{{table_of_contents}}
Issue
I want to manually set my link-local address instead of having them auto-generated (I want them set to something more simple for troubleshooting purposes or I have a security concern).
Solution
Do not set IPv4 or IPv6 addresses in Quagga. The recommended way to set static IP address assignments is to assign them in /etc/network/interfaces. The reasons are:
- You risk doubly assigning addresses in both
/etc/network/interfacesand Quagga. - Quagga is an application running on top of Linux, not part of Linux. What happens if you switch to Bird or another routing tool at a later point in time?
- Configuring in
/etc/network/interfacesgives an advantage when Cumulus Networks improvesifupdown2. - Other applications that use
/etc/network/interfacesbecome useless because the address assignment is in Quagga.
In the following example, a link-local address was set on each of two interfaces. Here is the configuration in /etc/network/interfaces:
auto swp17
iface swp17
address fe80::1234
address 2001:db8::1234
auto swp18
iface swp18
address fe80::2345
address 2001:db8::2345
However, when you run ip addr show on one of the interfaces, say swp17, you see 2 link-local addresses (the IPv6 addresses that start with fe80):
cumulus@switch:~$ ip addr show swp17
22: swp17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500
link/ether 70:72:cf:be:21:58 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8::1234/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::1234/128 scope link
valid_lft forever preferred_lft forever
inet6 fe80::7272:cfff:febe:2158/64 scope link
valid_lft forever preferred_lft forever
The same result occurs when you run ip addr show swp18:
cumulus@switch:/etc/sysctl.d$ ip addr show swp18
23: swp18: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 500
link/ether 70:72:cf:be:21:5c brd ff:ff:ff:ff:ff:ff
inet6 2001:db8::2345/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::2345/128 scope link
valid_lft forever preferred_lft forever
inet6 fe80::7272:cfff:febe:215c/64 scope link
valid_lft forever preferred_lft forever
To keep this from happening, you need to disable address auto-configuration, which is generating the EUI-64 address of fe80::7272:cfff:febe:2158/64 for swp17 (fe80::7272:cfff:febe:215c/64 for swp18).
Disabling a Single Interface
For a single interface, do the following:
echo 0 > /proc/sys/net/ipv6/conf/swp17/autoconf
This disables it. Now, run ifdown then ifup on the interface to load the new configuration:
cumulus@switch:~$ sudo ifdown swp17
cumulus@switch:~$ sudo ifup swp17
cumulus@switch:~$ ip addr show swp17
22: swp17: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 500
link/ether 70:72:cf:be:21:58 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8::1234/128 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::1234/128 scope link tentative
valid_lft forever preferred_lft forever
cumulus@switch:~$
To make this setting it persistent across switch reboots, create a file under /etc/sysctl.d/ with the following:
net.ipv6.conf.swp17.autoconf=0
Disabling All Interfaces
To disable all interfaces, except for the management interface, do the following:
echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
Now, run ifdown -a -X then ifup -a on the interface and the changes appear:
cumulus@switch:~$ sudo ifdown -a -X eth0 cumulus@switch:~$ sudo ifup -a -X eth0 cumulus@switch:/etc/sysctl.d$ ip addr show swp18
23: swp18: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 500
link/ether 70:72:cf:be:21:5c brd ff:ff:ff:ff:ff:ff
inet6 2001:db8::2345/128 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::2345/128 scope link tentative
valid_lft forever preferred_lft forever cumulus@switch:~$
To make this setting it persistent across switch reboots, create a file under /etc/sysctl.d/
net.ipv6.conf.all.autoconf=0
Please provide feedback if the above does not work in the comments below.
Comments