ntpd on SG-1100 failing to bind on IPv6 LAN interface
-
Noticed the below logs, where NTP is failing to bind to my LAN interfaces. Yes, I have functioning IPv6 through HE. I also have other VLANs where ntp is not having problems, and if I remove LAN from the selected interface, the error goes away. Once I apply it back to the LAN interface, I start seeing the error.
I want to note this is NOT related to the 23.01 upgrade recently, as it looks like I have been having the problem well before I successfully upgraded.
Feb 22 11:25:50 hostname ntpd[81948]: bind(35) AF_INET6 xxxx:xxx:xxxx::#123 flags 0x11 failed: Can't assign requested address Feb 22 11:25:50 hostname ntpd[81948]: unable to create socket on mvneta0.4091 (5210) for xxxx:xxx:xxxx::#123 Feb 22 11:25:50 hostname ntpd[81948]: failed to init interface for address xxxx:xxx:xxxx::While in this error state, I can see the following
[23.01-RELEASE][root@hostname]/root: sockstat -6 -l | grep ':123' root ntpd 82135 20 udp6 ::1:123 *:* root ntpd 82135 22 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.10:123 *:* root ntpd 82135 24 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.20:123 *:* root ntpd 82135 26 udp6 xxxx:xxx:xxxx:20:::123 *:* root ntpd 82135 27 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.30:123 *:* root ntpd 82135 29 udp6 xxxx:xxx:xxxx:30:::123 *:* root ntpd 82135 30 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.4091:123 *:* root ntpd 82135 32 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.4092:123 *:* [23.01-RELEASE][root@hostname]/root:Once I remove the LAN from ntp, the error goes away and I see the local-link listener disappear.
[23.01-RELEASE][root@hostname]/root: sockstat -6 -l | grep ':123' root ntpd 82135 20 udp6 ::1:123 *:* root ntpd 82135 22 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.10:123 *:* root ntpd 82135 24 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.20:123 *:* root ntpd 82135 26 udp6 xxxx:xxx:xxxx:20:::123 *:* root ntpd 82135 27 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.30:123 *:* root ntpd 82135 29 udp6 xxxx:xxx:xxxx:30:::123 *:* root ntpd 82135 32 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.4092:123 *:* [23.01-RELEASE][root@hostname]/root:Also want to note that config of the LAN interface.
[23.01-RELEASE][root@hostname]/root: ifconfig mvneta0.4091 mvneta0.4091: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LAN options=3<RXCSUM,TXCSUM> ether f0:ad:4e:0e:78:ca inet6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.4091 prefixlen 64 scopeid 0xf inet6 xxxx:xxx:xxxx:: prefixlen 64 duplicated inet xx.xx.xx.254 netmask 0xffffff00 broadcast xx.xx.xx.255 groups: vlan vlan: 4091 vlanproto: 802.1q vlanpcp: 0 parent interface: mvneta0 media: Ethernet 1000baseT <full-duplex> status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>The error seems most likely related to the fact that ntpd is listening to ::1:123. Wanted to reach out and see if anyone has seen this, or if they are like me, and didn't notice until the upgrade and started combing through logs looking for problems. :)
-
Will it start on LAN if you disable it on OPT for example?
I assume you LAN has an IPv6 address using the same prefix that VLANs 20 and 30 are using?
Steve
-
@stephenw10 That is a good question. Just tested. Selecting only LAN, the service comes up, below shows the sockstat output. Though I am still getting the error, where it is trying to bind to the public IPv6 address.
root ntpd 20886 20 udp6 ::1:123 *:* root ntpd 20886 22 udp6 fe80::f2ad:4eff:fe0e:78ca%mvneta0.4091:123 *:*And yes, the LAN and OPT interfaces all have valid and tested IPv6 address through he.net. I have an /48 allocated to me, and have applied a /64 to each of these interfaces. The "xxxx:xxx:xxxx:" in the output is just me blanking out the public address
-
Mmm, this feels like it's trying to add the same thing for each interface. Possibly because the MAC address is the same on all VLANs.
Does it only start on LAN if that's the only interface selected? -
@stephenw10 That is what I tried above, just LAN, and I was still getting the error in the log.
Using NMAP, i was able to test to verify that it is responding.
$ sudo nmap -6 -sU -p 123 --script ntp-info xxxx:xxx:xxxx:: Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-23 17:27 UTC Nmap scan report for hostname (xxxx:xxx:xxxx::) Host is up (0.15s latency). PORT STATE SERVICE 123/udp closed ntpI can add the output, but I did bring up NTP on the OPT interfaces, and NMAP was able to verify a valid response.
-
Going to add, that IPv4 always works, whether I have only LAN selected or all the OPT interfaces selected. IPv4 always responds.
-
Sorry I mean does LAN fail if you try to add any other interface? Not just OPT for example?
-
@stephenw10 At this point, I have had most combinations selected. What I found is if the LAN is selected, the error is seen, and the result of not listening to the IPv6 is the result.
If the LAN is just selected, I see the error.
If the LAN is selected with other OPT interfaces, I see the error.
If others are selected, and no LAN selected, i do not see the error. -
Ah, what about if none are selected, which implies 'all interfaces'? That's the default setting.
-
@stephenw10 Had not tired that...
Just tried, unselected everything and I am still seeing the error.
Now I will report that I may have had a mistake in my networking of the LAN interface. Though traffic was flowing, I made a change to my network interface IP and now it is listening. The NTP error message may have been a symptom of the real problem
Basically changed the LAN interface from xxxx:xxx:xxxx:: to xxxx:xxx:xxxx:50::, which I believe fits into the network properly allowing NTP to listen to it.
-
Ah, OK. Yes, that was almost certainly it. I was unable to replicate it here using any combination of selected interfaces.
