Fix IPv6 support

Fetch the correct IPv6 address to use as next hop
projectcalico · Aug 29, 2016 · 6cd6e3b · 6cd6e3b
1 parent 25cb6b7
commit 6cd6e3b
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -154,6 +154,7 @@ deploy-rkt: binary
 	echo '{"name": "mtu","mtu":999,"type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"host-local","subnet": "10.10.0.0/8"}}' >/etc/rkt/net.d/calico-mtu.conf
 	echo '{"name": "dev", "log_level":"info","type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"calico-ipam"}}' >/etc/rkt/net.d/calico-info.conf
 	echo '{"name": "debug", "log_level":"debug","type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"calico-ipam"}}' >/etc/rkt/net.d/calico-debug.conf
+	echo '{"name": "ipv6", "log_level":"info","type":"calico","etcd_authority":"127.0.0.1:2379","ipam":{"type":"calico-ipam", "assign_ipv6":"true"}}' >/etc/rkt/net.d/calico-ipv6.conf
 	echo '{"name": "secure", "log_level":"debug","type":"calico","etcd_endpoints":"https://etcd-authority-ssl:2379","etcd_key_file":"/etc/calico/client-key.pem","etcd_cert_file":"/etc/calico/client.pem","etcd_ca_cert_file":"/etc/calico/ca.pem", "ipam":{"type":"calico-ipam"}}' >/etc/rkt/net.d/calico-secure.conf
 	@echo ""
 	@echo Now create containers using rkt e.g.

diff --git a/utils/network.go b/utils/network.go
@@ -58,18 +58,31 @@ func setupContainerNetworking(netns, ifName string, mtu int, res *types.Result)
 
 		// Handle IPv6
 		if res.IP6 != nil {
-			// No need to add a dummy next hop route as the device will already have an IPv6 LL address.
-			addresses, err := netlink.AddrList(contVeth, 6)
-			if err != nil {
+			// No need to add a dummy next hop route as the host veth device will already have an IPv6
+			// link local address that can be used as a next hop.
+			// Just fetch the address of the host end of the veth and use it as the next hop.
+			var hostIPv6Addr net.IP
+			if err := hostNS.Do(func(_ ns.NetNS) error {
+				addresses, err := netlink.AddrList(hostVeth, netlink.FAMILY_V6)
+				if err != nil {
+					return err
+				}
+
+				if len(addresses) < 1 {
+					// If the hostVeth doesn't have an IPv6 address then this host probably doesn't
+					// support IPv6. Since a IPv6 address has been allocated that can't be used,
+					// return an error.
+					return fmt.Errorf("Failed to get IPv6 addresses for container veth")
+				}
+
+				hostIPv6Addr = addresses[0].IP
+				return nil
+			}); err != nil {
 				return err
 			}
 
-			if len(addresses) < 1 {
-				return fmt.Errorf("Failed to get IPv6 addresses for container veth")
-			}
-
 			_, defNet, _ := net.ParseCIDR("::/0")
-			if err = ip.AddRoute(defNet, addresses[0].IP, contVeth); err != nil {
+			if err = ip.AddRoute(defNet, hostIPv6Addr, contVeth); err != nil {
 				return fmt.Errorf("failed to add route %v", err)
 			}