_filter 0
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_notify 1
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_ignore 2
set /files/etc/sysctl.conf/net.ipv6.conf.all.accept_dad 0
" -r $FILESYSTEM_ROOT
## docker-py is needed by Ansible docker module