Re: DHCPv6 IA_PD - how-to
- Reply: Karl Denninger : "Re: DHCPv6 IA_PD - how-to"
- In reply to: Roy Marples : "Re: DHCPv6 IA_PD - how-to"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 31 Jul 2024 12:00:58 UTC
On 7/31/2024 07:10, Roy Marples wrote: > Roy Marples > > > ---- On Wed, 31 Jul 2024 03:38:46 +0100 Karl Denninger wrote --- > > Starting dhcpcd. > > dhcpcd-10.0.8 starting > > igb0: link state changed to UP > > igb1: link state changed to UP > > no interfaces have a carrier > > Additional TCP/IP options: IPv6 CPE WANIF=igb0. > > Setting up harvesting: [CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHE > > R],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED > > Feeding entropy: dd: /boot/entropy: Read-only file system > > . > > igb0: link state changed to DOWN > > Setting hostname: IpGw.Denninger.Net. > > ELF ldconfig path: /lib /usr/lib /usr/local/lib /usr/local/lib/ipsec /usr/local/ > > lib/perl5/5.36/mach/CORE > > 32-bit compatibility ldconfig path: /usr/lib32 /usr/lib32 > > lo0: link state changed to UP > > igb1: link state changed to DOWN > > Starting Network: lo0 igb0 igb1 enc0. > > igb0: link state changed to UP > > This all looks fine. > > > Which would be ok EXCEPT all I get is an IPv4 address and its not > > repeatable either -- which it IS using DHCP provided by the system (that > > is, I RARELY get a different one -- with dhcpcd I ALWAYS get a different > > one. I'd prefer not to; obviously if I must then I must, but it appears > > dhcpcd is not maintaining any sort of requested ID and thus even if the > > server CAN give me the same IP, it doesn't.) > > > > But more troubling I don't get an IPv6 at all. The reason appears to be > > that the default route doesn't get populated off the other end, and I > > note that "ACCEPT_RTADV" is NOT there -- and neither is > > "AUTO_LINKLOCAL". If I stop it from /usr/local/etc/rc.d with "dhcpcd > > stop" and then "dhcpcd start" I *do* get the IPv6 delegation. > > > > Gotta put it back on the other setup for now, but any ideas would be > > helpful - I can't take the connection offline for the next couple of > > days, but can work on it over the weekend. > > So if dhcpcd handles IPv6 RS in any way for form on any interface then it > will disable the kernel handling it. This is what you are seeing. > You should also disable rtsold. > On the other hand, you can leave the kernel handling everything RS by adding > noipv6rs > at the top of /etc/dhcpcd.conf > > Is it possible you are using both? > Note that DHCPv6 will not set any default route, that's purely in the domain of RS. > > Roy This is what is typically in /etc/rc.conf: # # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg" # from the root directory as everything in these areas is in fact on a ramdisk! # hostname="IpGw.Denninger.Net" #dhcpcd_enable="YES" # Get a primary IPv4 address on the first (near serial port) ethernet port # #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal" ifconfig_igb0="DHCP -vlanhwtso -tso -lro" #ifconfig_igb0="DHCP -tso -lro" # # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED # to suit your configuration requirements! Also, if you change this you # must look in the dhcp configuation file and change THAT since this is the # network's DHCP server. # #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso -lro -vlanhwcsum -txcsum6" ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso -lro -vlanhwcsum" ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0" # # VLAN for secure subnet; if there are VLANs on the inside, define them here. # vlans_igb1="3 4" ifconfig_igb1_3="inet 192.168.4.200/24" #vlans_igb1="4" ifconfig_igb1_4="inet6 -ifdisabled" # If you are turning on IPv6 then you MUST set both these lines AND look in # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and # assignments for local prefix length. Note that we only accept routing info # on the WAN interface, NEVER on the internal one. # ipv6_cpe_wanif="igb0" ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv" ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv" #ipv6_activate_all_interfaces="yes" # # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to # distribute IPv6 # rtadvd_enable="Yes" rtadvd_interfaces="igb1 igb1.4" # # Dhcp6c client (get IPv6 addresses; note that /usr/local/etc/dhcp6c.conf must # also be edited or this will NOT work!) # dhcp6c_enable="Yes" dhcp6c_interfaces="igb0" # # Enable gateway functionality for both IPv4 and IPv6 # gateway_enable="YES" ipv6_gateway_enable="YES" .... (then other stuff) When attempting to use dhcpcd I change the file to: # # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg" # from the root directory as everything in these areas is in fact on a ramdisk! # hostname="IpGw.Denninger.Net" dhcpcd_enable="YES" # Get a primary IPv4 address on the first (near serial port) ethernet port # #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal" #ifconfig_igb0="DHCP -vlanhwtso -tso -lro" #ifconfig_igb0="DHCP -tso -lro" # # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED # to suit your configuration requirements! Also, if you change this you # must look in the dhcp configuation file and change THAT since this is the # network's DHCP server. # #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso -lro -vlanh wcsum -txcsum6" ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso -lro -vlanhw csum" ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0" # # VLAN for secure subnet; if there are VLANs on the inside, define them here. # vlans_igb1="3 4" ifconfig_igb1_3="inet 192.168.4.200/24" #vlans_igb1="4" ifconfig_igb1_4="inet6 -ifdisabled" # If you are turning on IPv6 then you MUST set both these lines AND look in # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and # assignments for local prefix length. Note that we only accept routing info # on the WAN interface, NEVER on the internal one. # ipv6_cpe_wanif="igb0" ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv" ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv" #ipv6_activate_all_interfaces="yes" # # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to # distribute IPv6 # rtadvd_enable="Yes" rtadvd_interfaces="igb1 igb1.4" # # Dhcp6c client (get IPv6 addresses; note that /usr/local/etc/dhcp6c.conf must # also be edited or this will NOT work!) # #dhcp6c_enable="Yes" #dhcp6c_interfaces="igb0" # # Enable gateway functionality for both IPv4 and IPv6 # gateway_enable="YES" ipv6_gateway_enable="YES" ..... And in /usr/local/etc/dhcpcd.conf I have changed "duid" to "clientid" which appears to get a repeatable IPv4 IF the host will give me one (duid ALWAYS results in a different pool address on each boot/run): # A sample configuration for dhcpcd. # See dhcpcd.conf(5) for details. # Allow users of this group to interact with dhcpcd via the control socket. #controlgroup wheel # Inform the DHCP server of our hostname for DDNS. #hostname # Use the hardware address of the interface for the Client ID. clientid # or # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361. # Some non-RFC compliant DHCP servers do not reply with this set. # In this case, comment out duid and enable clientid above. #duid # Persist interface configuration when dhcpcd exits. persistent # vendorclassid is set to blank to avoid sending the default of # dhcpcd-<version>:<os>:<machine>:<platform> vendorclassid # A list of options to request from the DHCP server. option domain_name_servers, domain_name, domain_search option classless_static_routes # Respect the network MTU. This is applied to DHCP routes. option interface_mtu # Request a hostname from the network #option host_name # Most distributions have NTP support. #option ntp_servers # Rapid commit support. # Safe to enable by default because it requires the equivalent option set # on the server to actually work. option rapid_commit # A ServerID is required by RFC2131. require dhcp_server_identifier # Generate SLAAC address using the Hardware Address of the interface #slaac hwaddr # OR generate Stable Private IPv6 Addresses based from the DUID #slaac private allowinterfaces igb0 #ipv6only #ipv4only # # Do not run these hooks; DO run the DDNS one in exit-hooks # nohook resolv.conf hostname ntp.conf # Do not allow router solicits on anywhere EXCEPT the external # noipv6rs interface igb0 ipv6rs ia_na 1 ia_pd 1/::/56 igb1/0/64 igb1.4/1/64 ------------------------ I do not want the resolv.conf, hostname or ntp.conf hooks run as this is a gateway and those are in fact fixed (unbound is running on it with a local zone, for one thing) and I have an exit hook script that pokes a few things (and appears to be working) I turned off "ipv6rs" for every other interface than the one declared and then turned it on for igb0 (the external interface); is that incorrect? This machine IS the gateway so it does need to run rtadvd for the internal interfaces; rtsold is not enabled on this machine at all. It has to get the default route for IPv6 from the upstream. I do not want dhcpcd to tamper with anything other than igb0 -- other than delegating /64 v6 prefixes, which it is doing with the above. But when I boot it with this rather than dhcp6c I do not get an IPv6 delegation and do get an IPv4 on a cold start. If I do a "/usr/local/etc/rc.d/dhcpcd restart" then IPv4 is left alone and IPv6 populates. Looking at igb0 the ipv6 flags other than PERFORMNUD are off; when I using dhcp6c what I have it this: igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 options=4e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG> ether 00:0d:b9:46:71:88 inet 71.15.252.132 netmask 0xfffffc00 broadcast 255.255.255.255 inet6 fe80::20d:b9ff:fe46:7188%igb0 prefixlen 64 scopeid 0x1 inet6 2600:6c5d:7009:600:896:206c:deea:394 prefixlen 128 pltime 604800 vltime 604800 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> Thus I am accepting routing from the upstream and I also have auto_linklocal. Both those flags are missing when I boot using dhcpcd. In addition there is no default route on boot on igb0 -- but again, if I re-run it then there is and the prefix gets assigned and distributed. Here's what the routing table for ipv6 on the gateway looks like when dhcp6c is being used: Internet6: Destination Gateway Flags Netif Expire ::/96 link#4 URS lo0 default fe80::201:5cff:fe70:7c46%igb0 UG igb0 ::1 link#4 UHS lo0 ::ffff:0.0.0.0/96 link#4 URS lo0 2600:6c5d:5d00:ae00::/64 link#2 U igb1 2600:6c5d:5d00:ae00:20d:b9ff:fe46:7189 link#4 UHS lo0 2600:6c5d:5d00:ae01::/64 link#6 U igb1.4 2600:6c5d:5d00:ae01:20d:b9ff:fe46:7189 link#4 UHS lo0 2600:6c5d:7009:600:896:206c:deea:394 link#4 UHS lo0 fe80::%lo0/10 link#4 URS lo0 fe80::%igb0/64 link#1 U igb0 fe80::20d:b9ff:fe46:7188%lo0 link#4 UHS lo0 fe80::%igb1/64 link#2 U igb1 fe80::20d:b9ff:fe46:7189%lo0 link#4 UHS lo0 fe80::%lo0/64 link#4 U lo0 fe80::1%lo0 link#4 UHS lo0 fe80::%igb1.4/64 link#6 U igb1.4 fe80::20d:b9ff:fe46:7189%lo0 link#4 UHS lo0 ff02::/16 link#4 URS lo0 I can play with this more over the weekend. Given that the box is a gateway rather than an endpoint if that changes things please advise. All the stuff on the local network, once I have the prefix, picks up addresses via SLACC and that is working fine (I don't need dhcpcd on the FreeBSD machines behind the gateway as they have fixed addresses for IPv4 and SLACC has been working well for them.) -- Karl Denninger karl@denninger.net /The Market Ticker/ /[S/MIME encrypted email preferred]/