Re: DHCPv6 IA_PD - how-to

From: Karl Denninger <karl_at_denninger.net>
Date: Fri, 02 Aug 2024 22:05:33 UTC
On 7/31/2024 08:00, Karl Denninger wrote:
> On 7/31/2024 07:10, Roy Marples wrote:
>> Roy Marples
>>
>>
>>   ---- On Wed, 31 Jul 2024 03:38:46 +0100  Karl Denninger  wrote ---
>>   >     Starting dhcpcd.
>>   >       dhcpcd-10.0.8 starting
>>   >       igb0: link state changed to UP
>>   >       igb1: link state changed to UP
>>   >       no interfaces have a carrier
>>   >       Additional TCP/IP options: IPv6 CPE WANIF=igb0.
>>   >       Setting up harvesting:      [CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHE
>>   >       R],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
>>   >       Feeding entropy: dd: /boot/entropy: Read-only file system
>>   >       .
>>   >       igb0: link state changed to DOWN
>>   >       Setting hostname: IpGw.Denninger.Net.
>>   >       ELF ldconfig path: /lib /usr/lib /usr/local/lib      /usr/local/lib/ipsec /usr/local/
>>   >       lib/perl5/5.36/mach/CORE
>>   >       32-bit compatibility ldconfig path: /usr/lib32 /usr/lib32
>>   >       lo0: link state changed to UP
>>   >       igb1: link state changed to DOWN
>>   >       Starting Network: lo0 igb0 igb1 enc0.
>>   >       igb0: link state changed to UP
>>
>> This all looks fine.
>>
>>   > Which would be ok EXCEPT all I get is an IPv4 address and its not
>>   > repeatable either -- which it IS using DHCP provided by the system (that
>>   > is, I RARELY get a different one -- with dhcpcd I ALWAYS get a different
>>   > one.  I'd prefer not to; obviously if I must then I must, but it appears
>>   > dhcpcd is not maintaining any sort of requested ID and thus even if the
>>   > server CAN give me the same IP, it doesn't.)
>>   >
>>   > But more troubling I don't get an IPv6 at all.  The reason appears to be
>>   > that the default route doesn't get populated off the other end, and I
>>   > note that "ACCEPT_RTADV" is NOT there -- and neither is
>>   > "AUTO_LINKLOCAL".  If I stop it from /usr/local/etc/rc.d with "dhcpcd
>>   > stop" and then "dhcpcd start" I *do* get the IPv6 delegation.
>>   >
>>   > Gotta put it back on the other setup for now, but any ideas would be
>>   > helpful - I can't take the connection offline for the next couple of
>>   > days, but can work on it over the weekend.
>>
>> So if dhcpcd handles IPv6 RS in any way for form on any interface then it
>> will disable the kernel handling it. This is what you are seeing.
>> You should also disable rtsold.
>> On the other hand, you can leave the kernel handling everything RS by adding
>> noipv6rs
>> at the top of /etc/dhcpcd.conf
>>
>> Is it possible you are using both?
>> Note that DHCPv6 will not set any default route, that's purely in the domain of RS.
>>
>> Roy
>
> This is what is typically in /etc/rc.conf:
>
> #
> # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg"
> # from the root directory as everything in these areas is in fact on a 
> ramdisk!
> #
>
> hostname="IpGw.Denninger.Net"
>
> #dhcpcd_enable="YES"
>
> # Get a primary IPv4 address on the first (near serial port) ethernet port
> #
> #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal"
> ifconfig_igb0="DHCP -vlanhwtso -tso -lro"
> #ifconfig_igb0="DHCP -tso -lro"
>
> #
> # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED
> # to suit your configuration requirements!  Also, if you change this you
> # must look in the dhcp configuation file and change THAT since this 
> is the
> # network's DHCP server.
> #
> #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso 
> -lro -vlanhwcsum -txcsum6"
> ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso 
> -lro -vlanhwcsum"
> ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0"
> #
> # VLAN for secure subnet; if there are VLANs on the inside, define 
> them here.
> #
> vlans_igb1="3 4"
> ifconfig_igb1_3="inet 192.168.4.200/24"
> #vlans_igb1="4"
> ifconfig_igb1_4="inet6 -ifdisabled"
>
> # If you are turning on IPv6 then you MUST set both these lines AND 
> look in
> # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and
> # assignments for local prefix length.  Note that we only accept 
> routing info
> # on the WAN interface, NEVER on the internal one.
> #
> ipv6_cpe_wanif="igb0"
> ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"
> ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"
>
> #ipv6_activate_all_interfaces="yes"
> #
> # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
> # distribute IPv6
> #
> rtadvd_enable="Yes"
> rtadvd_interfaces="igb1 igb1.4"
>
> #
> # Dhcp6c client (get IPv6 addresses; note that 
> /usr/local/etc/dhcp6c.conf must
> # also be edited or this will NOT work!)
> #
> dhcp6c_enable="Yes"
> dhcp6c_interfaces="igb0"
>
> #
> # Enable gateway functionality for both IPv4 and IPv6
> #
> gateway_enable="YES"
> ipv6_gateway_enable="YES"
>
> .... (then other stuff)
>
> When attempting to use dhcpcd I change the file to:
>
> #
> # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg"
> # from the root directory as everything in these areas is in fact on a 
> ramdisk!
> #
>
> hostname="IpGw.Denninger.Net"
>
> dhcpcd_enable="YES"
>
> # Get a primary IPv4 address on the first (near serial port) ethernet port
> #
> #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal"
> #ifconfig_igb0="DHCP -vlanhwtso -tso -lro"
> #ifconfig_igb0="DHCP -tso -lro"
>
> #
> # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED
> # to suit your configuration requirements!  Also, if you change this you
> # must look in the dhcp configuation file and change THAT since this 
> is the
> # network's DHCP server.
> #
> #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso 
> -lro -vlanh
> wcsum -txcsum6"
> ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso 
> -lro -vlanhw
> csum"
> ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0"
> #
> # VLAN for secure subnet; if there are VLANs on the inside, define 
> them here.
> #
> vlans_igb1="3 4"
> ifconfig_igb1_3="inet 192.168.4.200/24"
> #vlans_igb1="4"
> ifconfig_igb1_4="inet6 -ifdisabled"
>
> # If you are turning on IPv6 then you MUST set both these lines AND 
> look in
> # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and
> # assignments for local prefix length.  Note that we only accept 
> routing info
> # on the WAN interface, NEVER on the internal one.
> #
> ipv6_cpe_wanif="igb0"
> ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"
> ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"
>
> #ipv6_activate_all_interfaces="yes"
> #
> # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
> # distribute IPv6
> #
> rtadvd_enable="Yes"
> rtadvd_interfaces="igb1 igb1.4"
>
> #
> # Dhcp6c client (get IPv6 addresses; note that 
> /usr/local/etc/dhcp6c.conf must
> # also be edited or this will NOT work!)
> #
> #dhcp6c_enable="Yes"
> #dhcp6c_interfaces="igb0"
>
> #
> # Enable gateway functionality for both IPv4 and IPv6
> #
> gateway_enable="YES"
> ipv6_gateway_enable="YES"
>
> .....
>
> And in /usr/local/etc/dhcpcd.conf I have changed "duid" to "clientid" 
> which appears to get a repeatable IPv4 IF the host will give me one 
> (duid ALWAYS results in a different pool address on each boot/run):
>
>
> # A sample configuration for dhcpcd.
> # See dhcpcd.conf(5) for details.
>
> # Allow users of this group to interact with dhcpcd via the control 
> socket.
> #controlgroup wheel
>
> # Inform the DHCP server of our hostname for DDNS.
> #hostname
>
> # Use the hardware address of the interface for the Client ID.
> clientid
> # or
> # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per 
> RFC4361.
> # Some non-RFC compliant DHCP servers do not reply with this set.
> # In this case, comment out duid and enable clientid above.
> #duid
>
> # Persist interface configuration when dhcpcd exits.
> persistent
>
> # vendorclassid is set to blank to avoid sending the default of
> # dhcpcd-<version>:<os>:<machine>:<platform>
> vendorclassid
>
> # A list of options to request from the DHCP server.
> option domain_name_servers, domain_name, domain_search
> option classless_static_routes
> # Respect the network MTU. This is applied to DHCP routes.
> option interface_mtu
>
> # Request a hostname from the network
> #option host_name
>
> # Most distributions have NTP support.
> #option ntp_servers
>
> # Rapid commit support.
> # Safe to enable by default because it requires the equivalent option set
> # on the server to actually work.
> option rapid_commit
>
> # A ServerID is required by RFC2131.
> require dhcp_server_identifier
>
> # Generate SLAAC address using the Hardware Address of the interface
> #slaac hwaddr
> # OR generate Stable Private IPv6 Addresses based from the DUID
> #slaac private
>
>
> allowinterfaces igb0
>
> #ipv6only
> #ipv4only
>
> #
> # Do not run these hooks; DO run the DDNS one in exit-hooks
> #
> nohook resolv.conf hostname ntp.conf
>
> # Do not allow router solicits on anywhere EXCEPT the external
> #
> noipv6rs
>
> interface igb0
>         ipv6rs
>         ia_na 1
>         ia_pd 1/::/56 igb1/0/64 igb1.4/1/64
>
> ------------------------
>
> I do not want the resolv.conf, hostname or ntp.conf hooks run as this 
> is a gateway and those are in fact fixed (unbound is running on it 
> with a local zone, for one thing) and I have an exit hook script that 
> pokes a few things (and appears to be working)
>
> I turned off "ipv6rs" for every other interface than the one declared 
> and then turned it on for igb0 (the external interface); is that 
> incorrect?
>
> This machine IS the gateway so it does need to run rtadvd for the 
> internal interfaces; rtsold is not enabled on this machine at all.  It 
> has to get the default route for IPv6 from the upstream.  I do not 
> want dhcpcd to tamper with anything other than igb0 -- other than 
> delegating /64 v6 prefixes, which it is doing with the above.
>
> But when I boot it with this rather than dhcp6c I do not get an IPv6 
> delegation and do get an IPv4 on a cold start.  If I do a 
> "/usr/local/etc/rc.d/dhcpcd restart" then IPv4 is left alone and IPv6 
> populates.  Looking at igb0 the ipv6 flags other than PERFORMNUD are 
> off; when I using dhcp6c what I have it this:
>
> igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> 
> metric 0 mtu 1500
> options=4e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
>         ether 00:0d:b9:46:71:88
>         inet 71.15.252.132 netmask 0xfffffc00 broadcast 255.255.255.255
>         inet6 fe80::20d:b9ff:fe46:7188%igb0 prefixlen 64 scopeid 0x1
>         inet6 2600:6c5d:7009:600:896:206c:deea:394 prefixlen 128 
> pltime 604800 vltime 604800
>         media: Ethernet autoselect (1000baseT <full-duplex>)
>         status: active
>         nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
>
> Thus I am accepting routing from the upstream and I also have 
> auto_linklocal.  Both those flags are missing when I boot using 
> dhcpcd.  In addition there is no default route on boot on igb0 -- but 
> again, if I re-run it then there is and the prefix gets assigned and 
> distributed.
>
> Here's what the routing table for ipv6 on the gateway looks like when 
> dhcp6c is being used:
>
> Internet6:
> Destination Gateway                       Flags     Netif Expire
> ::/96 link#4                        URS         lo0
> default fe80::201:5cff:fe70:7c46%igb0 UG         igb0
> ::1 link#4                        UHS         lo0
> ::ffff:0.0.0.0/96 link#4                        URS         lo0
> 2600:6c5d:5d00:ae00::/64 link#2                        U          igb1
> 2600:6c5d:5d00:ae00:20d:b9ff:fe46:7189 link#4                   
> UHS         lo0
> 2600:6c5d:5d00:ae01::/64 link#6                        U        igb1.4
> 2600:6c5d:5d00:ae01:20d:b9ff:fe46:7189 link#4                   
> UHS         lo0
> 2600:6c5d:7009:600:896:206c:deea:394 link#4                     
> UHS         lo0
> fe80::%lo0/10 link#4                        URS         lo0
> fe80::%igb0/64 link#1                        U          igb0
> fe80::20d:b9ff:fe46:7188%lo0 link#4                        UHS         lo0
> fe80::%igb1/64 link#2                        U          igb1
> fe80::20d:b9ff:fe46:7189%lo0 link#4                        UHS         lo0
> fe80::%lo0/64 link#4                        U           lo0
> fe80::1%lo0 link#4                        UHS         lo0
> fe80::%igb1.4/64 link#6                        U        igb1.4
> fe80::20d:b9ff:fe46:7189%lo0 link#4                        UHS         lo0
> ff02::/16 link#4                        URS         lo0
>
> I can play with this more over the weekend.
>
> Given that the box is a gateway rather than an endpoint if that 
> changes things please advise.  All the stuff on the local network, 
> once I have the prefix, picks up addresses via SLACC and that is 
> working fine (I don't need dhcpcd on the FreeBSD machines behind the 
> gateway as they have fixed addresses for IPv4 and SLACC has been 
> working well for them.)
>
More on this.....

If I boot with the above as noted I get no IPv6 address. However, if I 
sign into the box on the inside address and do "ifconfig igb0 down..... 
ifconfig igb0 up" (no need to stop/restart dhcpcd itself) then the 
system DOES get an IPv6 prefix.

But it doesn't on boot, which I don't understand.

Ideas for further troubleshooting?  It appears something is coming up in 
the wrong order and precluding getting the IPv6 address.

-- 
Karl Denninger
karl@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/