[colug-432] IPv6 adventures

Jim Wildman jim at rossberry.com
Thu Sep 3 23:12:42 EDT 2015 

I was incorrect on the temp addresses for Linux.

Apparently you need all of

net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
net.ipv6.conf.eth0.use_tempaddr=2

in /etc/sysctl.conf or /etc/sysctl.d/something.conf and then reboot.

Then you will get something like

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:4830:1600:851f:410a:e1d4:bbd5:745d/64 scope global temporary dynamic
    	valid_lft 604778sec preferred_lft 14382sec
    inet6 2001:4830:1600:851f:21a:4aff:febc:6f02/64 scope global dynamic
    	valid_lft 2591982sec preferred_lft 14382sec


On Mon, 31 Aug 2015, Jim Wildman wrote:

> radvd will not start unless the nic it is broadcasting on has an ip in the 
> range it is
> broadcasting (in my experience)
>
> Yes, routes are shown as going to the link-local address of the router
> Yes, you can have multiple ipv6 addresses on the same nic 'automagically' 
> (remember, we are
> not worried about running out now)
>
> This 9 video set will teach you a lot
> https://www.youtube.com/watch?v=rljkNMySmuM&list=PLubdeCMkkh9xqMBPWQg0WwCTZKhXPi0gM
>
> check the value of
> net.ipv6.conf.all.use_tempaddr = 0
> with sysctl
> 0 means use the MAC derived ipv6
> 1 means randomize it
> I'm not sure if it randomizes the outbound ip if you have a static ipv6 
> address
>
> ip -6 a
> ip -6 route
>
> are becoming familiar to my fingers
>
> # ip -6 a show dev eth0
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
>    	 inet6 2001:42:1600:9552::1/64 scope global  <-- subnet ::1
>   	 valid_lft forever preferred_lft forever
>       	 inet6 fe80::216:3eff:fe57:5c5a/64 scope link
>       	 valid_lft forever preferred_lft forever
>
> # cat /etc/radvd.conf
> interface eth0 <--
> {
>         AdvDefaultLifetime 9000;
>         AdvDefaultPreference high;
>         AdvSendAdvert on;
>         UnicastOnly on;
>         MinRtrAdvInterval 30;
>         MaxRtrAdvInterval 100;
>         prefix 2001:42:1600:9552::/64  <--- same subnet
>         {
>                 AdvOnLink on;
>                 AdvAutonomous on;
>                 AdvRouterAddr off;
>         };
>
> };
>
> On Mon, 31 Aug 2015, R P Herrold wrote:
>
>>  On Mon, 31 Aug 2015, Rob Funk wrote:
>> 
>> >  Jim Wildman wrote:
>> > >  yes.  <dev> of the nic on the ipv6 network
>> > > 
>> > >  and you need that when ip -6 route doesn't have a default route set
>> > >  yet (because there is no radvd running, no router, etc)
>> > 
>> >  Hm. If I'm reading it right, both fe80::/64 and my TW-assigned /64
>> >  route to eth0, and I have a default route pointing to my router's
>> >  link-local address (which I still need a -I to ping).
>>
>>  I do not have a reference to an implementation memo or RFC
>>  'best practices' document, but I believe, in a native ipv6
>>  environment, that the radvd hands out default routes through
>>  the link-local IPv6 series, rather than the externally known
>>  ipv6 address (which may vary over time as links come and go in
>>  terms of availability)
>>
>>  (from a native ipv6 setup at PMman:
>>
>>  [root at charles ~]# netstat -A inet6 -rn | tail -3
>>  ff02::1:ffb2:e7f0/128                       ff02::1:ffb2:e7f0
>>  UC    0      1        0 eth0
>>  ff00::/8                                    ::
>>  U     256    0        0 eth0
>>  ff00::/8                                    ::
>>  U     256    0        0 eth1
>>
>>  [root at charles ~]# ip addr show eth0
>>  2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>>  pfifo_fast state UP qlen 1000
>>     link/ether 00:16:3e:31:f4:fb brd ff:ff:ff:ff:ff:ff
>>     inet 198.49.244.251/24 brd 198.49.244.255 scope global eth0
>>     inet6 2605:4400:1:781:216:3eff:fe31:f4fb/64 scope global dynamic
>>        valid_lft 2591943sec preferred_lft 604743sec
>>     inet6 fe80::216:3eff:fe31:f4fb/64 scope link
>>        valid_lft forever preferred_lft forever
>>  [root at charles ~]#
>>
>>  so: MAC address: 00:16:3e:     31:f4:fb (I set off the last 6 octets)
>>  link-local: fe80::216:3eff: fe 31 f4 fb (so I can show alignment)
>>
>>  and thus its derivation from the MAC address
>>
>>  The link local is 'forever'; the 2605::/16 is mutable, (thus:
>>  dynamic)
>>
>>  As the 'next hop router' (and usually the radvd)  is always
>>  accessible in the local network collision domain:
>>  ff::/8 and fe::/8, this makes sense as an approach
>>
>>  but I write as a practitioner, and not a theoretician
>>
>>  -- Russ herrold
>>  _______________________________________________
>>  colug-432 mailing list
>>  colug-432 at colug.net
>>  http://lists.colug.net/mailman/listinfo/colug-432
>> 
>
> ----------------------------------------------------------------------
> Jim Wildman, CISSP, RHCE       jim at rossberry.com http://www.rossberry.net
> "Society in every state is a blessing, but Government, even in its best
> state, is a necessary evil; in its worst state, an intolerable one."
> Thomas Paine
>

----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE       jim at rossberry.com http://www.rossberry.net
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine

More information about the colug-432 mailing list