build_debian: Disable IPv6 DAD (#56)
This change disables DAD (IPv6's Duplicate Address Detection). DAD protects against IP address conflicts. The way it works is that after an address is added to an interface, the operating system uses the Neighbor Discovery Protocol to check if any other host on the network has the same address. If it finds a neighbor with the same address, the address is removed from the interface. The problem here is that the time waiting for DAD to be done is fairly long and because that we set the host interface operating status to be down at first, the port cannot exchange the Neighbor Discovery Protocol and DAD will time out. The host interface is only brought up after we have received the port admin status up notification from the kernel, which happens only after the DAD is done or times out. This makes the whole host interfaces bringing up procedure very slow. This the DAD is disabled. When it is disabled, addresses are immediately usable. Without DAD, we need to make sure that the IPv6 addresses don't have conflicts. For now, we have two IPv6 addresses. One is assigned manually, which prevents conflicts at first. Another one is the IPv6 link-local address. It is derived from the MAC address and thus all the link-local addresses are the same on one box. Because link-local addresses are not used, it will not trigger issues even if they are the same.
This commit is contained in:
parent
0f10cd4a4d
commit
5405b576e6
@ -203,11 +203,13 @@ set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_announce 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_filter 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_notify 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_ignore 0
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.default.accept_dad 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_accept 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_announce 1
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_filter 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_notify 1
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_ignore 2
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.all.accept_dad 0
|
||||
" -r $FILESYSTEM_ROOT
|
||||
|
||||
## docker-py is needed by Ansible docker module
|
||||
|
Loading…
Reference in New Issue
Block a user