DHCPv6 can't obtain address

nikita.af · November 16, 2020, 1:14pm

Hello. I’m using VyOS 1.3:
$ show version

Version:          VyOS 1.3-rolling-202011110217
Release Train:    equuleus

Built by:         autobuild@vyos.net
Built on:         Wed 11 Nov 2020 02:17 UTC
Build UUID:       a42ec888-2112-4b27-9dc9-25e74bb52c57
Build Commit ID:  9e6e486d529291

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  Hetzner
Hardware model:   vServer
Hardware S/N:     Unknown
Hardware UUID:    Unknown

Copyright:        VyOS maintainers and contributors

DHCPv4 works fine but v6 doesn’t. Here is interface configuration:

# show interfaces ethernet
 ethernet eth0 {
     address dhcp
     address dhcpv6
     description EXTERNAL-WAN
     firewall {
         local {
             name LOCAL-IPV4
         }
     }
 }

log seems to be clear:

$ show log | grep dhcp6 | tail -6
Nov 16 15:05:54 rtr1-hel1 dhcp6c[10659]: copy_option: set client ID (len 14)
Nov 16 15:05:54 rtr1-hel1 dhcp6c[10659]: copyout_option: set identity association
Nov 16 15:05:54 rtr1-hel1 dhcp6c[10659]: copy_option: set elapsed time (len 2)
Nov 16 15:05:54 rtr1-hel1 dhcp6c[10659]: copy_option: set option request (len 4)
Nov 16 15:05:54 rtr1-hel1 dhcp6c[10659]: client6_send: send solicit to ff02::1:2%eth0
Nov 16 15:05:54 rtr1-hel1 dhcp6c[10659]: dhcp6_reset_timer: reset a timer on eth0, state=SOLICIT, timeo=3393, retrans=119520

These six rows are only entries for dhcp6c. tcpdump shows bad checksums what is confusing me:

$ sudo tcpdump -ntvi eth0 port 546
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP6 (flowlabel 0xefb15, hlim 1, next-header UDP (17) payload length: 60) fe80::9400:ff:fe66:fcf8.546 > ff02::1:2.547: [bad udp cksum 0x8e33 -> 0xeea3!] dhcp6 solicit (xid=1fcfaa (client-ID hwaddr/time type 1 time 658436828 96000066fcf8) (IA_NA IAID:0 T1:0 T2:0) (elapsed-time 65535) (option-request DNS-server DNS-search-list))
IP6 (flowlabel 0xefb15, hlim 1, next-header UDP (17) payload length: 60) fe80::9400:ff:fe66:fcf8.546 > ff02::1:2.547: [bad udp cksum 0x8e33 -> 0xeea3!] dhcp6 solicit (xid=1fcfaa (client-ID hwaddr/time type 1 time 658436828 96000066fcf8) (IA_NA IAID:0 T1:0 T2:0) (elapsed-time 65535) (option-request DNS-server DNS-search-list))
IP6 (flowlabel 0xefb15, hlim 1, next-header UDP (17) payload length: 60) fe80::9400:ff:fe66:fcf8.546 > ff02::1:2.547: [bad udp cksum 0x8e33 -> 0xeea3!] dhcp6 solicit (xid=1fcfaa (client-ID hwaddr/time type 1 time 658436828 96000066fcf8) (IA_NA IAID:0 T1:0 T2:0) (elapsed-time 65535) (option-request DNS-server DNS-search-list))
IP6 (flowlabel 0xefb15, hlim 1, next-header UDP (17) payload length: 60) fe80::9400:ff:fe66:fcf8.546 > ff02::1:2.547: [bad udp cksum 0x8e33 -> 0xeea3!] dhcp6 solicit (xid=1fcfaa (client-ID hwaddr/time type 1 time 658436828 96000066fcf8) (IA_NA IAID:0 T1:0 T2:0) (elapsed-time 65535) (option-request DNS-server DNS-search-list))
IP6 (flowlabel 0xefb15, hlim 1, next-header UDP (17) payload length: 60) fe80::9400:ff:fe66:fcf8.546 > ff02::1:2.547: [bad udp cksum 0x8e33 -> 0xeea3!] dhcp6 solicit (xid=1fcfaa (client-ID hwaddr/time type 1 time 658436828 96000066fcf8) (IA_NA IAID:0 T1:0 T2:0) (elapsed-time 65535) (option-request DNS-server DNS-search-list))
IP6 (flowlabel 0xefb15, hlim 1, next-header UDP (17) payload length: 60) fe80::9400:ff:fe66:fcf8.546 > ff02::1:2.547: [bad udp cksum 0x8e33 -> 0xeea3!] dhcp6 solicit (xid=1fcfaa (client-ID hwaddr/time type 1 time 658436828 96000066fcf8) (IA_NA IAID:0 T1:0 T2:0) (elapsed-time 65535) (option-request DNS-server DNS-search-list))
IP6 (flowlabel 0xefb15, hlim 1, next-header UDP (17) payload length: 60) fe80::9400:ff:fe66:fcf8.546 > ff02::1:2.547: [bad udp cksum 0x8e33 -> 0xeea3!] dhcp6 solicit (xid=1fcfaa (client-ID hwaddr/time type 1 time 658436828 96000066fcf8) (IA_NA IAID:0 T1:0 T2:0) (elapsed-time 65535) (option-request DNS-server DNS-search-list))
IP6 (flowlabel 0xefb15, hlim 1, next-header UDP (17) payload length: 60) fe80::9400:ff:fe66:fcf8.546 > ff02::1:2.547: [bad udp cksum 0x8e33 -> 0xeea3!] dhcp6 solicit (xid=1fcfaa (client-ID hwaddr/time type 1 time 658436828 96000066fcf8) (IA_NA IAID:0 T1:0 T2:0) (elapsed-time 65535) (option-request DNS-server DNS-search-list))

As you can see solicit events are sent, but due to broken UDP datagram I don’t receive advertise event. Interface stats look also good:

$ show interfaces ethernet eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 96:00:00:66:fc:f8 brd ff:ff:ff:ff:ff:ff
    inet XX.XXX.XXX.XXX/XX brd XX.XXX.XXX.XXX scope global dynamic eth0
       valid_lft 60434sec preferred_lft 60434sec
    inet6 fe80::9400:ff:fe66:fcf8/64 scope link
       valid_lft forever preferred_lft forever
    Description: EXTERNAL-WAN

    RX:      bytes  packets  errors  dropped  overrun       mcast
         131843673   331596       0        0        0           0
    TX:      bytes  packets  errors  dropped  carrier  collisions
          25290060   149878       0        0        0           0

No RX/TX errors as you can see. Google says such error can be introduced by kernel offloading optimization (https://github.com/projectcalico/felix/issues/40).

nikita.af · November 23, 2020, 3:17pm

Up. Any help will be appreciated.

Dmitry · November 24, 2020, 11:47am

Hello @nikita.af, I think this does not relate to UDP checksum calculating.
Do you have a chance to try capture traffic on the remote side?
In any case, try to disable offloads

vyos@vyos# set interfaces ethernet ethX offload-options 
Possible completions:
   generic-receive
                Configure generic-receive option
   generic-segmentation
                Configure generic-segmentation option
   scatter-gather
                Configure scatter-gather option
   tcp-segmentation
                Configure tcp-segmentation option
   udp-fragmentation
                Configure udp-fragmentation option

nikita.af · November 24, 2020, 2:07pm

Hello @Dmitry. I turned offloads off (all options), but nothing changed. tcpdump shows exactly same as in my previous message. Any ideas what else I can do? Meanwhile I raised a support ticket in Hetzner support to dump traffic on their side.

Dmitry · November 24, 2020, 2:42pm

Hello @nikita.af, for testing I deployed a simple LAB, and it looks like all works properly
Screenshot 2020-11-24 at 17.36.55
Config on VyOS-ISP side

vyos@VyOS-ISP# run show configuration commands | match "eth1|dhcp"
set interfaces ethernet eth1 address '2001:db8::1/64'
set interfaces ethernet eth1 address '100.64.0.1/24'
set service dhcp-server shared-network-name mypool authoritative
set service dhcp-server shared-network-name mypool subnet 100.64.0.0/24 default-router '100.64.0.1'
set service dhcp-server shared-network-name mypool subnet 100.64.0.0/24 dns-server '100.64.0.1'
set service dhcp-server shared-network-name mypool subnet 100.64.0.0/24 lease '86400'
set service dhcp-server shared-network-name mypool subnet 100.64.0.0/24 range 0 start '100.64.0.100'
set service dhcp-server shared-network-name mypool subnet 100.64.0.0/24 range 0 stop '100.64.0.199'
set service dhcpv6-server shared-network-name NET1 subnet 2001:db8::/64 address-range start 2001:db8::100 stop '2001:db8::199'
set service dhcpv6-server shared-network-name NET1 subnet 2001:db8::/64 name-server '2001:db8::ffff'

Config on VyOS-client side

vyos@VyOS-Client:~$ show configuration commands | match eth1
set interfaces ethernet eth1 address 'dhcp'
set interfaces ethernet eth1 address 'dhcpv6'
vyos@VyOS-Client:~$ show interfaces ethernet eth1 brief 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth1             100.64.0.100/24                   u/u  
                 2001:db8::199/128

nikita.af · November 24, 2020, 3:41pm

@Dmitry thank you for your reply. Looks like I need to solve the issue on cloud provider side, those broken checksum messages really confused me from the start.