Ipv6 global mngtmpaddr dynamic address observed in interface

[nknkgithub]

Is this a BUG REPORT or FEATURE REQUEST?:

bug

What happened:
Observing ipv6 global mngtmpaddr dynamic address in interface even when "ip6": "none"

Pod annotatation
{ "clusterNetwork": "sriov-x2u-dpdk", "ip6": "none" }

netx2u: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether fe:18:41:0d:dd:42 brd ff:ff:ff:ff:ff:ff
    inet6 2001:11:195:105:fc18:41ff:fe0d:dd42/64 scope global mngtmpaddr dynamic
       valid_lft 2590961sec preferred_lft 603761sec
    inet6 fe80::fc18:41ff:fe0d:dd42/64 scope link
       valid_lft forever preferred_lft forever

What you expected to happen:
Since accept_ra and autoconf is 0 we dont expect this IP to get assigned to interface

How to reproduce it:
This is intermittent , sometimes global mngtmpaddr dynamic address gets assigned to interface

Anything else we need to know?:
Describe cn output

kubectl describe cn sriov-x2u-dpdk
Name:         sriov-x2u-dpdk
Namespace:
Labels:       <none>
Annotations:  <none>
API Version:  danm.k8s.io/v1
Kind:         ClusterNetwork
Metadata:
  Creation Timestamp:  2023-06-26T06:04:37Z
  Generation:          1
  Managed Fields:
    API Version:  danm.k8s.io/v1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        .:
        f:NetworkID:
        f:NetworkType:
        f:Options:
          .:
          f:container_prefix:
          f:device_pool:
          f:rt_tables:
          f:vlan:
    Manager:         kubectl
    Operation:       Update
    Time:            2023-06-26T06:04:37Z
  Resource Version:  29629028
  Self Link:         /apis/danm.k8s.io/v1/clusternetworks/sriov-x2u-dpdk
  UID:               79098d0a-4ca5-46ca-a3c9-c90c79347a49
Spec:
  Network ID:    sriov-x2u
  Network Type:  sriov
  Options:
    container_prefix:  netx2u
    device_pool:       intel.com/pci_sriov_net_dpdknet0
    rt_tables:         25
    Vlan:              909
Events:                <none>

Environment:

• DANM version (use danm -version):

 /usr/libexec/cni/danm --version
  2023/06/26 11:50:57 DANM binary was built from release: v4.3.0-3-ged6b0c5
  2023/06/26 11:50:57 DANM binary was built from commit: ed6b0c57_dirty

• Kubernetes version (use kubectl version):

kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.8", GitCommit:"4a3b558c52eb6995b3c5c1db5e54111bd0645a64", GitTreeState:"archive", BuildDate:"2023-01-24T04:33:21Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.8", GitCommit:"4a3b558c52eb6995b3c5c1db5e54111bd0645a64", GitTreeState:"clean", BuildDate:"2021-12-15T14:46:22Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}

• DANM configuration (K8s manifests, kubeconfig files, CNI config file):

cat /etc/cni/net.d/00-danm.conf
{
  "cniVersion": "0.3.1",
  "name": "danm_meta_cni",
  "type": "danm",
  "kubeconfig": "/etc/cni/net.d/danm-kubeconfig",
  "cniDir": "/etc/cni/net.d",
  "namingScheme": "legacy"
}

cat /etc/cni/net.d/danm-kubeconfig
---
apiVersion: v1
kind: Config
current-context: default
clusters:
  - cluster:
      certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrakNDQWVLZ0F3SUJBZ0lJbDgyUkFYYUZZRU13RFFZSktvWklodmNOQVFFTEJRQXdJekVoTUI4R0ExVUUKQXd3WVkzTmliSEpzWVdKemRuUmpZelE0WldNMk1tRmtiV2x1TUI0WERUSXpNRE14TWpFME1qSTBOMW9YRFRRegpNRE14TWpFME1qSTBOMW93SXpFaE1COEdBMVVFQXd3WVkzTmliSEpzWVdKemRuUmpZelE0WldNMk1tRmtiV2x1Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbTNvbjZMMGFzMk9pc0tBMEFFcmgKQysrSUdCeHZlMkhqQkdtMVFLRm5XREdGNEtRd3I5dUNzdWZYK3czM21FSzZ1T05wUEtNZU8wTlpNRnlXVy9qNApRNkoxTGNiM0h6WXpaa0I1eFBOUXltakZUTGdQaVUvU1N0SFpwYU00TXY3cVJ0RnowM05kc3g3cnZhM05Cd2ZVCmFSODZVTWpQei9ZMVgzcjdkWStKMUtqNDBvQlFYL3RyMzF4NjdMWGg4OFMrSXdIeHd5azFjZElHOGV2ZUVLNmkKd2VUcytjSkMzUUtCOFRCL3NkZmlpZXZibzZXSklwZlBveUgwT3NzV1d3NUpJUnFOZzVxTzJEemdWenIzR3M0NgpyY0kzMUxaL0Z4c2M4WUtpY0c4QlcybWVmeFQzYjhRU0RmV29FVVlWMGg4ZnBGRVRqRmdwOG9zYk42SER6ZksrClh3SURBUUFCb3pJd01EQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUnRocmZYTmdpY1JsQ0gKVHJIc3V6M3UxVjlUOWpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWJkYlNJN2pvdU9TREtrVFQ1UUdGNklVUwpaazk0OElmdktPOG9VOElhK2VCVlFLR0tVUTdIU2lWaTVqNU9aVjJDTDhsTi9zM3EvU0JKcXI5cGF2SkxSSjVrCmNtUVlqa21IN256UFJlVk1zd3RWRDZ0NGNNblNNU0hkNFB0Y0ZoYVk4Qzc5bStiSjNDNnNwY0VYK3dobTVOMzEKV2VpaGF6czFOclVvNzZLdlNjU20yekFIN0RTTDRSY0g5R3NjaGVlNVFrYTBtcW9LSzB6ZGxiSUl3enN2YUtvUAo2WmtVTWdncmViSVJmelE1Mk5vSFBab1ZmeGhCUURreE5RdFlPcVFvVS8yMzg2RGh2RDg5UGJZa0xRL0V1VWxtCk1UYXJQa2pPY0pMRXh4SWVHODdrK3pBWE5odDdLbFBLRjFmbHFLN0YzWEc4ZkhVZEN1RWtMWEV0TkljV1h3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
      server: https://10.96.0.1:443
    name: kubernetes
contexts:
  - context:
      cluster: kubernetes
      user: danm
    name: default
users:
  - name: danm
    user:
      token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkpISlBpMlZZMjFOVFB5bldfUzhidkV4LW1PYXVGYzQ1NnVtNkhRTVVzME0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYW5tLXRva2VuLWI2NXdxIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRhbm0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMTk3M2E5NS1kMDdkLTRlZmUtOTE0Ny0yZWRlNzVhYzhmYjQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGFubSJ9.XqQX3bIgbKPe5_-ZoxmrSvZW3ZHZxfwLDqCHIrVgVYmn5b3Ddf67f6pKTH5ZTDOndLOi_1j9Ro8wK4oxhpJF2W1SnynNYTC18Dyh_QAmPJuz6BrrkYHmtI2TFxmBF9O3K2RLBAwcIosX6tuaPrhDOaiSs0033Dbjp1mqFuLlQeOytyr3Fqjxv8V5RkTOKGhsrL4_GfVJo6IErE0_-JF1l0ugHHJIxFPIAKLjaKZ37fxpeYXgvewJh15otnpPV-PzO94UBY9mmWGibaC2PJTqdwrn50SPMBYsSNB3tev4dUhiSxf4W2D7qO5RtqsMAO7o4kI3tne1_nynhxXmCCiIkg
preferences: {}

• OS (e.g. from /etc/os-release):

cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

• Kernel (e.g. uname -a):

uname -a
Linux controller-0 5.10.112-200.23.tis.rt.el7.x86_64 #1 SMP PREEMPT_RT Thu Feb 16 14:37:56 EST 2023 x86_64 x86_64 x86_64 GNU/Linux

[Levovar]

First glance, I kinda doubt it would be DANM assigning the IP considering there isn't even a CIDR in the network to assign it from
do you have a default ClusterNetwork in your cluster?

[borcsi]

hello,

link/ether fe:18:41:0d:dd:42 brd ff:ff:ff:ff:ff:ff
inet6 2001:11:195:105:fc18:41ff:fe0d:dd42/64 scope global mngtmpaddr dynamic

   mngtmpaddr
          (IPv6 only) make the kernel manage temporary addresses created from this one as template on behalf of
          Privacy Extensions (RFC3041). For this to become active, the use_tempaddr sysctl setting has to be set
          to a value greater than zero.  The given address needs to have a prefix length of 64. This flag allows
          to use privacy extensions in a manually configured network, just like if stateless auto-configuration
          was active.

this seems to be an autoconfigured address (note that the host part contains the mac address in EUI64 form). What is the use_tempaddr sysctl set to?