On Wed, Dec 20, 2023 at 01:51:01PM -0600, Chris Adams wrote: > Once upon a time, Aoife Moloney <amolo...@redhat.com> said: > > Enable IPv4 Address Conflict Detection by default in NetworkManager. > > Huh, I didn't realize NM didn't already do this... ye olde > network-scripts did. > > > To the rescue comes [https://www.rfc-editor.org/rfc/rfc5227 RFC 5227] > > (“IPv4 Address Conflict Detection”) which provides a mechanism to > > detect address conflicts. A host implementing Address Conflict > > Detection (from now on “ACD”) sends ARP probes for each IP address it > > wants to use; if another host replies, the address is already in use > > and can’t be configured on the interface. > > How does NM handle a duplicate address if there are multiple addresses > configured on the interface? Does it continue with the non-dupe > addresses or deconfigure the whole interface?
It continues with only the non-duplicate addresses. A warning will be
visible in the journal telling what address(es) failed ACD, and what
is the MAC address of the conflicting host(s).
If all the IPv4 addresses are found to be duplicate, the IPv4 address
family fails. Normally, NetworkManager also tries IPv6, but that
depends on other connection parameters such as 'ipv6.method',
'ipv4.may-fail'.
> When there are multiple addresses configured, does NM run DAD in series
> or parallel?
The probe is done in parallel for all addresses at the same time.
> > This change aims at enabling ACD by default in Fedora 40, by setting
> > the default value to 3000ms.
>
> 3 seconds seems kind of high (IIRC network-scripts used 1 second).
network-scripts do [1]:
/sbin/arping -c 2 -w ${ARPING_WAIT:-3} -D -I ${REALDEVICE} ${ipaddr[$idx]}
which waits 2 seconds by default.
In the original RFC, the duration of the ACD process is between 4 and
7 seconds (depending on randomization), which is clearly too long on
modern hardware.
In the Fedora change proposal, the default ACD interval in NM is set
to up to 3 seconds and is subject to the same randomization; in
practice it would be between ~1.7 and 3 seconds. Perhaps that's still
too much, and we can safely decrease it to e.g. 1 second max to reduce
the activation delay.
Beniamino
[1]
https://github.com/fedora-sysv/initscripts/blob/10.19/network-scripts/ifup-eth#L296
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
