From 6e395edbaa5943db243e36183f8c3b45b64f4de6 Mon Sep 17 00:00:00 2001
From: Aritra Basu <aritrbas@cisco.com>
Date: Wed, 4 Feb 2026 04:18:42 -0500
Subject: [PATCH] cni: enable IPv6 on pod interfaces with v6 address
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Enable IPv6 on pod interfaces when a pod is IPv6 enabled.
This ensures a link‑local address exists for NS.

VPP change "ip-neighbor: do not use sas to determine NS source
address" makes NS always use the interface’s link‑local address.
Calico VPP pod interfaces are unnumbered and never had IPv6
explicitly enabled, so no link‑local address existed on the pod
interface. This breaks IPv6 neighbor resolution and traffic.

Signed-off-by: Aritra Basu <aritrbas@cisco.com>
---
 calico-vpp-agent/cni/podinterface/common.go | 16 ++++++++++++++++
 vpplink/generated/vpp_clone_current.sh      |  3 ---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/calico-vpp-agent/cni/podinterface/common.go b/calico-vpp-agent/cni/podinterface/common.go
index 8b66ae4cb..714c0e092 100644
--- a/calico-vpp-agent/cni/podinterface/common.go
+++ b/calico-vpp-agent/cni/podinterface/common.go
@@ -153,6 +153,22 @@ func (i *PodInterfaceDriverData) DoPodInterfaceConfiguration(podSpec *model.Loca
 		return errors.Wrapf(err, "error setting new pod if up")
 	}
 
+	/*
+	 * VPP patch "ip-neighbor: do not use sas to determine NS source address"
+	 * makes NS always use the interface’s link‑local address. CalicoVPP pod
+	 * interfaces are unnumbered and never had IPv6 explicitly enabled, so no
+	 * link‑local address existed on the pod interface. This breaks IPv6
+	 * neighbor resolution and traffic. Enable IPv6 on L2 pod interfaces for
+	 * ND to work; L3 pod interfaces do not have an Ethernet link to resolve.
+	 */
+	_, hasv6 := podSpec.Hasv46()
+	if hasv6 && !*ifSpec.IsL3 {
+		err = i.vpp.EnableInterfaceIP6(swIfIndex)
+		if err != nil {
+			return errors.Wrapf(err, "error enabling ipv6 on pod interface")
+		}
+	}
+
 	err = i.vpp.SetInterfaceRxMode(swIfIndex, types.AllQueues, ifSpec.GetRxModeWithDefault(types.AdaptativeRxMode))
 	if err != nil {
 		return errors.Wrapf(err, "error SetInterfaceRxMode on pod if interface")
diff --git a/vpplink/generated/vpp_clone_current.sh b/vpplink/generated/vpp_clone_current.sh
index 23a4dcd33..72fc8467e 100755
--- a/vpplink/generated/vpp_clone_current.sh
+++ b/vpplink/generated/vpp_clone_current.sh
@@ -112,9 +112,6 @@ git_clone_cd_and_reset "$VPP_DIR" ${BASE}
 git_cherry_pick refs/changes/26/34726/3 # 34726: interface: add buffer stats api | https://gerrit.fd.io/r/c/vpp/+/34726
 git_cherry_pick refs/changes/43/42343/2 # 42343: vcl: LDP default to regular option | https://gerrit.fd.io/r/c/vpp/+/42343
 
-# This is the commit which broke IPv6 from v3.28.0 onwards.
-git_revert refs/changes/75/39675/5  # ip-neighbor: do not use sas to determine NS source address
-
 # testing new cnat stuff
 git_cherry_pick refs/changes/89/41089/31 # https://gerrit.fd.io/r/c/vpp/+/41089 cnat: combine multiple changes
 git_cherry_pick refs/changes/69/43369/16 # https://gerrit.fd.io/r/c/vpp/+/43369 cnat: converge new cnat implementation to support encaps (calico)