Difference between revisions of "Non-Local IPv6 Router Advertisement"

From Exterior Memory
Jump to: navigation, search
(Link-local addresses)
(Disable link-local IPv6 addresses on the gateway)
Line 31: Line 31:
  
 
===Disable link-local IPv6 addresses on the gateway===
 
===Disable link-local IPv6 addresses on the gateway===
 +
 +
An interface typically has one IPv4 address, but multiple IPv6 addresses. Consider the following example:
 +
 +
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
 +
    options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
 +
    ether 00:23:df:97:90:38
 +
    inet 192.0.2.3 netmask 0xffffff00 broadcast 192.0.2.255
 +
    inet6 2001:db8:767:2a::3 prefixlen 64
 +
    inet6 2001:db8:767:2a:223:dfff:fe97:9038 prefixlen 64 autoconf
 +
    inet6 2001:db8:767:2a:acfe:e43b:2c35:d387 prefixlen 64 autoconf temporary
 +
    inet6 fe80::223:dfff:fe97:9038%en0 prefixlen 64 scopeid 0x4
 +
 +
This host has four IPv6 addresses:
 +
* A manually configured or DHCPv6 assigned address (<tt>2001:db8:767:2a::3</tt>)
 +
* A SLAAC (Stateless Address Auto Configuration) address based on the router advertisement and the MAC address of the interface (this can be identified by the <tt>ff:fe</tt> part of the IPv6 address: <tt>2001:db8:767:2a:223:dfff:fe97:9038 </tt>). Note that SLAAC is enabled in the kernel by default. Unlike IPv4 DHCP which need to be specifically enabled, SLAAC is always configured if the server receives an router advertisement.
 +
* An temporary address, automatically configured based on the router advertisement, but not based on the MAC address for enhanced privacy (<tt>2001:db8:767:2a:acfe:e43b:2c35:d387</tt>)
 +
* A link-local address based on the MAC address and interface name (recognisable by the <tt>fe80</tt> prefix and the interface appendix after the <tt>%</tt> sign: <tt>fe80::223:dfff:fe97:9038%en0</tt>)
 +
 +
You can disable respectively SLAAC and link-local address with the following kernel parameters.
 +
 +
For BSD kernels:
 +
sysctl net.inet6.ip6.accept_rtadv=0
 +
sysctl net.inet6.ip6.auto_linklocal=0
 +
 +
For Linux kernels:
 +
sysctl net.ipv6.conf.eth0.accept_ra_defrtr=0
 +
sysctl net.ipv6.conf.eth0.autoconf=0
  
 
{{Unfinished}}
 
{{Unfinished}}

Revision as of 20:57, 15 January 2012

IPv6 uses router advertisements (part of the Neighbour Discovery protocol of ICMPv6) to announce the default gateway. Hosts send a router solicitation message, and routers respond with a router advertisement message. This is unlike IPv4 where gateways are typically specified as part of the DHCP messages. Another difference is that IPv6 router advertisements use multicast (IPv6 ff02::1 and MAC address 33:33:00:00:00:01 for router advertisements; IPv6 ff02::2 and MAC address 33:33:00:00:00:02 for router solicitations).

Link-local addresses

Another striking feature of IPv6 is that is uses link-local IP addresses for local communication. Since neighbour discovery is local in scope, this means that the router sends the router solicitation with a link-local IPv6 ad the source address.

By default, a host stores the source IP address and source MAC address in the routing table. Hence, you will see IPv6 link local addresses in the IPv6 routing table:

% netstat -rn -f inet6
Destination        Gateway                         Flags       Netif
default            fe80::200:24ff:fece:69ef%en0    UGcI        eth0
::1                link#1                          UHL         lo0
....

This is unlike what most users expect. For example, if the host has IPv6 address 2001:0db8:63:24ff:fece:69ef, most users would expect 2001:0db8:637::1 as the gateway:

% netstat -rn -f inet6
Destination        Gateway                         Flags       Netif
default            2001:0db8:637::1%eth0           UGcI        eth0
::1                link#1                          UHL         lo0
....

In reality, the IPv6 address of the gateway is irrelevant, as a packet on the wire would only contain the MAC destination address of the gateway. The IPv6 destination address contains the address of the final destination, not of the gateway.

Specify Global IPv6 Address for the Gateway

For easier debugging, network administrators may prefer to see a global IPv6 address as the gateway in hosts, instead of a link-local IPv6 address. Technically, it is possible to accomplish this in two ways.

  • Disable link-local IPv6 addresses on the gateway
  • Use the global scope IPv6 address in the router advertisement

Disable link-local IPv6 addresses on the gateway

An interface typically has one IPv4 address, but multiple IPv6 addresses. Consider the following example:

en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
    ether 00:23:df:97:90:38
    inet 192.0.2.3 netmask 0xffffff00 broadcast 192.0.2.255
    inet6 2001:db8:767:2a::3 prefixlen 64
    inet6 2001:db8:767:2a:223:dfff:fe97:9038 prefixlen 64 autoconf
    inet6 2001:db8:767:2a:acfe:e43b:2c35:d387 prefixlen 64 autoconf temporary
    inet6 fe80::223:dfff:fe97:9038%en0 prefixlen 64 scopeid 0x4

This host has four IPv6 addresses:

  • A manually configured or DHCPv6 assigned address (2001:db8:767:2a::3)
  • A SLAAC (Stateless Address Auto Configuration) address based on the router advertisement and the MAC address of the interface (this can be identified by the ff:fe part of the IPv6 address: 2001:db8:767:2a:223:dfff:fe97:9038 ). Note that SLAAC is enabled in the kernel by default. Unlike IPv4 DHCP which need to be specifically enabled, SLAAC is always configured if the server receives an router advertisement.
  • An temporary address, automatically configured based on the router advertisement, but not based on the MAC address for enhanced privacy (2001:db8:767:2a:acfe:e43b:2c35:d387)
  • A link-local address based on the MAC address and interface name (recognisable by the fe80 prefix and the interface appendix after the % sign: fe80::223:dfff:fe97:9038%en0)

You can disable respectively SLAAC and link-local address with the following kernel parameters.

For BSD kernels:

sysctl net.inet6.ip6.accept_rtadv=0
sysctl net.inet6.ip6.auto_linklocal=0

For Linux kernels:

sysctl net.ipv6.conf.eth0.accept_ra_defrtr=0
sysctl net.ipv6.conf.eth0.autoconf=0
This article is unfinished.

Use global scope IPv6 address in the router advertisement

This article is unfinished.