While working on some updates to FSM state tracking for DDM, I observed that ddmadm expire-peer takes an IP as an argument but no interface (name, addrobj, ifindex, or any other representation) even though we peer over link-local addresses.
That seemed odd to me so I dug a little bit further.
The expire-peers operation triggers an AdminEvent::Expire(addr) event that's sent to every interface FSM, who then compares that addr against their peer addr. The event wraps just an Ipv6Addr so it doesn't have any scope_id included, nor does it filter the FSM event just to one interface FSM that corresponds to the (IP, scope) tuple.
Additionally, routes are stored in the DB with just a peer address and no next-hop interface, which presumably means we are relying on NDP for installation to work properly.
While this has all worked well in practice, it would probably be a good idea to ensure proper handling of the same link-local IPs learned via multiple interfaces to be more robust in the face of an unforeseen issue (e.g. improper MAC assignment during sled manufacturing).
While working on some updates to FSM state tracking for DDM, I observed that
ddmadm expire-peertakes an IP as an argument but no interface (name, addrobj, ifindex, or any other representation) even though we peer over link-local addresses.That seemed odd to me so I dug a little bit further.
The expire-peers operation triggers an
AdminEvent::Expire(addr)event that's sent to every interface FSM, who then compares that addr against their peer addr. The event wraps just an Ipv6Addr so it doesn't have any scope_id included, nor does it filter the FSM event just to one interface FSM that corresponds to the (IP, scope) tuple.Additionally, routes are stored in the DB with just a peer address and no next-hop interface, which presumably means we are relying on NDP for installation to work properly.
While this has all worked well in practice, it would probably be a good idea to ensure proper handling of the same link-local IPs learned via multiple interfaces to be more robust in the face of an unforeseen issue (e.g. improper MAC assignment during sled manufacturing).