Ubuntu
systemd package

Setting DuplicateAddressDetection=none doesn't disable DAD for link-local IPs

Bug #1964494 reported by Alejandro Santoyo Gonzalez on 2022-03-10

This bug affects 3 people

	Status	Importance	Assigned to
systemd	Fix Released	Unknown	auto-github-systemd-systemd #22763
systemd (Ubuntu)	Fix Released	Medium	Unassigned
Jammy	Fix Released	Undecided	Unassigned
Kinetic	Fix Released	Medium	Unassigned

Bug Description

[impact]

manual disabling of ipv4 DAD (IACD) for static link-local address does not work in jammy

[test case]

see 'Reproducer' in original description below

[regression potential]

failure to disable DAD, or incorrect disabling of DAD, or networkd issues around parsing of DAD config parsing

[scope]

this is needed for j and k

introduced upstream by commit 1cf4ed142d6c1e2b9dc6a0bc74b6a83ae30b0f8e, first included in v249, so this bug does not affect impish or earlier

fixed upstream by commit 2859932bd64d61a89f85fa027762bc16961fcf53

[original description]

A customer reported network disconnections on their storage
servers when running 'netplan apply'. The culprit was that
they have link-local addresses configured and the Duplicate
Address Detection (DAD) mechanism was delaying the interfaces
from coming back up.

As a workaround we tried to disable DAD for the interfaces
but that's not working in Ubuntu 22.04:

I've noticed that setting DuplicateAddressDetection=none for an
interface with a link-local address (e.g., 169.254.*) via a
.network file added to /etc/systemd/network/ doesn't really
disable Duplicate Address Detection.

OS and package versions:
------------------------
- Description: Ubuntu Jammy Jellyfish (development branch). Release: 22.04
- systemd 249.5-2ubuntu4

Reproducer:
-----------
1- Set up Ubuntu 22.04 VM
2- Increase systemlog level:

  mkdir -p /etc/systemd/system/systemd-networkd.service.d/
  cat > /etc/systemd/system/systemd-networkd.service.d/10-debug.conf <<EOF
  [Service]
  Environment=SYSTEMD_LOG_LEVEL=debug
  EOF
  systemctl daemon-reload && systemctl restart systemd-networkd

3- Configure a link-local address to a network interface on the VM:
vi /etc/systemd/network/10-netplan-enp7s0.network
# add

[Match]
Name=enp7s0

[Address]
Address=169.254.240.10/24
DuplicateAddressDetection=ipv4

4- Restart services and apply

systemctl daemon-reload && systemctl restart systemd-networkd && systemctl restart networkd-dispatcher.service
netplan apply

5- Check if DAD is running (it should):

journalctl -b -u systemd-networkd --no-pager -o short-precise | grep -i ACD

6- Set DuplicateAddressDetection=none in
/etc/systemd/network/10-netplan-enp7s0.network

7- Restart services and apply as in step 4
8- Check if DAD is running as in step 5 (it shouldn't, but
it's there)

After step 7 DAD should be disabled as expected and it
shouldn't be executed when running 'netplan apply' but
it is actually executed.

I think this commit [1] may be related (landed in systemd
v249). I've also tested the out-of-the-box systemd versions
for Focal and Impish but there I can effectively disable
DAD. If the IPs are set to non-link local addresses then
the problem is not observed anymore.

[1] https://github.com/systemd/systemd/commit/1cf4ed142d6c1e2b9dc6a0bc74b6a83ae30b0f8e

See original description

Tags:

Revision history for this message

Alejandro Santoyo Gonzalez (al3jandrosg) wrote on 2022-03-10:

Tests results on Focal and Jammy chowing DAD running despite the value of DuplicateAddressDetection Edit (9.6 KiB, text/plain)

summary:	- Setting DuplicateAddressDetection=none doesn't do anything + Setting DuplicateAddressDetection=none doesn't disable DAD
summary:	- Setting DuplicateAddressDetection=none doesn't disable DAD + Setting DuplicateAddressDetection=none doesn't disable DAD for link- + local IPs

Revision history for this message

Dan Streetman (ddstreet) wrote on 2022-03-10:

> I think this commit [1] may be related (landed in systemd v249)

yeah, that commit seems to be intentionally forcing ACD on for statically configured ipv4, i'm not sure quite why, it seems like a user-configured setting should be honored; but possibly Yu was trying to default it to on instead of overriding user config.

Revision history for this message

Alejandro Santoyo Gonzalez (al3jandrosg) wrote on 2022-03-10:

I agree, a user-configured setting should be honored. Another thing to
consider is that according to the Jammy systemd.network man page, the
default should be 'ipv6' so one would expect that to be a global
default, but it gets overridden for link-local IPs due to this commit.

[1] https://manpages.ubuntu.com/manpages/jammy/man5/systemd.network.5.html

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-03-11:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status:	New → Confirmed

Revision history for this message

Lukas Märdian (slyon) wrote on 2022-03-16:

Thank you for reporting this. I've forwarded it to the upstream developers, as I think at very least this new behavior should be documented in https://systemd.network/systemd.network.html#DuplicateAddressDetection=

https://github.com/systemd/systemd/issues/22763

Changed in systemd (Ubuntu):
status:	Confirmed → Triaged
importance:	Undecided → Medium

Revision history for this message

Lukas Märdian (slyon) wrote on 2022-03-22:

There is now an upstream fix to keep ACD on by default on ipv4ll addresses, but still honor the user settings if they are set: https://github.com/systemd/systemd/pull/22824

Bug Watch Updater (bug-watch-updater) on 2022-03-22

Changed in systemd:
status:	Unknown → New

Bug Watch Updater (bug-watch-updater) on 2022-04-12

Changed in systemd:
status:	New → Fix Released

Dan Streetman (ddstreet) on 2022-05-31

description:

updated

Revision history for this message

Lukas Märdian (slyon) wrote on 2022-06-07:

This SRU should be combined with LP: #1969375 as uploaded in 249.11-0ubuntu3.3 (containing some more autopkgtest related changes)

Lukas Märdian (slyon) on 2022-06-08

Changed in systemd (Ubuntu Kinetic):
status:	Triaged → Fix Committed
Changed in systemd (Ubuntu Jammy):
status:	New → In Progress

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-06-09:

This bug was fixed in the package systemd - 249.11-0ubuntu4

---------------
systemd (249.11-0ubuntu4) kinetic; urgency=medium

  * d/p/lp1964494-network-do-not-enable-IPv4-ACD-for-IPv4-link-local-a.patch:
    do not enable IPv4 ACD for IPv4 link-local address if ACD is
    disabled explicitly (LP: #1964494)

-- Dan Streetman <email address hidden> Tue, 31 May 2022 08:25:36 -0400

Changed in systemd (Ubuntu Kinetic):
status:	Fix Committed → Fix Released

Revision history for this message

Steve Langasek (vorlon) wrote on 2022-06-10: Please test proposed package

Hello Alejandro, or anyone else affected,

Accepted systemd into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/249.11-0ubuntu3.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Jammy):
status:	In Progress → Fix Committed
tags:	added: verification-needed verification-needed-jammy

Revision history for this message

Alejandro Santoyo Gonzalez (al3jandrosg) wrote on 2022-06-13:

#10

Tested 249.11-0ubuntu3.3 and DuplicateAddressDetection is now honored as expected. No other issues were observed.

Revision history for this message

Dan Streetman (ddstreet) wrote on 2022-06-14:

#11

marked verified per comment 10

tags:

added: verification-done verification-done-jammy
removed: verification-needed verification-needed-jammy

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-06-22:

#12

This bug was fixed in the package systemd - 249.11-0ubuntu3.3

---------------
systemd (249.11-0ubuntu3.3) jammy; urgency=medium

  [ Lukas Märdian ]
  * Build with and suggest fido2 and tpm libraries (LP: #1969375)
    These are used via dlopen only if available by some tools like
    systemd-cryptsetup, systemd-cryptenroll and systemd-repart,
    with graceful fallbacks if they are not found.
    Build-depend on them so that the features get compiled in
    (apart from stage1 builds), and add appropriate Suggests.
    Backport of:
    https://salsa.debian.org/systemd-team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8
    Files:
    - debian/control
    - debian/rules
    - debian/tests/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c3f5affb669794f9ebfea8d81c68b1aacdde0511
  * Run tests-in-lxd autopkgtest via LXD snap, deb is no more (LP: #1976607)
    Files:
    - debian/tests/control
    - debian/tests/tests-in-lxd
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=eccfd52b275d1b0544dd44f858bcee8508c0957f

  [ Nick Rosbrook ]
  * d/t/boot-and-services: Ignore failed snap mount units in test_no_failed
    (LP: #1967576)
    Author: Nick Rosbrook
    File: debian/tests/boot-and-services
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cf823bffe5cb47a6eb531d9869f69a844f356376

systemd (249.11-0ubuntu3.2) jammy; urgency=medium

  * d/p/lp1964494-network-do-not-enable-IPv4-ACD-for-IPv4-link-local-a.patch:
    do not enable IPv4 ACD for IPv4 link-local address if ACD is
    disabled explicitly (LP: #1964494)

-- Lukas Märdian <email address hidden> Tue, 07 Jun 2022 12:49:20 +0200

Changed in systemd (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Robie Basak (racb) wrote on 2022-06-22: Update Released

#13

The verification of the Stable Release Update for systemd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.