[technique] Instabilité sur France-IX / fix arp_announce / preferred_lft ipv6 selection d'adresse source

Laurent GUERBY laurent at guerby.net
Jeu 17 Oct 09:06:36 CEST 2013 

Bonjour,

Soucis de même type a 23h25 et down des interfaces france-ix, le
graphique dont parle le courriel ci-apres :

https://www.franceix.net/fr/technical/traffic-statistics/

Au passage les IPv6 d'interco IX coté tetaneutral.net sont mises avec le
parametre "preferred_lft 0" pour eviter qu'elles soient utilisées pour
les connections sortantes (ces plages ne sont en général pas routées) :

ip -6 addr add 2001:7f8:54::233/64 dev eth0.4032 preferred_lft 0

Lors d'un down d'une interface ces IPv6 disparaissent,
il faut les remettre manuellement lors du up (l'IPv4 reste elle).

Plus de détail sur les algorithmes de selection d'adresse
source en IPv6 :

http://lists.debian.org/debian-isp/2011/05/msg00047.html
http://www.davidc.net/networking/ipv6-source-address-selection-linux
http://linux-hacks.blogspot.com/2008/04/default-address-selection-part-1.html

Merci a Matthieu pour sa vigilance,

Laurent

<<
Subject	[FranceIX] [members] Outage report - 16th October 11:25PM Paris
time UTC+2 [Id#2013101710000157]
From	France-IX MLAdd contact
To	Members FRANCE-IXAdd contact
Date	Today 08:37
Dear Members,

Some of your peering sessions were impacted last night starting around
11:25PM. Here is the report for this outage.

- A loop happened on a different site to the one incriminated in
yesterday's afternoon outage. This later location was actually
disconnected as our Teams were preparing the move of some Members ports
to a new switch with additional security features,

- Redundancy mechanisms configured for layer 2 only sites didn't behave
as expected. The redundancy to these sites was disconnected to restore
service,
--> Service was restored

- Engineering executed long period of troubleshooting to identify the
reason for this malfunction. Clear conclusions couldn't be drawn after
these operations.
--> Engineering is now talking to the related vendors and benchmarking
the setup with other IXs with similar configuration,
--> An additional communication will be provided later today,
--> Yesterday's emergency maintenance was cancelled and will be
rescheduled in a more global plan.

Please note that SFlow servers were disconnected suiting around 2 hours
to allow for troubleshooting without interfering traffic. Stats do not
reflect the actual traffic flows.

Please accept our apologies for the inconvenience caused.

Fro proper NOC operations please note that our level 1 engineers are
only involved outside when a mail is sent to the NOC address,
noc at franceix.net or a web ticket submitted. Mails into the mailing list
do not trigger NOC engagement.

Best regards,
FranceIX NOC.
>>

Plus d'informations sur la liste de diffusion technique