On Thu, Dec 08, 2016 at 10:23:22PM -0800, Noah Meyerhans wrote: Hi Noah, > On Fri, Dec 02, 2016 at 12:25:44PM +0100, Bernhard Schmidt wrote: > > thanks for providing an AWS EC2 Image with Debian Jessie. > > > > AWS is now supporting IPv6 on EC2 instances, see > > > > https://aws.amazon.com/de/blogs/aws/new-ipv6-support-for-ec2-instances-in-virtual-private-clouds/. > > > > The support is currently limited to the zone us-east2, but should be > > available in all regions shortly. The provisioning of the IPv6 address > > on the machine is done through stateful DHCPv6. > > > > For this /etc/network/interfaces needs to be amended with > > > > iface eth0 inet6 dhcp > > Unfortunately this breaks networking for instances in subnets with IPv6 > *disabled*, which is likely the vast majority of them for the forseeable > future. Argh ... > What seems to happen is that eth0 is brought up, and dhclient runs > twice, once for each supported protocol. eth0 is properly configured > with an IPv4 address, but (after a timeout) the IPv6 dhclient reports a > failure, and ifup returns nonzero. I haven't looked deeply into exactly > what happens next, but the end result is that cloud-init never runs, so > the instance doesn't get properly configured. Most notably this means > that ssh keys aren't installed. > > I've investigated a number of possible solutions to this, but haven't > come up with anything better than shell script kludges. For example, it > could work to run the IPv6 dhclient from a post-up script associated > with eth0. > > Note that my testing has been with the stretch AMIs generated from > https://anonscm.debian.org/cgit/cloud/fai-cloud-images.git/ so it's > possible the jessie images will behave slightly differently, but I > expect them to have similar problems. Thanks for debugging this, I didn't think of this. The main problem is that one has to configure it at all for ifupdown. In IPv6 you are supposed to have a look at the O-flag (for stateless DHCPv6) or M-flag (for stateful DHCPv6) in an incoming router advertisement, and start the DHCPv6 client in an appropriate mode if necessary. Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759215 I don't think this will ever be fixed with ifupdown. I think systemd-networkd and NetworkManager do the right thing here, but I have never had a look at either for maintaining a _server_. So I will not propose switching to those. Best Regards, Bernhard
Attachment:
signature.asc
Description: Digital signature