Re: DHCPDv6 in non-vnet jail

Reply: Goran Mekić : "Re: DHCPDv6 in non-vnet jail"
In reply to: Goran Mekić : "Re: DHCPDv6 in non-vnet jail"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ronald Klop <ronald-lists_at_klop.ws>
Date: Wed, 30 Mar 2022 12:45:17 UTC
Hi,

First. I'm not an IPv6 expert. Got it running at home. Although with SLAAC, not DHCP yet.
Another disclaimer is that I use VNET-jails nowadays.
But I like to try and think along with you.

What surprises me is that your non-vnet jail does not have a LINKLOCAL fe80::: address. These addresses are used for configuration in the local network (AFAIK).
And your routing table does not contain a line like this:
ff02::/16                         ::1                           UGRS        lo0

So how is the ff02:: multicast routed in your network?

But the tcpdump shows that the multicast solicit message is received on the non-vnet dhcp-server so that seems to work:
18:02:51.229813 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
I don't know if the dhcp-server program also sees this request coming in on its interface. Maybe extra logging can help there.

According to https://en.wikipedia.org/wiki/DHCPv6#Example the dhcp-server would reply with a link-local fe80:: address.
"Server replies with an advertise from [fe80::0011:22ff:fe33:5566]:547 to [fe80::aabb:ccff:fedd:eeff]:546."
But your dhcp-server does not have an fe80::.

So I'm wondering how that would work.

More questions than answers. But I hope it helps.

Regards,
Ronald.


 
Van: "Goran Mekic" <meka@tilda.center>
Datum: dinsdag, 29 maart 2022 18:11
Aan: Ronald Klop <ronald-lists@klop.ws>
CC: freebsd-current@freebsd.org, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Onderwerp: Re: DHCPDv6 in non-vnet jail
> 
> On Tue, Mar 29, 2022 at 12:14:20PM +0200, Ronald Klop wrote:
> > I think it will help if you share more of your configuration/logs.
> Inside non-vnet jail, this is ifconfig output
> cbsd0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>     description: lagg0
>     ether 58:9c:fc:10:9b:75
>     inet 172.16.0.253 netmask 0xffffffff broadcast 172.16.0.253
>     inet6 fd10:6c79:8ae5:8b91::2 prefixlen 128
>     id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>     maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>     root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>     member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 7 priority 128 path cost 2000
>     member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 11 priority 128 path cost 2000
>     member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 10 priority 128 path cost 2000
>     member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 9 priority 128 path cost 2000
>     member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 8 priority 128 path cost 2000
>     groups: bridge
>     nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> 
> There are bunch of other interfaces, but only cbsd0 (bridge interface)
> is set up with ip address.
> 
> 
> netstat -rn
> Routing tables
> 
> Internet:
> Destination        Gateway            Flags     Netif Expire
> 172.16.0.253       link#4             UH        cbsd0
> 
> Internet6:
> Destination                       Gateway                       Flags     Netif Expire
> fd10:6c79:8ae5:8b91::2            link#4                        UHS         lo0
> 
> 
> grep -v '^#' /usr/local/etc/dhcpd6.conf
> 
> default-lease-time 2592000;
> preferred-lifetime 604800;
> option dhcp-renewal-time 3600;
> option dhcp-rebinding-time 7200;
> allow leasequery;
> option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
> option dhcp6.domain-search "test.example.com","example.com";
> option dhcp6.info-refresh-time 21600;
> dhcpv6-lease-file-name "/var/db/dhcpd6/dhcpd6.leases";
> 
> subnet6 fd10:6c79:8ae5:8b91::/64 {
>   range6 fd10:6c79:8ae5:8b91::/64;
> }
> 
> 
> ls -l /dev
> total 1
> crw-------  1 root  wheel   0x26 Mar 29 17:35 bpf
> lrwxr-xr-x  1 root  wheel      3 Mar 28 09:31 bpf0 -> bpf
> crw-rw-rw-  1 root  wheel   0x4a Mar 26 15:54 crypto
> dr-xr-xr-x  2 root  wheel    512 Mar 29 03:38 fd
> crw-rw-rw-  1 root  wheel   0x2a Mar 29 18:00 null
> crw-rw----  1 root  nsd    0x1a5 Mar 24 23:45 pf
> crw-rw----  1 root  nsd     0x4b Mar 26 15:54 pfil
> dr-xr-xr-x  2 root  wheel    512 Mar 28 09:31 pts
> crw-r--r--  1 root  wheel    0x8 Mar 24 23:45 random
> lrwxr-xr-x  1 root  wheel      4 Mar 28 09:31 stderr -> fd/2
> lrwxr-xr-x  1 root  wheel      4 Mar 28 09:31 stdin -> fd/0
> lrwxr-xr-x  1 root  wheel      4 Mar 28 09:31 stdout -> fd/1
> lrwxr-xr-x  1 root  wheel      6 Mar 28 09:31 urandom -> random
> crw-rw-rw-  1 root  wheel   0x2b Mar 26 15:54 zero
> 
> 
> 
> On the host I have /etc/rtadvd.conf:
> cbsd0:addr="fd10:6c79:8ae5:8b91::":raflags="m"
> 
> 
> On the host ifconfig cbsd0
> cbsd0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>     description: lagg0
>     ether 58:9c:fc:10:9b:75
>     inet 172.16.0.254 netmask 0xffffff00 broadcast 172.16.0.255
>     inet 172.16.1.254 netmask 0xffffff00 broadcast 172.16.1.255
>     inet 172.16.0.253 netmask 0xffffffff broadcast 172.16.0.253
>     inet6 fe80::5a9c:fcff:fe10:9b75%cbsd0 prefixlen 64 scopeid 0x4
>     inet6 fd10:6c79:8ae5:8b91::1 prefixlen 64
>     inet6 fd10:6c79:8ae5:8b91::2 prefixlen 128
>     id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>     maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>     root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>     member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 7 priority 128 path cost 2000
>     member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 11 priority 128 path cost 2000
>     member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 10 priority 128 path cost 2000
>     member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 9 priority 128 path cost 2000
>     member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 8 priority 128 path cost 2000
>     groups: bridge
>     nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> 
> > Besides you can take a look with tcpdump/wireshark on what happens on different interfaces of your machines to see the traffic flow between client and server.
> Running tcpdump -i cbsd0 ip6 inside the non-vnet:
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on cbsd0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 18:02:29.081325 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322
> 18:02:51.229813 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
> 18:02:52.338420 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
> 18:02:54.444709 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
> 18:02:58.449268 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
> 18:02:59.083071 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322
> 18:03:06.545104 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
> 18:03:12.355503 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322
> 18:03:22.890933 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
> 18:03:29.084154 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322
> 18:03:54.837662 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
> 18:03:59.081342 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322
> 18:04:29.083992 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322
> 18:04:41.028190 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322
> 
> 
> That happens while I'm running dhcp6c -d -f eth0 inside vnet jail (eth0
> is epair that is renamed):
> Mar/29/2022 18:02:50: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
> Mar/29/2022 18:02:50: failed initialize control message authentication
> Mar/29/2022 18:02:50: skip opening control port
> Mar/29/2022 18:02:50: cfparse: fopen(/usr/local/etc/dhcp6c.conf): No such file or directory
> Mar/29/2022 18:02:51: Sending Solicit
> Mar/29/2022 18:02:52: Sending Solicit
> Mar/29/2022 18:02:54: Sending Solicit
> Mar/29/2022 18:02:58: Sending Solicit
> Mar/29/2022 18:03:06: Sending Solicit
> Mar/29/2022 18:03:22: Sending Solicit
> Mar/29/2022 18:03:54: Sending Solicit
> 
> 
> 
> Can I provide any more info?
> 
> Regards,
> meka
> 
> 
> 
>