F40 Change Proposal: Enable IPv4 Address Conflict Detection (Self-Contained)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Wiki -> https://fedoraproject.org/wiki/Changes/Enable_IPv4_Address_Conflict_Detection

This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.

== Summary ==

Enable IPv4 Address Conflict Detection by default in NetworkManager.


== Owner ==

* Name: [[User:bengal| Beniamino Galvani]], [[User:ihuguet| Íñigo Huguet ]]

* Email: <bgalvani@xxxxxxxxxx>, <ihuguet@xxxxxxxxxx>



== Detailed Description ==
A common source of networking issues is the presence of duplicate IPv4
addresses in the same physical network. Such problems are quite
common, and at the same time hard to diagnose for users.

To the rescue comes [https://www.rfc-editor.org/rfc/rfc5227 RFC 5227]
(“IPv4 Address Conflict Detection”) which provides a mechanism to
detect address conflicts. A host implementing Address Conflict
Detection (from now on “ACD”) sends ARP probes for each IP address it
wants to use; if another host replies, the address is already in use
and can’t be configured on the interface.

Note that this mechanism applies to both static and DHCP addresses. It
might seem unnecessary for DHCP, as a well-behaving server should give
out unique leases; however, there could be hosts on the network not
using DHCP. Indeed, [https://www.rfc-editor.org/rfc/rfc2131 RFC 2131]
(Dynamic Host Configuration Protocol) specifies that the client should
probe the newly received address and should send a DHCPDECLINE to the
DHCP server if the address is already in use.

In Fedora 39, ACD is disabled by default; it can be enabled by setting
property “ipv4.dad-timeout” to a positive value in a connection
profile. The property name contains “DAD” which stands for “duplicate
address detection” and is another name of ACD. The property specifies
the maximum timeout in milliseconds used to check for the presence of
duplicate IP addresses on the network. If a duplicate is found, a
warning is logged; in the DHCP case, NetworkManager tries to get a
different lease, while in the static case, the address is just
skipped.

This change aims at enabling ACD by default in Fedora 40, by setting
the default value to 3000ms. Note that this change is only about IPV4;
IPv6 always performs a duplicate check for each address that is
configured, as specified by RFC 4862.


== Benefit to Fedora ==
NetworkManager will not configure IPv4 addresses that are detected as
duplicate. This will save users from having to debug weird
connectivity issues. Instead, NetworkManager will report an error and
will indicate the MAC of the conflicting host.


== Scope ==
* Proposal owners: change the default value, test that no regression
is seen in the upstream test suite.

* Other developers: N/A (not needed for this Change)

* Release engineering: [https://pagure.io/releng/issues #Releng issue number]

* Policies and guidelines: N/A (not needed for this Change)

* Trademark approval: N/A (not needed for this Change)



== Upgrade/compatibility impact ==
The change in default behavior will affect all users that install or
upgrade to the new Fedora release.


== How To Test ==
To test the effect of the change on F39, add the following
configuration snippet to file
`/etc/NetworkManager/conf.d/20-ipv4-dad.conf` and then restart the
NetworkManager service:

 [connection-dad-default]
 ipv4.dad-timeout=3000

To trigger a conflict, configure the local machine with a static
address that is already in use by another host.  When bringing up the
connection, it will fail and report an address conflict.


== User Experience ==
Enabling ACD will cause an additional delay when bringing up
interfaces, because NetworkManager needs first to probe the address.
The delay is between 1.5 and 3 seconds, because RFC 5227 requires that
the probe interval is randomized. The delay will affect both static
and DHCP connections.

In case users want to avoid this delay, ACD can be disabled for the
specific connection profile by setting property `ipv4.dad-timeout=0`,
or globally by adding the following configuration snippet to
`/etc/NetworkManager/conf.d/20-ipv4-dad.conf`:

 [connection-dad-default]
 ipv4.dad-timeout=0

Apart from this small delay, the big advantage of this change is that
users will be able to discover the potential conflict immediately. If
the address is static, the activation will fail and report an error.
For DHCP, NetworkManager will send a DHCPDECLINE message to the server
and it will try to get a different lease. In all cases, the
conflicting address will be skipped and the network will not be
brought in an inconsistent state.


== Dependencies ==
N/A


== Contingency Plan ==
* Contingency mechanism: Revert the change, try again the next Fedora release.
* Contingency deadline: Beta freeze
* Blocks release? No


== Documentation ==
The “nm-settings” man page will indicate the new default value. No
other documentation changes are required.


== Release Notes ==
The change needs to be mentioned in the release notes.


-- 
Aoife Moloney

Fedora Operations Architect

Fedora Project

Matrix: @amoloney:fedora.im

IRC: amoloney
--
_______________________________________________
devel-announce mailing list -- devel-announce@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux