Monday, December 14, 2020

IPv6 tentative dadfailed

On a couple of occasions I've had LXC containers restarted but they've ended up in a bad situation with their IP's.

Basically the IPv4 address comes up but experiences disconnects. The IPv6 address fails to come up with "tentative dadfailed".

What's happened here is the veth from the previous container wasn't cleaned up properly.

Unfortunately arp -a or ip neigh show don't show the problem because as far as they're concerned the offending endpoint is behind br0.

 The only way I know of to confirm this is to check the bridge against the LXC info:

$ brctl show br0
br0             8000.fe46606ac64f       no              veth7UFFVA
                                                        vethFF6D6Y
                                                        vethXAOAMY

And

$ lxc-ls --active
lxc-guest-1  lxc-guest-1

$ lxc-info -n lxc-guest-1 | grep veth
Link:           vethFF6D6Y

$ lxc-info -n lxc-guest-1 | grep veth
Link:           vethXAOAMY

We see here that veth7UFFVA is abandoned.

To fix this we need to shut down the LXC instance that's experiencing connectivity issues, then remove the abandoned interface from the bridge.

$ lxc-stop -n lxc-guest-1

$ brctl delif br0 veth7UFFVA

$ lxc-start -n lxc-guest-1

And confirm in the newly started container that we have a fully assigned IPv6 address.