From 95821ab951a905fa7ca20f17a9fdbff6ca6fa985 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Tue, 16 Aug 2016 22:30:50 -0500 Subject: [PATCH] Disabled IPv6 privacy extensions IPv6 privacy extensions can cause issues by preferring a temporary network over a public one. This preference may limit connectivity in certain situations. An example of a connectivity issue can be seen where the command ``traceroute6`` fails or misses all hops while other traffic to a given domain with a "AAAA" record may succeed. To resolve this issue the IPv6 privacy extensions have been disabled. Related-Bug: #1068756 Change-Id: If3bb0fd690673a6d93114e6aebddb5985344b437 Signed-off-by: Kevin Carter --- .../install.d/99-disable-rfc3041 | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100755 nodepool/elements/nodepool-base/install.d/99-disable-rfc3041 diff --git a/nodepool/elements/nodepool-base/install.d/99-disable-rfc3041 b/nodepool/elements/nodepool-base/install.d/99-disable-rfc3041 new file mode 100755 index 0000000000..b57ccbfbef --- /dev/null +++ b/nodepool/elements/nodepool-base/install.d/99-disable-rfc3041 @@ -0,0 +1,29 @@ +#!/bin/bash +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# +# See the License for the specific language governing permissions and +# limitations under the License. + +# dib-lint: disable=set setu setpipefail indent +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -e + +# This will disable the disable Privacy extensions for IPv6 (RFC3041) +cat > /etc/sysctl.d/99-cloudimg-ipv6.conf <