feat: support IPv6: fallback logic, dialability filtering (part two)

alex-aizman · alex-aizman · commit 1b77779aa706 · 2026-02-05T16:25:39.000-05:00
* cmn/network: - rewrite Host2IP(): remove IPv4-only To4() filter - amend ParseHost2IP(): add dialability check and debug assert - add IsDialableHostIP() to reject link-local, multicast, et al. * cmn/config: - document UseIPv6 as user preference with fallback semantics - note future feature flag for strict IPv6-only mode --------- * when selecting local unicast IPs: - getLocalIPs: pass useIPv6 as parameter - add two-pass resolution - when UseIPv6 is configured but no usable v6 addresses found, fall back to v4 * extract _listen() helper for multihome pub listeners * simplify/refactor _selectHost() -------- * part two, prev. commit: 3a4e3ae Signed-off-by: Alex Aizman <alex.aizman@gmail.com>
diff --git a/ais/htrun.go b/ais/htrun.go
@@ -401,10 +401,31 @@ func (h *htrun) initSnode(config *cmn.Config) {
 		dataAddr meta.NetInfo
 		port     = strconv.Itoa(config.HostNet.Port)
 		proto    = config.Net.HTTP.Proto
+		useIPv6  = config.Net.UseIPv6
 	)
-	addrList, err := getLocalIPs(config)
+	addrList, err := getLocalIPs(config, useIPv6)
 	if err != nil {
-		cos.ExitLogf("failed to get local IP addr list: %v", err)
+		if !useIPv6 {
+			cos.ExitLogf("failed to get local IPv4 addr list: %v", err)
+		}
+		// v6 was explicitly requested (and failed) - try fallback to IPv4
+		var nested error
+
+		useIPv6 = false
+		addrList, nested = getLocalIPs(config, false)
+		if nested != nil {
+			cos.ExitLogf("failed to get local IP addr list: %v (nested: %v)", err, nested)
+		}
+		nlog.Warningf("no usable IPv6 addresses found (%v) - falling back to IPv4 ...", err)
+
+		// update net servers that were initialized with useIPv6=true
+		g.netServ.pub.useIPv6 = false
+		if config.HostNet.UseIntraControl {
+			g.netServ.control.useIPv6 = false
+		}
+		if config.HostNet.UseIntraData {
+			g.netServ.data.useIPv6 = false
+		}
 	}
 
 	if l := len(addrList); l > 1 {
@@ -428,7 +449,7 @@ func (h *htrun) initSnode(config *cmn.Config) {
 		// public hostname could be a load balancer's external IP or a service DNS
 		nlog.Infoln("K8s deployment: skipping hostname validation for", config.HostNet.Hostname)
 		pubAddr.Init(proto, pub, port)
-	} else if err = initNetInfo(&pubAddr, addrList, proto, config.HostNet.Hostname, port, config.Net.UseIPv6); err != nil {
+	} else if err = initNetInfo(&pubAddr, addrList, proto, config.HostNet.Hostname, port, useIPv6); err != nil {
 		cos.ExitLogf("failed to select %s IP/hostname: %v", cmn.NetPublic, err)
 	}
 
@@ -452,7 +473,7 @@ func (h *htrun) initSnode(config *cmn.Config) {
 	ctrlAddr = pubAddr
 	if config.HostNet.UseIntraControl {
 		icport := strconv.Itoa(config.HostNet.PortIntraControl)
-		err = initNetInfo(&ctrlAddr, addrList, proto, config.HostNet.HostnameIntraControl, icport, config.Net.UseIPv6)
+		err = initNetInfo(&ctrlAddr, addrList, proto, config.HostNet.HostnameIntraControl, icport, useIPv6)
 		if err != nil {
 			cos.ExitLogf("failed to select %s IP/hostname: %v", cmn.NetIntraControl, err)
 		}
@@ -465,7 +486,7 @@ func (h *htrun) initSnode(config *cmn.Config) {
 	dataAddr = pubAddr
 	if config.HostNet.UseIntraData {
 		idport := strconv.Itoa(config.HostNet.PortIntraData)
-		err = initNetInfo(&dataAddr, addrList, proto, config.HostNet.HostnameIntraData, idport, config.Net.UseIPv6)
+		err = initNetInfo(&dataAddr, addrList, proto, config.HostNet.HostnameIntraData, idport, useIPv6)
 		if err != nil {
 			cos.ExitLogf("failed to select %s IP/hostname: %v", cmn.NetIntraData, err)
 		}
@@ -626,19 +647,29 @@ func (h *htrun) run(config *cmn.Config) error {
 	if h.pubAddrAny(config) {
 		ep = ":" + h.si.PubNet.Port
 	} else if len(h.si.PubExtra) > 0 {
+		// multihome: listen on additional configured pub addr-s
 		for _, pubExtra := range h.si.PubExtra {
-			debug.Assert(pubExtra.Port == h.si.PubNet.Port, "expecting the same TCP port for all multi-home interfaces")
-			server := &netServer{muxers: g.netServ.pub.muxers, sndRcvBufSize: g.netServ.pub.sndRcvBufSize, useIPv6: config.Net.UseIPv6}
-			go func() {
-				_ = server.listen(pubExtra.TCPEndpoint(), logger, tlsConf, config)
-			}()
-			g.netServ.pubExtra = append(g.netServ.pubExtra, server)
+			h._listen(pubExtra, logger, tlsConf, config, g.netServ.pub.useIPv6)
 		}
 	}
 
 	return g.netServ.pub.listen(ep, logger, tlsConf, config) // stay here
 }
 
+func (h *htrun) _listen(pubExtra meta.NetInfo, logger *log.Logger, tlsConf *tls.Config, config *cmn.Config, useIPv6 bool) {
+	debug.Assert(pubExtra.Port == h.si.PubNet.Port, "expecting the same TCP port for all multi-home interfaces")
+	server := &netServer{
+		muxers:        g.netServ.pub.muxers,
+		sndRcvBufSize: g.netServ.pub.sndRcvBufSize,
+		useIPv6:       useIPv6, // in fact, expecting the same TCP port _and_ the same IP family as PubNet
+	}
+	ep := pubExtra.TCPEndpoint()
+	go func() {
+		_ = server.listen(ep, logger, tlsConf, config)
+	}()
+	g.netServ.pubExtra = append(g.netServ.pubExtra, server)
+}
+
 // return true to start listening on `INADDR_ANY:PubNet.Port`
 func (h *htrun) pubAddrAny(config *cmn.Config) (inaddrAny bool) {
 	switch {
diff --git a/ais/utils.go b/ais/utils.go
@@ -71,8 +71,8 @@ func (addr *localIPInfo) warn() {
 //
 
 // returns a list of local unicast IPs (and their MTU)
-func getLocalIPs(config *cmn.Config) ([]*localIPInfo, error) {
-	if config.Net.UseIPv6 {
+func getLocalIPs(config *cmn.Config, useIPv6 bool) ([]*localIPInfo, error) {
+	if useIPv6 {
 		return _getLocalIPv6s(config)
 	}
 	return _getLocalIPv4s(config)
@@ -276,10 +276,7 @@ func _selectHost(locIPs []*localIPInfo, hostnames []string, useIPv6 bool) (strin
 
 		var ipstr string
 		if pip := net.ParseIP(hostNoBr); pip != nil { // parses as IP literal
-			if useIPv6 && !_isIPv6(pip) {
-				continue
-			}
-			if !useIPv6 && !_isIPv4(pip) {
+			if useIPv6 != _isIPv6(pip) {
 				continue
 			}
 			ipstr = pip.String()
diff --git a/cmn/config.go b/cmn/config.go
@@ -575,8 +575,14 @@ type (
 
 		HTTP HTTPConf `json:"http"`
 
-		// cluster-wide default (read-only)
-		// in the future, use LocalNetConfig to override (e.g., pub: IPv6, intra: IPv4)
+		// cluster-wide user preference (read-only)
+		// when true: prefer IPv6, fall back to IPv4 if no usable v6 addresses
+		// when false: use IPv4 (default)
+		//
+		// NOTE:
+		// in the future:
+		// - use LocalNetConfig to override (e.g., pub: IPv6, intra: IPv4)
+		// - add a feature flag to enforce IPv6-only (and disallow IPv4 fallback)
 		UseIPv6 bool `json:"use_ipv6"`
 	}
 	NetConfToSet struct {
diff --git a/cmn/network.go b/cmn/network.go
@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"github.com/NVIDIA/aistore/cmn/debug"
+	"github.com/NVIDIA/aistore/cmn/nlog"
 )
 
 const (
@@ -44,10 +45,10 @@ func ValidatePort(port int) (int, error) {
 	return port, nil
 }
 
-// TODO -- FIXME: git grep -n '\.To4()', and similar
-func Host2IP(host string, local bool) (net.IP, error) {
+// resolve `host` and returns the first usable (TCP dialable) IP address (v4 or v6)
+func Host2IP(host string, localTimeout bool) (net.IP, error) {
 	timeout := max(time.Second, Rom.MaxKeepalive())
-	if local {
+	if localTimeout {
 		timeout = max(time.Second, Rom.CplaneOperation())
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
@@ -57,23 +58,72 @@ func Host2IP(host string, local bool) (net.IP, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	// pass 1: prefer non-loopback if possible
+	for _, addr := range addrs {
+		ip := addr.IP
+		if IsDialableHostIP(ip) && !ip.IsLoopback() {
+			return ip, nil
+		}
+	}
+	// pass 2 (fallback)
 	for _, addr := range addrs {
-		if ip := addr.IP.To4(); ip != nil {
+		ip := addr.IP
+		if IsDialableHostIP(ip) {
 			return ip, nil
 		}
 	}
 
-	// return err
-	ips := make([]net.IP, len(addrs))
-	for i, addr := range addrs {
-		ips[i] = addr.IP
+	// return detailed error
+	ips := make([]net.IP, 0, len(addrs))
+	for _, addr := range addrs {
+		ips = append(ips, addr.IP)
 	}
-	return nil, fmt.Errorf("failed to locally resolve %q (have IPs %v)", host, ips)
+	return nil, fmt.Errorf("failed to resolve dialable IP for %q (have IPs %v)", host, ips)
+}
+
+// check whether `ip` is usable for TCP dialing
+// in particular:
+// - reject IPv6 link-local
+// - reject multicast and unspecified
+// - allow loopback
+func IsDialableHostIP(ip net.IP) bool {
+	if ip == nil {
+		return false
+	}
+
+	ip4 := ip.To4()
+	if ip4 != nil {
+		return !ip4.IsUnspecified() && !ip4.IsMulticast()
+	}
+
+	ip16 := ip.To16()
+	if ip16 == nil {
+		return false // invalid
+	}
+
+	// filter IPv6
+	if ip16.IsUnspecified() || ip16.IsMulticast() {
+		return false
+	}
+	if ip16.IsLinkLocalUnicast() {
+		return false // link-local requires a zone
+	}
+	if ip16[0] == 0x20 && ip16[1] == 0x01 && ip16[2] == 0x0d && ip16[3] == 0xb8 {
+		return false // reject RFC 3849 documentation prefix: 2001:db8::/32
+	}
+
+	return true
 }
 
 func ParseHost2IP(host string, local bool) (net.IP, error) {
 	ip := net.ParseIP(host)
 	if ip != nil {
+		if !IsDialableHostIP(ip) {
+			warn := fmt.Errorf("ParseHost2IP: %s (%s) is not dialable", host, ip.String())
+			debug.Assert(false, warn)
+			nlog.Warningln(warn)
+		}
 		return ip, nil // is a parse-able IP addr
 	}
 	return Host2IP(host, local)
