Re: DHCPv6 IA_PD - how-to
- Reply: Roy Marples : "Re: DHCPv6 IA_PD - how-to"
- In reply to: Karl Denninger : "Re: DHCPv6 IA_PD - how-to"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 02 Aug 2024 22:05:33 UTC
On 7/31/2024 08:00, Karl Denninger wrote: > On 7/31/2024 07:10, Roy Marples wrote: >> Roy Marples >> >> >> ---- On Wed, 31 Jul 2024 03:38:46 +0100 Karl Denninger wrote --- >> > Starting dhcpcd. >> > dhcpcd-10.0.8 starting >> > igb0: link state changed to UP >> > igb1: link state changed to UP >> > no interfaces have a carrier >> > Additional TCP/IP options: IPv6 CPE WANIF=igb0. >> > Setting up harvesting: [CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHE >> > R],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED >> > Feeding entropy: dd: /boot/entropy: Read-only file system >> > . >> > igb0: link state changed to DOWN >> > Setting hostname: IpGw.Denninger.Net. >> > ELF ldconfig path: /lib /usr/lib /usr/local/lib /usr/local/lib/ipsec /usr/local/ >> > lib/perl5/5.36/mach/CORE >> > 32-bit compatibility ldconfig path: /usr/lib32 /usr/lib32 >> > lo0: link state changed to UP >> > igb1: link state changed to DOWN >> > Starting Network: lo0 igb0 igb1 enc0. >> > igb0: link state changed to UP >> >> This all looks fine. >> >> > Which would be ok EXCEPT all I get is an IPv4 address and its not >> > repeatable either -- which it IS using DHCP provided by the system (that >> > is, I RARELY get a different one -- with dhcpcd I ALWAYS get a different >> > one. I'd prefer not to; obviously if I must then I must, but it appears >> > dhcpcd is not maintaining any sort of requested ID and thus even if the >> > server CAN give me the same IP, it doesn't.) >> > >> > But more troubling I don't get an IPv6 at all. The reason appears to be >> > that the default route doesn't get populated off the other end, and I >> > note that "ACCEPT_RTADV" is NOT there -- and neither is >> > "AUTO_LINKLOCAL". If I stop it from /usr/local/etc/rc.d with "dhcpcd >> > stop" and then "dhcpcd start" I *do* get the IPv6 delegation. >> > >> > Gotta put it back on the other setup for now, but any ideas would be >> > helpful - I can't take the connection offline for the next couple of >> > days, but can work on it over the weekend. >> >> So if dhcpcd handles IPv6 RS in any way for form on any interface then it >> will disable the kernel handling it. This is what you are seeing. >> You should also disable rtsold. >> On the other hand, you can leave the kernel handling everything RS by adding >> noipv6rs >> at the top of /etc/dhcpcd.conf >> >> Is it possible you are using both? >> Note that DHCPv6 will not set any default route, that's purely in the domain of RS. >> >> Roy > > This is what is typically in /etc/rc.conf: > > # > # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg" > # from the root directory as everything in these areas is in fact on a > ramdisk! > # > > hostname="IpGw.Denninger.Net" > > #dhcpcd_enable="YES" > > # Get a primary IPv4 address on the first (near serial port) ethernet port > # > #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal" > ifconfig_igb0="DHCP -vlanhwtso -tso -lro" > #ifconfig_igb0="DHCP -tso -lro" > > # > # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED > # to suit your configuration requirements! Also, if you change this you > # must look in the dhcp configuation file and change THAT since this > is the > # network's DHCP server. > # > #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso > -lro -vlanhwcsum -txcsum6" > ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso > -lro -vlanhwcsum" > ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0" > # > # VLAN for secure subnet; if there are VLANs on the inside, define > them here. > # > vlans_igb1="3 4" > ifconfig_igb1_3="inet 192.168.4.200/24" > #vlans_igb1="4" > ifconfig_igb1_4="inet6 -ifdisabled" > > # If you are turning on IPv6 then you MUST set both these lines AND > look in > # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and > # assignments for local prefix length. Note that we only accept > routing info > # on the WAN interface, NEVER on the internal one. > # > ipv6_cpe_wanif="igb0" > ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv" > ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv" > > #ipv6_activate_all_interfaces="yes" > # > # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to > # distribute IPv6 > # > rtadvd_enable="Yes" > rtadvd_interfaces="igb1 igb1.4" > > # > # Dhcp6c client (get IPv6 addresses; note that > /usr/local/etc/dhcp6c.conf must > # also be edited or this will NOT work!) > # > dhcp6c_enable="Yes" > dhcp6c_interfaces="igb0" > > # > # Enable gateway functionality for both IPv4 and IPv6 > # > gateway_enable="YES" > ipv6_gateway_enable="YES" > > .... (then other stuff) > > When attempting to use dhcpcd I change the file to: > > # > # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg" > # from the root directory as everything in these areas is in fact on a > ramdisk! > # > > hostname="IpGw.Denninger.Net" > > dhcpcd_enable="YES" > > # Get a primary IPv4 address on the first (near serial port) ethernet port > # > #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal" > #ifconfig_igb0="DHCP -vlanhwtso -tso -lro" > #ifconfig_igb0="DHCP -tso -lro" > > # > # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED > # to suit your configuration requirements! Also, if you change this you > # must look in the dhcp configuation file and change THAT since this > is the > # network's DHCP server. > # > #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso > -lro -vlanh > wcsum -txcsum6" > ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso > -lro -vlanhw > csum" > ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0" > # > # VLAN for secure subnet; if there are VLANs on the inside, define > them here. > # > vlans_igb1="3 4" > ifconfig_igb1_3="inet 192.168.4.200/24" > #vlans_igb1="4" > ifconfig_igb1_4="inet6 -ifdisabled" > > # If you are turning on IPv6 then you MUST set both these lines AND > look in > # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and > # assignments for local prefix length. Note that we only accept > routing info > # on the WAN interface, NEVER on the internal one. > # > ipv6_cpe_wanif="igb0" > ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv" > ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv" > > #ipv6_activate_all_interfaces="yes" > # > # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to > # distribute IPv6 > # > rtadvd_enable="Yes" > rtadvd_interfaces="igb1 igb1.4" > > # > # Dhcp6c client (get IPv6 addresses; note that > /usr/local/etc/dhcp6c.conf must > # also be edited or this will NOT work!) > # > #dhcp6c_enable="Yes" > #dhcp6c_interfaces="igb0" > > # > # Enable gateway functionality for both IPv4 and IPv6 > # > gateway_enable="YES" > ipv6_gateway_enable="YES" > > ..... > > And in /usr/local/etc/dhcpcd.conf I have changed "duid" to "clientid" > which appears to get a repeatable IPv4 IF the host will give me one > (duid ALWAYS results in a different pool address on each boot/run): > > > # A sample configuration for dhcpcd. > # See dhcpcd.conf(5) for details. > > # Allow users of this group to interact with dhcpcd via the control > socket. > #controlgroup wheel > > # Inform the DHCP server of our hostname for DDNS. > #hostname > > # Use the hardware address of the interface for the Client ID. > clientid > # or > # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per > RFC4361. > # Some non-RFC compliant DHCP servers do not reply with this set. > # In this case, comment out duid and enable clientid above. > #duid > > # Persist interface configuration when dhcpcd exits. > persistent > > # vendorclassid is set to blank to avoid sending the default of > # dhcpcd-<version>:<os>:<machine>:<platform> > vendorclassid > > # A list of options to request from the DHCP server. > option domain_name_servers, domain_name, domain_search > option classless_static_routes > # Respect the network MTU. This is applied to DHCP routes. > option interface_mtu > > # Request a hostname from the network > #option host_name > > # Most distributions have NTP support. > #option ntp_servers > > # Rapid commit support. > # Safe to enable by default because it requires the equivalent option set > # on the server to actually work. > option rapid_commit > > # A ServerID is required by RFC2131. > require dhcp_server_identifier > > # Generate SLAAC address using the Hardware Address of the interface > #slaac hwaddr > # OR generate Stable Private IPv6 Addresses based from the DUID > #slaac private > > > allowinterfaces igb0 > > #ipv6only > #ipv4only > > # > # Do not run these hooks; DO run the DDNS one in exit-hooks > # > nohook resolv.conf hostname ntp.conf > > # Do not allow router solicits on anywhere EXCEPT the external > # > noipv6rs > > interface igb0 > ipv6rs > ia_na 1 > ia_pd 1/::/56 igb1/0/64 igb1.4/1/64 > > ------------------------ > > I do not want the resolv.conf, hostname or ntp.conf hooks run as this > is a gateway and those are in fact fixed (unbound is running on it > with a local zone, for one thing) and I have an exit hook script that > pokes a few things (and appears to be working) > > I turned off "ipv6rs" for every other interface than the one declared > and then turned it on for igb0 (the external interface); is that > incorrect? > > This machine IS the gateway so it does need to run rtadvd for the > internal interfaces; rtsold is not enabled on this machine at all. It > has to get the default route for IPv6 from the upstream. I do not > want dhcpcd to tamper with anything other than igb0 -- other than > delegating /64 v6 prefixes, which it is doing with the above. > > But when I boot it with this rather than dhcp6c I do not get an IPv6 > delegation and do get an IPv4 on a cold start. If I do a > "/usr/local/etc/rc.d/dhcpcd restart" then IPv4 is left alone and IPv6 > populates. Looking at igb0 the ipv6 flags other than PERFORMNUD are > off; when I using dhcp6c what I have it this: > > igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> > metric 0 mtu 1500 > options=4e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG> > ether 00:0d:b9:46:71:88 > inet 71.15.252.132 netmask 0xfffffc00 broadcast 255.255.255.255 > inet6 fe80::20d:b9ff:fe46:7188%igb0 prefixlen 64 scopeid 0x1 > inet6 2600:6c5d:7009:600:896:206c:deea:394 prefixlen 128 > pltime 604800 vltime 604800 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> > > Thus I am accepting routing from the upstream and I also have > auto_linklocal. Both those flags are missing when I boot using > dhcpcd. In addition there is no default route on boot on igb0 -- but > again, if I re-run it then there is and the prefix gets assigned and > distributed. > > Here's what the routing table for ipv6 on the gateway looks like when > dhcp6c is being used: > > Internet6: > Destination Gateway Flags Netif Expire > ::/96 link#4 URS lo0 > default fe80::201:5cff:fe70:7c46%igb0 UG igb0 > ::1 link#4 UHS lo0 > ::ffff:0.0.0.0/96 link#4 URS lo0 > 2600:6c5d:5d00:ae00::/64 link#2 U igb1 > 2600:6c5d:5d00:ae00:20d:b9ff:fe46:7189 link#4 > UHS lo0 > 2600:6c5d:5d00:ae01::/64 link#6 U igb1.4 > 2600:6c5d:5d00:ae01:20d:b9ff:fe46:7189 link#4 > UHS lo0 > 2600:6c5d:7009:600:896:206c:deea:394 link#4 > UHS lo0 > fe80::%lo0/10 link#4 URS lo0 > fe80::%igb0/64 link#1 U igb0 > fe80::20d:b9ff:fe46:7188%lo0 link#4 UHS lo0 > fe80::%igb1/64 link#2 U igb1 > fe80::20d:b9ff:fe46:7189%lo0 link#4 UHS lo0 > fe80::%lo0/64 link#4 U lo0 > fe80::1%lo0 link#4 UHS lo0 > fe80::%igb1.4/64 link#6 U igb1.4 > fe80::20d:b9ff:fe46:7189%lo0 link#4 UHS lo0 > ff02::/16 link#4 URS lo0 > > I can play with this more over the weekend. > > Given that the box is a gateway rather than an endpoint if that > changes things please advise. All the stuff on the local network, > once I have the prefix, picks up addresses via SLACC and that is > working fine (I don't need dhcpcd on the FreeBSD machines behind the > gateway as they have fixed addresses for IPv4 and SLACC has been > working well for them.) > More on this..... If I boot with the above as noted I get no IPv6 address. However, if I sign into the box on the inside address and do "ifconfig igb0 down..... ifconfig igb0 up" (no need to stop/restart dhcpcd itself) then the system DOES get an IPv6 prefix. But it doesn't on boot, which I don't understand. Ideas for further troubleshooting? It appears something is coming up in the wrong order and precluding getting the IPv6 address. -- Karl Denninger karl@denninger.net /The Market Ticker/ /[S/MIME encrypted email preferred]/