[colug-432] IPv6 adventures
Jim Wildman
jim at rossberry.com
Mon Aug 31 18:29:59 EDT 2015
radvd will not start unless the nic it is broadcasting on has an ip in the range it is
broadcasting (in my experience)
Yes, routes are shown as going to the link-local address of the router
Yes, you can have multiple ipv6 addresses on the same nic 'automagically' (remember, we are
not worried about running out now)
This 9 video set will teach you a lot
https://www.youtube.com/watch?v=rljkNMySmuM&list=PLubdeCMkkh9xqMBPWQg0WwCTZKhXPi0gM
check the value of
net.ipv6.conf.all.use_tempaddr = 0
with sysctl
0 means use the MAC derived ipv6
1 means randomize it
I'm not sure if it randomizes the outbound ip if you have a static ipv6 address
ip -6 a
ip -6 route
are becoming familiar to my fingers
# ip -6 a show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:42:1600:9552::1/64 scope global <-- subnet ::1
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe57:5c5a/64 scope link
valid_lft forever preferred_lft forever
# cat /etc/radvd.conf
interface eth0 <--
{
AdvDefaultLifetime 9000;
AdvDefaultPreference high;
AdvSendAdvert on;
UnicastOnly on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:42:1600:9552::/64 <--- same subnet
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
On Mon, 31 Aug 2015, R P Herrold wrote:
> On Mon, 31 Aug 2015, Rob Funk wrote:
>
>> Jim Wildman wrote:
>>> yes. <dev> of the nic on the ipv6 network
>>>
>>> and you need that when ip -6 route doesn't have a default route set
>>> yet (because there is no radvd running, no router, etc)
>>
>> Hm. If I'm reading it right, both fe80::/64 and my TW-assigned /64
>> route to eth0, and I have a default route pointing to my router's
>> link-local address (which I still need a -I to ping).
>
> I do not have a reference to an implementation memo or RFC
> 'best practices' document, but I believe, in a native ipv6
> environment, that the radvd hands out default routes through
> the link-local IPv6 series, rather than the externally known
> ipv6 address (which may vary over time as links come and go in
> terms of availability)
>
> (from a native ipv6 setup at PMman:
>
> [root at charles ~]# netstat -A inet6 -rn | tail -3
> ff02::1:ffb2:e7f0/128 ff02::1:ffb2:e7f0
> UC 0 1 0 eth0
> ff00::/8 ::
> U 256 0 0 eth0
> ff00::/8 ::
> U 256 0 0 eth1
>
> [root at charles ~]# ip addr show eth0
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP qlen 1000
> link/ether 00:16:3e:31:f4:fb brd ff:ff:ff:ff:ff:ff
> inet 198.49.244.251/24 brd 198.49.244.255 scope global eth0
> inet6 2605:4400:1:781:216:3eff:fe31:f4fb/64 scope global dynamic
> valid_lft 2591943sec preferred_lft 604743sec
> inet6 fe80::216:3eff:fe31:f4fb/64 scope link
> valid_lft forever preferred_lft forever
> [root at charles ~]#
>
> so: MAC address: 00:16:3e: 31:f4:fb (I set off the last 6 octets)
> link-local: fe80::216:3eff: fe 31 f4 fb (so I can show alignment)
>
> and thus its derivation from the MAC address
>
> The link local is 'forever'; the 2605::/16 is mutable, (thus:
> dynamic)
>
> As the 'next hop router' (and usually the radvd) is always
> accessible in the local network collision domain:
> ff::/8 and fe::/8, this makes sense as an approach
>
> but I write as a practitioner, and not a theoretician
>
> -- Russ herrold
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE jim at rossberry.com http://www.rossberry.net
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine
More information about the colug-432
mailing list