Fix IPv6-only CNI interface support #26910
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a test case to verify that CNI results containing only IPv6 addresses are handled correctly. This is a regression test for a bug introduced in hashicorpGH-23882 where IPv6-only interfaces would fail with 'no interface with an address' error. The test verifies that when a CNI plugin returns only an IPv6 address (without IPv4), the allocation network status should be properly populated with the IPv6 address in the AddressIPv6 field.
Fix a regression introduced in Nomad 1.9.0 where CNI bridge networking with IPv6-only interfaces would fail with 'no interface with an address' error. The issue was that while the code correctly populated the AddressIPv6 field for IPv6 addresses, several validation checks only examined the Address field (IPv4), causing IPv6-only configurations to be rejected. Changes: - Update interface selection logic in cniToAllocNet to accept interfaces with either IPv4 or IPv6 addresses (not just IPv4) - Update fallback logic to check both Address and AddressIPv6 fields - Update error check to only fail when both IPv4 and IPv6 are missing - Update AllocNetworkStatus.IsZero() to check AddressIPv6 field This allows CNI configurations with IPv6-only interfaces to work correctly, restoring functionality from Nomad 1.8.x. Fixes hashicorp#26905
|
|
github-project-automation
bot
moved this to Needs Triage
in Nomad - Community Issues Triage
tgross
reviewed
Oct 8, 2025
Member
tgross
left a comment
tgross
left a comment
There was a problem hiding this comment.
This LGTM to me for the specific problem described, but I think we're still going to end up running into the problem described in #25997 by @gabivlj, which we've never landed. Have you verified this end-to-end that the address is getting picked up by the driver?
(cc @gulducat to see if he has more thoughts on this too)
Add multiple test cases to validate the behavior of CNI allocation when handling IPv6-only and dualstack configurations. The new tests ensure that the first address is selected correctly from multiple addresses across interfaces, maintaining consistent behavior with IPv4. This improves coverage for edge cases in CNI result processing and reinforces the recent fixes for IPv6 support.
Add fallback logic in cniToAllocNet to populate the Address field with the IPv6 address when no IPv4 address is available. This change ensures compatibility with existing code that relies on the Address field for service registration, particularly in scenarios where only IPv6 addresses are present.
Contributor
Author
|
Good point. I looked into the service registration code and it only checks the Address field, so IPv6-only would fail there. Added the fallback from #25997 - copying IPv6 to Address when there's no IPv4. Tests updated to match. Note that I tested the code correctness in an IPv6-only environment. I don't have access to a place where I could verify it works in dual-stack and IPv4-only setups. |
Contributor
Author
github-project-automation
bot
moved this from In Progress
to Done
in Nomad - Community Issues Triage
tgross
added
backport/ent/1.9.x+ent
7 tasks
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fix a regression introduced in Nomad 1.9.0-beta.1 where CNI bridge networking with IPv6-only interfaces would fail with the error
failed to configure network: no interface with an address.The issue was that while the code correctly populated the
AddressIPv6field for IPv6 addresses, several validation checks only examined theAddressfield (IPv4), causing IPv6-only configurations to be incorrectly rejected. This affected users running IPv6-only infrastructure who were unable to upgrade from Nomad 1.8.x to 1.9.x.This PR updates the validation logic in four locations to check both IPv4 and IPv6 address fields:
cniToAllocNet()- now accepts interfaces with either IPv4 or IPv6 addressesAddressandAddressIPv6before falling backAllocNetworkStatus.IsZero()- includesAddressIPv6in the zero checkTesting & Reproduction steps
Reproduction (without fix):
network { mode = "bridge" }failed to configure network: no interface with an addressTesting:
TestCNI_cniToAllocNet_IPv6Onlythat verifies CNI results with only IPv6 addresses are handled correctlyTestCNI_cniToAllocNet_DualstacktestLinks
Fixes #26905
Related:
Contributor Checklist
changelog entry using the
make clcommand.ensure regressions will be caught.
and job configuration, please update the Nomad website documentation to reflect this. Refer to
the website README for docs guidelines. Please also consider whether the
change requires notes within the upgrade guide.
Reviewer Checklist
Changes to Security Controls
No changes to security controls. This is a bug fix that restores correct validation logic for network interface address checking.