Linux IPv4 protocol implementation provides IP_FREEBIND
, IPv6 protocol implementation IPV6_FREEBIND
respectively (since kernel 4.15 [1]), which for IPv4 is described:
allows binding to an IP address that is nonlocal or does not (yet) exist. This permits listening on a socket, without requiring the underlying network interface or the specified dynamic IP address to be up at the time that the application is trying to bind to it.
On a master instance with
- kernel 4.19.91
- dummy interface removed from the bridge and thus being in NO-CARRIER -> DOWN state
- having set
net.ipv6.ip_nonlocal_bind=1
daemons like ssh and unbound do bind to IPv6 addresses same as to IPv4 addresses.
However, such IPv6 is then still not reachable, despite the route entry set (generated by the interface) in the kernel's routing table
underlying root cause for IPv6 failing on an empty bridge with NO-CARRIER that appears to be DAD and IPv6 state
since only upon successful completion of DAD, the IFA_F_TENTATIVE
flag is removed and set to IFA_F_PERMANENT
.
IPv6 address in the tentative state cannot receive connections and optimistic DAD applies only to dynamic IPv6 addresses but not static ones.
Found on the public domain several reference that setting net.ipv6.conf.<device>.dad_transmits = 0
would resolve the matter but that did not reproduce on my node.
In the end it is back to leveraging the dummy device enslaved in the bridge.