OCI IPv6 Address Fix

Issue

On boot, Linux instances can get its IPv6 address, but after lease expires, it is possible to lose the address.

Solution

The Stupid but workable way

Use a oneshot systemd service to add a static address to the interface.

[Unit]
Description=ensure static IPv6 address
After=network.target

[Service]
Type=oneshot
ExecStart=-/usr/sbin/ip -6 addr add 2603:c024:4506:d46f:c7ad:ddf2:a87b:89dc dev enp0s3
ProtectHome=yes

[Install]
WantedBy=multi-user.target

[Unit]
Description=Run ensure-ipv6-addr daily and on boot

[Timer]
OnBootSec=15min
OnUnitActiveSec=1d

[Install]
WantedBy=timers.target

The hard way and iSCSI Networking

iSCSI boot volumes use the 169.254.0.2/32 address and block volumes use the 169.254.2.0/24 network.

The default kernel cmdline on Oracle Linux 9 contains netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi, which enables DHCP during early boot.

From journald logs, we can see that the connection is refused on our instance.

dracut-initqueue[950]: iscsiadm: cannot make connection to 169.254.0.2: Connection refused
dracut-initqueue[950]: iscsiadm: cannot make connection to 169.254.0.2: Connection refused
dracut-initqueue[950]: iscsiadm: connection login retries (reopen_max) 5 exceeded
dracut-initqueue[950]: iscsiadm: Could not perform SendTargets discovery: iSCSI PDU timed out
dracut-initqueue[887]: Warning: Target discovery to 169.254.0.2:3260 failed with status 0

The reason is that the attachement type (Boot volume type) is Paravirtualized, but in this case, IOPS performance is worse than iSCSI attachments. The benefit is that netroot from the cmdline can be removed, and that the VM supports live migration for best availability.

For a configuration in /etc/NetworkManager/system-connections to be effective, it must not overlap with configurations in /etc/sysconfig/network-scripts according to default config precedence on Oracle Linux 9, and NetworkManager should not be activated when running from the initial ramdisk.

A workaround for the latter is to configure allowed-connections for the device, see https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/bace14fe1f374db26e49e4e7d61d2fbfce4241cc.

By removing netroot from the cmdline, we can regain control of NetworkManager configuration, and set a static IP with nmtui.

The formal way

A workaround was implemented in systemd for this issue.

• https://github.com/systemd/systemd/issues/28183
• https://github.com/systemd/systemd/pull/28138

Also note that we need to have dhcpv6-client in the list of services for the public zone if we are using firewalld. This can be checked with firewall-cmd --list-all, and added with the following commands.

sudo firewall-cmd --add-service=dhcpv6-client --permanent
sudo firewall-cmd --reload