From nobody Fri Aug 02 22:05:33 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WbKdz4J6Vz5RGKl for ; Fri, 02 Aug 2024 22:05:43 +0000 (UTC) (envelope-from karl@denninger.net) Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4WbKdy2pSmz4Ywc for ; Fri, 2 Aug 2024 22:05:42 +0000 (UTC) (envelope-from karl@denninger.net) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=denninger.net; spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net Received: from denninger.net (syn-071-015-252-132.res.spectrum.com [71.15.252.132]) by colo1.denninger.net (Postfix) with ESMTP id 34F12219755 for ; Fri, 02 Aug 2024 18:05:55 -0400 (EDT) Received: from [192.168.10.28] (D18.Denninger.Net [192.168.10.28]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by denninger.net (Postfix) with ESMTPSA id 7004D497373 for ; Fri, 02 Aug 2024 18:05:35 -0400 (EDT) Message-ID: <9bcca610-711a-41b0-955a-12968a3a8be0@denninger.net> Date: Fri, 2 Aug 2024 18:05:33 -0400 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: DHCPv6 IA_PD - how-to To: freebsd-net@freebsd.org References: <050440F8-B3D8-4B2C-85BD-D5C09C303037@distal.com> <20240727.122108.862717899466090274.moto@kawasaki3.org> <190fdf3e353.11351bb5e292296.3216692081725884177@marples.name> <20240730.091027.1008656135460861216.moto@kawasaki3.org> <1910419702c.f8dcf010456961.6536659919669261420@marples.name> <2c1d5655-452c-4b7d-906d-8aa1affa64bd@denninger.net> <191087bf5c4.109d82255531772.5427621875687457864@marples.name> <2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net> Content-Language: en-US From: Karl Denninger Autocrypt: addr=karl@denninger.net; keydata= xsFNBF1Rd+gBEACmLAH7SAzdQq57ZN56QQEy0jDFfH5BvGOMZgCaP+Y5lJQ5u9WphCoCALMs Rg0o1Q9DRNWgUmy/cgsxioXAEzZFXXzOHPJhwplVOgfjxnoByD5KQhWG8Owm9QmATdtiZPSV 4UYVNUIbZv7btSnnAXysG2OUHajYS5PVeFQxFbhNFq/SS8VaXr1WEVTFa8NFKp2W3/KY1A+U KKDUlYwnOauK3fnY9chF2IRSoxAbBJFrJ4lPGz04HtzNos4Q9CBfTphKcdFjcPntNS9wrqs3 sm+7hLNTH9B2Kj6aekG5UhD03eyP+gevTgBy51RL6ULzI13Kc4aeyOByuBXrA8D2m2Ee67iy 4+ZSxM9Wn1gQce5624OWzCYIGBH2r75Bshp1KHKu36N2rN//kyKYnwl/z6UZB/S9cMUFKZgL gFx7QxpFX/HvSiBcPfcGS0meModpg6qma7/2jRoQAXacslpiT+uOfRGspNbnglkbw435RzX/ kMUclJQNZBBBUpPiGjVCjeBTiAfN8TyjS+pWzwxNCUZWbYO5xVaS0gbIhgVNoBOGn1rdTsdA PP65SRjaoL5KY6bzkkzrXLB2Djx8/p4vr0qIqxIQWbewJq3xKyKGiqI46ae77BF7k0B++Ndx g9K9UeWKl/iJ0eoI0ftR+xH3aIHTU1Or3j/tj4j8Z0tnVSyt1wARAQABzSNLYXJsIERlbm5p bmdlciA8a2FybEBkZW5uaW5nZXIubmV0PsLBfwQTAQgAKQUCZj4NhwIbIwUJDK6K2AcLCQgH AwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEG8twBXrj1l42DQP/A0AGcBuGhHzGh2aFyW94B29 ECEkmkxigmQt++AG9xr3Qv4gC6UtSGzKo50SWAdek5peBRTbeDALa/tQvBsbi2aJgYWxZVOV N2XLe89ZjvJuTZqXaG/iaV50es56/cWBlG7VR+5/ijw3uSWO6gZ+L5bkKnQ/p8OWUP0GbtV1 rmEL4DOf6Sel7vOHGLIOgppMxH3DqAgHINZPhOBn/ySnFYNRUyUzp+DxKweH3/6UT8kLST4z UykLcb6HCXEkPM8ECyXkQacE6AfSsrj+tpDv97ZU9UzfprMGY8MmtpACc2509YhdDgljoaGq dfC2//HDKjEt31apoiKwQ9x2oqDBRtkRJoSuqC+rxRDGYMFdxRUBTEJ/j/P3EJdqCO128Jb+ 2iw+0ERUqMyPJWpRXb+J/zdo4ge5RP39LreyNhblEF3aKIvNMj+KrGwznB0Muny8uP73O/bw w7Nkj6HuXbq9gZ1jV6WqHzP9seadWpxLhcR8UQZqgFbO7Q4Y1Lj7TWt/cEoGXe5TeBGO8/b/ Q0g+LF0+/waARlk9dwVx5vBol4ZJ4gDEwzZD6IqDYB5Knenv/wWAdK7WrzLqP4zBzU5vwpJ+ Aj8i+lkqGcaCdtMdRZpa3qR68eKgutuVCzCt3Ydt2Oeiz/D0ccI++FzJgqfD+r4B1pjWT/V3 SRerR30au23XzsFNBF1Rd+gBEADNVFS8nQ+kpKOpgtP+f3bCVxHAm7eHMbX6oew5yZiQwfD+ 1RWNWLVOMeTt7G2e5HsHpJOUwFUJhbDb0omB0r38xTSVSAig9kmUfb7tTMJG2bG7WfWykBOM WIZ4OhCf+ISv9dUkjNgx4ionWotFxwDiPRwWumVQ7WYZmRZlhDWMiaHgKvBrjJ7Y6GKPRbQc 5/0Qz9xGhXKlFxDQrrSMkyRThIOxXqdfD9z3rEsV3ZwOojzNsnkIImnQMKyIAR0FBQop34G9 wDQi7fxk8wGIfDszwfR4oAdDdPGq4gcAvE7Fd3xKyNpGyjSED5szoaFjldaZSXQIffquSUvy sFCTTLRIso5Dn9uQgi57gIv+5mnyKBfm2Z2P6pEQPSt073TED9rS0+JpniJL7rKRVpO5niqw sQJS6ht+JF88rXro+SiwxD/KeDpTuuJ10+ohLVi1Y+X82X7BIQEhqtFp9FVJSds4o/eNyaHd SoqfoeWMy3EV+rdJ3DneXcPS1BgxO57Rko5Hx3NUSVK83ovFb+Ofes9SLNdqNu3xAUcfpRdS DyxzpVbCq6Y2CIojiaweiYe5BOBhmR9OPGhqP8YD7GukYmQufAVuOrIVyctBlVPHgMBb+UX+ ItYXuX4weSJWLOsmM45xd/EYvBq2DWFpKlyihoktNzTGqxGsNeG7gCOEUTAnUwARAQABwsFl BBgBCAAPBQJmPg2HAhsMBQkMrorYAAoJEG8twBXrj1l4s28P/icoshBPgHA86zWSiBYWtR4M TXbg86Yo5tMm64gO2ipXHlDnS0fQOjkJvfo+1e8soq0Rf4RxvKGEDLF9sxLD3z0ptF4Lj8aN zddLPlWFUZ9iOGbDGZhdvnB6YfCWEOXnkXJHfdheYOd/cni54Y4MT1sPMUiPGDlB4Fpu1voL wMZdGfplQYuV+zYv2ezd6Aoc/YwmhixX3YSjy6vFa+7x8OXrGUK69XaZ649GGHpeZzYuLTPw jAfCjbYBk9a24GtQlO/sk9SHRlxIU1e/AflNMtOMYDwuEDLuPgTLe4pRt4lnSdnQSVsFoYz1 nO7XBtyJdUa2rrhcLfhmSxlbJF/4cmNB4ebyT+5v+9ChpMVqzpKBCjyxPm4s+WVq4aYQ7D24 caCcUknD82iMFDFvbV0dm/xAQKZ3k+L/apMhHtUS23dzhJemxWdeQ6Cs2l0FYoGtrEzfUguR Hj7U3opGU6F4dnH1nQt4CbaXAOXM2Zh4ik+z5xRv9ro7fZUG8KSaz8dHKc2scpnJsqdS5XEk NwcHQUCCwSOEPzbugPJY1vjkjlTGWu6ihN7mjxxfthNPGU21/Vfv0d+mlBNdTkl2YOlQtKci YBqkhRb5Re9KC+6O7dWFf5qPZQiD3iUOxUOWsaQhj/CxO+EYk7kxEJxV4tMZfesE90LgTINX Z7FdWd0DYG+m In-Reply-To: <2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------aOW0sQzSHoJuaOntZQ6QerXy" X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.44 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.992]; NEURAL_HAM_LONG(-0.97)[-0.966]; NEURAL_HAM_MEDIUM(-0.59)[-0.595]; DMARC_POLICY_ALLOW(-0.50)[denninger.net,none]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+mx]; XM_UA_NO_VERSION(0.01)[]; ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US]; FREEFALL_USER(0.00)[karl]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:~,5:~]; RCVD_TLS_LAST(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; R_DKIM_NA(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; HAS_ATTACHMENT(0.00)[] X-Rspamd-Queue-Id: 4WbKdy2pSmz4Ywc This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------aOW0sQzSHoJuaOntZQ6QerXy Content-Type: multipart/mixed; boundary="------------RWgd4YUsogOfDIuUM4b6i6yW"; protected-headers="v1" From: Karl Denninger To: freebsd-net@freebsd.org Message-ID: <9bcca610-711a-41b0-955a-12968a3a8be0@denninger.net> Subject: Re: DHCPv6 IA_PD - how-to References: <050440F8-B3D8-4B2C-85BD-D5C09C303037@distal.com> <20240727.122108.862717899466090274.moto@kawasaki3.org> <190fdf3e353.11351bb5e292296.3216692081725884177@marples.name> <20240730.091027.1008656135460861216.moto@kawasaki3.org> <1910419702c.f8dcf010456961.6536659919669261420@marples.name> <2c1d5655-452c-4b7d-906d-8aa1affa64bd@denninger.net> <191087bf5c4.109d82255531772.5427621875687457864@marples.name> <2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net> In-Reply-To: <2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net> --------------RWgd4YUsogOfDIuUM4b6i6yW Content-Type: multipart/alternative; boundary="------------KRlzcMo49e03TW159gVFw1tj" --------------KRlzcMo49e03TW159gVFw1tj Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 7/31/2024 08:00, Karl Denninger wrote: > On 7/31/2024 07:10, Roy Marples wrote: >> Roy Marples >> >> >> ---- On Wed, 31 Jul 2024 03:38:46 +0100 Karl Denninger wrote --- >> > Starting dhcpcd. >> > dhcpcd-10.0.8 starting >> > igb0: link state changed to UP >> > igb1: link state changed to UP >> > no interfaces have a carrier >> > Additional TCP/IP options: IPv6 CPE WANIF=igb0. >> > Setting up harvesting: [CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHE >> > R],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED >> > Feeding entropy: dd: /boot/entropy: Read-only file system >> > . >> > igb0: link state changed to DOWN >> > Setting hostname: IpGw.Denninger.Net. >> > ELF ldconfig path: /lib /usr/lib /usr/local/lib /usr/local/lib/ipsec /usr/local/ >> > lib/perl5/5.36/mach/CORE >> > 32-bit compatibility ldconfig path: /usr/lib32 /usr/lib32 >> > lo0: link state changed to UP >> > igb1: link state changed to DOWN >> > Starting Network: lo0 igb0 igb1 enc0. >> > igb0: link state changed to UP >> >> This all looks fine. >> >> > Which would be ok EXCEPT all I get is an IPv4 address and its not >> > repeatable either -- which it IS using DHCP provided by the system (that >> > is, I RARELY get a different one -- with dhcpcd I ALWAYS get a different >> > one. I'd prefer not to; obviously if I must then I must, but it appears >> > dhcpcd is not maintaining any sort of requested ID and thus even if the >> > server CAN give me the same IP, it doesn't.) >> > >> > But more troubling I don't get an IPv6 at all. The reason appears to be >> > that the default route doesn't get populated off the other end, and I >> > note that "ACCEPT_RTADV" is NOT there -- and neither is >> > "AUTO_LINKLOCAL". If I stop it from /usr/local/etc/rc.d with "dhcpcd >> > stop" and then "dhcpcd start" I *do* get the IPv6 delegation. >> > >> > Gotta put it back on the other setup for now, but any ideas would be >> > helpful - I can't take the connection offline for the next couple of >> > days, but can work on it over the weekend. >> >> So if dhcpcd handles IPv6 RS in any way for form on any interface then it >> will disable the kernel handling it. This is what you are seeing. >> You should also disable rtsold. >> On the other hand, you can leave the kernel handling everything RS by adding >> noipv6rs >> at the top of /etc/dhcpcd.conf >> >> Is it possible you are using both? >> Note that DHCPv6 will not set any default route, that's purely in the domain of RS. >> >> Roy > > This is what is typically in /etc/rc.conf: > > # > # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg" > # from the root directory as everything in these areas is in fact on a > ramdisk! > # > > hostname="IpGw.Denninger.Net" > > #dhcpcd_enable="YES" > > # Get a primary IPv4 address on the first (near serial port) ethernet port > # > #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal" > ifconfig_igb0="DHCP -vlanhwtso -tso -lro" > #ifconfig_igb0="DHCP -tso -lro" > > # > # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED > # to suit your configuration requirements!  Also, if you change this you > # must look in the dhcp configuation file and change THAT since this > is the > # network's DHCP server. > # > #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso > -lro -vlanhwcsum -txcsum6" > ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso > -lro -vlanhwcsum" > ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0" > # > # VLAN for secure subnet; if there are VLANs on the inside, define > them here. > # > vlans_igb1="3 4" > ifconfig_igb1_3="inet 192.168.4.200/24" > #vlans_igb1="4" > ifconfig_igb1_4="inet6 -ifdisabled" > > # If you are turning on IPv6 then you MUST set both these lines AND > look in > # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and > # assignments for local prefix length.  Note that we only accept > routing info > # on the WAN interface, NEVER on the internal one. > # > ipv6_cpe_wanif="igb0" > ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv" > ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv" > > #ipv6_activate_all_interfaces="yes" > # > # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to > # distribute IPv6 > # > rtadvd_enable="Yes" > rtadvd_interfaces="igb1 igb1.4" > > # > # Dhcp6c client (get IPv6 addresses; note that > /usr/local/etc/dhcp6c.conf must > # also be edited or this will NOT work!) > # > dhcp6c_enable="Yes" > dhcp6c_interfaces="igb0" > > # > # Enable gateway functionality for both IPv4 and IPv6 > # > gateway_enable="YES" > ipv6_gateway_enable="YES" > > .... (then other stuff) > > When attempting to use dhcpcd I change the file to: > > # > # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg" > # from the root directory as everything in these areas is in fact on a > ramdisk! > # > > hostname="IpGw.Denninger.Net" > > dhcpcd_enable="YES" > > # Get a primary IPv4 address on the first (near serial port) ethernet port > # > #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal" > #ifconfig_igb0="DHCP -vlanhwtso -tso -lro" > #ifconfig_igb0="DHCP -tso -lro" > > # > # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED > # to suit your configuration requirements!  Also, if you change this you > # must look in the dhcp configuation file and change THAT since this > is the > # network's DHCP server. > # > #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso > -lro -vlanh > wcsum -txcsum6" > ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso > -lro -vlanhw > csum" > ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0" > # > # VLAN for secure subnet; if there are VLANs on the inside, define > them here. > # > vlans_igb1="3 4" > ifconfig_igb1_3="inet 192.168.4.200/24" > #vlans_igb1="4" > ifconfig_igb1_4="inet6 -ifdisabled" > > # If you are turning on IPv6 then you MUST set both these lines AND > look in > # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and > # assignments for local prefix length.  Note that we only accept > routing info > # on the WAN interface, NEVER on the internal one. > # > ipv6_cpe_wanif="igb0" > ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv" > ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv" > > #ipv6_activate_all_interfaces="yes" > # > # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to > # distribute IPv6 > # > rtadvd_enable="Yes" > rtadvd_interfaces="igb1 igb1.4" > > # > # Dhcp6c client (get IPv6 addresses; note that > /usr/local/etc/dhcp6c.conf must > # also be edited or this will NOT work!) > # > #dhcp6c_enable="Yes" > #dhcp6c_interfaces="igb0" > > # > # Enable gateway functionality for both IPv4 and IPv6 > # > gateway_enable="YES" > ipv6_gateway_enable="YES" > > ..... > > And in /usr/local/etc/dhcpcd.conf I have changed "duid" to "clientid" > which appears to get a repeatable IPv4 IF the host will give me one > (duid ALWAYS results in a different pool address on each boot/run): > > > # A sample configuration for dhcpcd. > # See dhcpcd.conf(5) for details. > > # Allow users of this group to interact with dhcpcd via the control > socket. > #controlgroup wheel > > # Inform the DHCP server of our hostname for DDNS. > #hostname > > # Use the hardware address of the interface for the Client ID. > clientid > # or > # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per > RFC4361. > # Some non-RFC compliant DHCP servers do not reply with this set. > # In this case, comment out duid and enable clientid above. > #duid > > # Persist interface configuration when dhcpcd exits. > persistent > > # vendorclassid is set to blank to avoid sending the default of > # dhcpcd-::: > vendorclassid > > # A list of options to request from the DHCP server. > option domain_name_servers, domain_name, domain_search > option classless_static_routes > # Respect the network MTU. This is applied to DHCP routes. > option interface_mtu > > # Request a hostname from the network > #option host_name > > # Most distributions have NTP support. > #option ntp_servers > > # Rapid commit support. > # Safe to enable by default because it requires the equivalent option set > # on the server to actually work. > option rapid_commit > > # A ServerID is required by RFC2131. > require dhcp_server_identifier > > # Generate SLAAC address using the Hardware Address of the interface > #slaac hwaddr > # OR generate Stable Private IPv6 Addresses based from the DUID > #slaac private > > > allowinterfaces igb0 > > #ipv6only > #ipv4only > > # > # Do not run these hooks; DO run the DDNS one in exit-hooks > # > nohook resolv.conf hostname ntp.conf > > # Do not allow router solicits on anywhere EXCEPT the external > # > noipv6rs > > interface igb0 >         ipv6rs >         ia_na 1 >         ia_pd 1/::/56 igb1/0/64 igb1.4/1/64 > > ------------------------ > > I do not want the resolv.conf, hostname or ntp.conf hooks run as this > is a gateway and those are in fact fixed (unbound is running on it > with a local zone, for one thing) and I have an exit hook script that > pokes a few things (and appears to be working) > > I turned off "ipv6rs" for every other interface than the one declared > and then turned it on for igb0 (the external interface); is that > incorrect? > > This machine IS the gateway so it does need to run rtadvd for the > internal interfaces; rtsold is not enabled on this machine at all.  It > has to get the default route for IPv6 from the upstream.  I do not > want dhcpcd to tamper with anything other than igb0 -- other than > delegating /64 v6 prefixes, which it is doing with the above. > > But when I boot it with this rather than dhcp6c I do not get an IPv6 > delegation and do get an IPv4 on a cold start.  If I do a > "/usr/local/etc/rc.d/dhcpcd restart" then IPv4 is left alone and IPv6 > populates.  Looking at igb0 the ipv6 flags other than PERFORMNUD are > off; when I using dhcp6c what I have it this: > > igb0: flags=1008843 > metric 0 mtu 1500 > options=4e120bb >         ether 00:0d:b9:46:71:88 >         inet 71.15.252.132 netmask 0xfffffc00 broadcast 255.255.255.255 >         inet6 fe80::20d:b9ff:fe46:7188%igb0 prefixlen 64 scopeid 0x1 >         inet6 2600:6c5d:7009:600:896:206c:deea:394 prefixlen 128 > pltime 604800 vltime 604800 >         media: Ethernet autoselect (1000baseT ) >         status: active >         nd6 options=23 > > Thus I am accepting routing from the upstream and I also have > auto_linklocal.  Both those flags are missing when I boot using > dhcpcd.  In addition there is no default route on boot on igb0 -- but > again, if I re-run it then there is and the prefix gets assigned and > distributed. > > Here's what the routing table for ipv6 on the gateway looks like when > dhcp6c is being used: > > Internet6: > Destination Gateway                       Flags     Netif Expire > ::/96 link#4                        URS         lo0 > default fe80::201:5cff:fe70:7c46%igb0 UG         igb0 > ::1 link#4                        UHS         lo0 > ::ffff:0.0.0.0/96 link#4                        URS         lo0 > 2600:6c5d:5d00:ae00::/64 link#2                        U          igb1 > 2600:6c5d:5d00:ae00:20d:b9ff:fe46:7189 link#4                   > UHS         lo0 > 2600:6c5d:5d00:ae01::/64 link#6                        U        igb1.4 > 2600:6c5d:5d00:ae01:20d:b9ff:fe46:7189 link#4                   > UHS         lo0 > 2600:6c5d:7009:600:896:206c:deea:394 link#4                     > UHS         lo0 > fe80::%lo0/10 link#4                        URS         lo0 > fe80::%igb0/64 link#1                        U          igb0 > fe80::20d:b9ff:fe46:7188%lo0 link#4                        UHS         lo0 > fe80::%igb1/64 link#2                        U          igb1 > fe80::20d:b9ff:fe46:7189%lo0 link#4                        UHS         lo0 > fe80::%lo0/64 link#4                        U           lo0 > fe80::1%lo0 link#4                        UHS         lo0 > fe80::%igb1.4/64 link#6                        U        igb1.4 > fe80::20d:b9ff:fe46:7189%lo0 link#4                        UHS         lo0 > ff02::/16 link#4                        URS         lo0 > > I can play with this more over the weekend. > > Given that the box is a gateway rather than an endpoint if that > changes things please advise.  All the stuff on the local network, > once I have the prefix, picks up addresses via SLACC and that is > working fine (I don't need dhcpcd on the FreeBSD machines behind the > gateway as they have fixed addresses for IPv4 and SLACC has been > working well for them.) > More on this..... If I boot with the above as noted I get no IPv6 address. However, if I sign into the box on the inside address and do "ifconfig igb0 down..... ifconfig igb0 up" (no need to stop/restart dhcpcd itself) then the system DOES get an IPv6 prefix. But it doesn't on boot, which I don't understand. Ideas for further troubleshooting?  It appears something is coming up in the wrong order and precluding getting the IPv6 address. -- Karl Denninger karl@denninger.net /The Market Ticker/ /[S/MIME encrypted email preferred]/ --------------KRlzcMo49e03TW159gVFw1tj Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit


On 7/31/2024 08:00, Karl Denninger wrote:
On 7/31/2024 07:10, Roy Marples wrote:
Roy Marples


 ---- On Wed, 31 Jul 2024 03:38:46 +0100  Karl Denninger  wrote --- 
 >     Starting dhcpcd.
 >       dhcpcd-10.0.8 starting
 >       igb0: link state changed to UP
 >       igb1: link state changed to UP
 >       no interfaces have a carrier
 >       Additional TCP/IP options: IPv6 CPE WANIF=igb0.
 >       Setting up harvesting:      [CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHE
 >       R],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
 >       Feeding entropy: dd: /boot/entropy: Read-only file system
 >       .
 >       igb0: link state changed to DOWN
 >       Setting hostname: IpGw.Denninger.Net.
 >       ELF ldconfig path: /lib /usr/lib /usr/local/lib      /usr/local/lib/ipsec /usr/local/
 >       lib/perl5/5.36/mach/CORE
 >       32-bit compatibility ldconfig path: /usr/lib32 /usr/lib32
 >       lo0: link state changed to UP
 >       igb1: link state changed to DOWN
 >       Starting Network: lo0 igb0 igb1 enc0.
 >       igb0: link state changed to UP

This all looks fine.

 > Which would be ok EXCEPT all I get is an IPv4 address and its not 
 > repeatable either -- which it IS using DHCP provided by the system (that 
 > is, I RARELY get a different one -- with dhcpcd I ALWAYS get a different 
 > one.  I'd prefer not to; obviously if I must then I must, but it appears 
 > dhcpcd is not maintaining any sort of requested ID and thus even if the 
 > server CAN give me the same IP, it doesn't.)
 >
 > But more troubling I don't get an IPv6 at all.  The reason appears to be 
 > that the default route doesn't get populated off the other end, and I 
 > note that "ACCEPT_RTADV" is NOT there -- and neither is 
 > "AUTO_LINKLOCAL".  If I stop it from /usr/local/etc/rc.d with "dhcpcd 
 > stop" and then "dhcpcd start" I *do* get the IPv6 delegation.
 >
 > Gotta put it back on the other setup for now, but any ideas would be 
 > helpful - I can't take the connection offline for the next couple of 
 > days, but can work on it over the weekend.

So if dhcpcd handles IPv6 RS in any way for form on any interface then it
will disable the kernel handling it. This is what you are seeing.
You should also disable rtsold.
On the other hand, you can leave the kernel handling everything RS by adding
noipv6rs
at the top of /etc/dhcpcd.conf

Is it possible you are using both?
Note that DHCPv6 will not set any default route, that's purely in the domain of RS.

Roy

This is what is typically in /etc/rc.conf:

#
# If you change anything in /etc or /usr/local/etc you MUST run "save_cfg"
# from the root directory as everything in these areas is in fact on a ramdisk!
#

hostname="IpGw.Denninger.Net"

#dhcpcd_enable="YES"

# Get a primary IPv4 address on the first (near serial port) ethernet port
#
#ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal"
ifconfig_igb0="DHCP -vlanhwtso -tso -lro"
#ifconfig_igb0="DHCP -tso -lro"

#
# Now configure up the internal interface; THIS WILL NEED TO BE CHANGED
# to suit your configuration requirements!  Also, if you change this you
# must look in the dhcp configuation file and change THAT since this is the
# network's DHCP server.
#
#ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso -lro -vlanhwcsum -txcsum6"
ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso -lro -vlanhwcsum"
ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0"
#
# VLAN for secure subnet; if there are VLANs on the inside, define them here.
#
vlans_igb1="3 4"
ifconfig_igb1_3="inet 192.168.4.200/24"
#vlans_igb1="4"
ifconfig_igb1_4="inet6 -ifdisabled"

# If you are turning on IPv6 then you MUST set both these lines AND look in
# /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and
# assignments for local prefix length.  Note that we only accept routing info
# on the WAN interface, NEVER on the internal one.
#
ipv6_cpe_wanif="igb0"
ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"
ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"

#ipv6_activate_all_interfaces="yes"
#
# Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
# distribute IPv6
#
rtadvd_enable="Yes"
rtadvd_interfaces="igb1 igb1.4"

#
# Dhcp6c client (get IPv6 addresses; note that /usr/local/etc/dhcp6c.conf must
# also be edited or this will NOT work!)
#
dhcp6c_enable="Yes"
dhcp6c_interfaces="igb0"

#
# Enable gateway functionality for both IPv4 and IPv6
#
gateway_enable="YES"
ipv6_gateway_enable="YES"

.... (then other stuff)

When attempting to use dhcpcd I change the file to:

#
# If you change anything in /etc or /usr/local/etc you MUST run "save_cfg"
# from the root directory as everything in these areas is in fact on a ramdisk!
#

hostname="IpGw.Denninger.Net"

dhcpcd_enable="YES"

# Get a primary IPv4 address on the first (near serial port) ethernet port
#
#ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal"
#ifconfig_igb0="DHCP -vlanhwtso -tso -lro"
#ifconfig_igb0="DHCP -tso -lro"

#
# Now configure up the internal interface; THIS WILL NEED TO BE CHANGED
# to suit your configuration requirements!  Also, if you change this you
# must look in the dhcp configuation file and change THAT since this is the
# network's DHCP server.
#
#ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso -lro -vlanh
wcsum -txcsum6"
ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso -lro -vlanhw
csum"
ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0"
#
# VLAN for secure subnet; if there are VLANs on the inside, define them here.
#
vlans_igb1="3 4"
ifconfig_igb1_3="inet 192.168.4.200/24"
#vlans_igb1="4"
ifconfig_igb1_4="inet6 -ifdisabled"

# If you are turning on IPv6 then you MUST set both these lines AND look in
# /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and
# assignments for local prefix length.  Note that we only accept routing info
# on the WAN interface, NEVER on the internal one.
#
ipv6_cpe_wanif="igb0"
ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"
ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"

#ipv6_activate_all_interfaces="yes"
#
# Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
# distribute IPv6
#
rtadvd_enable="Yes"
rtadvd_interfaces="igb1 igb1.4"

#
# Dhcp6c client (get IPv6 addresses; note that /usr/local/etc/dhcp6c.conf must
# also be edited or this will NOT work!)
#
#dhcp6c_enable="Yes"
#dhcp6c_interfaces="igb0"

#
# Enable gateway functionality for both IPv4 and IPv6
#
gateway_enable="YES"
ipv6_gateway_enable="YES"

.....

And in /usr/local/etc/dhcpcd.conf I have changed "duid" to "clientid" which appears to get a repeatable IPv4 IF the host will give me one (duid ALWAYS results in a different pool address on each boot/run):


# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
#hostname

# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
#duid

# Persist interface configuration when dhcpcd exits.
persistent

# vendorclassid is set to blank to avoid sending the default of
# dhcpcd-<version>:<os>:<machine>:<platform>
vendorclassid

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# Request a hostname from the network
#option host_name

# Most distributions have NTP support.
#option ntp_servers

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
#slaac private


allowinterfaces igb0

#ipv6only
#ipv4only

#
# Do not run these hooks; DO run the DDNS one in exit-hooks
#
nohook resolv.conf hostname ntp.conf

# Do not allow router solicits on anywhere EXCEPT the external
#
noipv6rs

interface igb0
        ipv6rs
        ia_na 1
        ia_pd 1/::/56 igb1/0/64 igb1.4/1/64

------------------------

I do not want the resolv.conf, hostname or ntp.conf hooks run as this is a gateway and those are in fact fixed (unbound is running on it with a local zone, for one thing) and I have an exit hook script that pokes a few things (and appears to be working)

I turned off "ipv6rs" for every other interface than the one declared and then turned it on for igb0 (the external interface); is that incorrect?

This machine IS the gateway so it does need to run rtadvd for the internal interfaces; rtsold is not enabled on this machine at all.  It has to get the default route for IPv6 from the upstream.  I do not want dhcpcd to tamper with anything other than igb0 -- other than delegating /64 v6 prefixes, which it is doing with the above.

But when I boot it with this rather than dhcp6c I do not get an IPv6 delegation and do get an IPv4 on a cold start.  If I do a "/usr/local/etc/rc.d/dhcpcd restart" then IPv4 is left alone and IPv6 populates.  Looking at igb0 the ipv6 flags other than PERFORMNUD are off; when I using dhcp6c what I have it this:

igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=4e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 00:0d:b9:46:71:88
        inet 71.15.252.132 netmask 0xfffffc00 broadcast 255.255.255.255
        inet6 fe80::20d:b9ff:fe46:7188%igb0 prefixlen 64 scopeid 0x1
        inet6 2600:6c5d:7009:600:896:206c:deea:394 prefixlen 128 pltime 604800 vltime 604800
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

Thus I am accepting routing from the upstream and I also have auto_linklocal.  Both those flags are missing when I boot using dhcpcd.  In addition there is no default route on boot on igb0 -- but again, if I re-run it then there is and the prefix gets assigned and distributed.

Here's what the routing table for ipv6 on the gateway looks like when dhcp6c is being used:

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             link#4                        URS         lo0
default                           fe80::201:5cff:fe70:7c46%igb0 UG         igb0
::1                               link#4                        UHS         lo0
::ffff:0.0.0.0/96                 link#4                        URS         lo0
2600:6c5d:5d00:ae00::/64          link#2                        U          igb1
2600:6c5d:5d00:ae00:20d:b9ff:fe46:7189 link#4                   UHS         lo0
2600:6c5d:5d00:ae01::/64          link#6                        U        igb1.4
2600:6c5d:5d00:ae01:20d:b9ff:fe46:7189 link#4                   UHS         lo0
2600:6c5d:7009:600:896:206c:deea:394 link#4                     UHS         lo0
fe80::%lo0/10                     link#4                        URS         lo0
fe80::%igb0/64                    link#1                        U          igb0
fe80::20d:b9ff:fe46:7188%lo0      link#4                        UHS         lo0
fe80::%igb1/64                    link#2                        U          igb1
fe80::20d:b9ff:fe46:7189%lo0      link#4                        UHS         lo0
fe80::%lo0/64                     link#4                        U           lo0
fe80::1%lo0                       link#4                        UHS         lo0
fe80::%igb1.4/64                  link#6                        U        igb1.4
fe80::20d:b9ff:fe46:7189%lo0      link#4                        UHS         lo0
ff02::/16                         link#4                        URS         lo0

I can play with this more over the weekend.

Given that the box is a gateway rather than an endpoint if that changes things please advise.  All the stuff on the local network, once I have the prefix, picks up addresses via SLACC and that is working fine (I don't need dhcpcd on the FreeBSD machines behind the gateway as they have fixed addresses for IPv4 and SLACC has been working well for them.)

More on this.....

If I boot with the above as noted I get no IPv6 address.  However, if I sign into the box on the inside address and do "ifconfig igb0 down..... ifconfig igb0 up" (no need to stop/restart dhcpcd itself) then the system DOES get an IPv6 prefix.

But it doesn't on boot, which I don't understand.

Ideas for further troubleshooting?  It appears something is coming up in the wrong order and precluding getting the IPv6 address.

--
Karl Denninger
karl@denninger.net
The Market Ticker
[S/MIME encrypted email preferred]
--------------KRlzcMo49e03TW159gVFw1tj-- --------------RWgd4YUsogOfDIuUM4b6i6yW-- --------------aOW0sQzSHoJuaOntZQ6QerXy Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEvWWSxnGhSYSUSaCtby3AFeuPWXgFAmatWC0FAwAAAAAACgkQby3AFeuPWXgU Lg/9HFegurd3V5hOZ6J8Eop0QcGyr7woA6GtdqsdQABdKo035y/j/We3iNpqZ/hs8DpaCPR240RI F8FR/Pw/MA9UBI+aluu0FCu4B4nWoCncl2yNSuQdErHRr4NNb5BkkbTwIzmWiUqPO4Cix5KUn5hR DR7Xq8kpngnAnn2zhwKrjrNo5AYJXO8PMZKDxKjzxDc0bh003WavGYEcH0A6QEQHcJwxwsbgk7l4 kTLrM18hY7KFIlX7NmVTJog80M64/OAR2vTO3Z7P58lZPe5Y4AOvoAGfXV9Og3i/zJPBtTJSzT5R oVhX45kMVUXd+X/cFJJGwAw87gUkeGxQVWHLacakDie/ZVFfDmfU0/zc6YJ5dG+3rKMxJlrJemTl oiDXrUI49oH/woSinjymvg+NhxM/f1d9F4MmFXoP0zmFgQ0OI8Xt0JutGDu1wLGrZrRtBcH6CL1m bM9qAijok+pYJNIoFIFZ2DMb3e3NFxCAiSYIJZg5tbSP9N4NQqyVO6WtS0tvXzvZzJh6Jq/gq/q/ 4ZIMqB8Rxrwa/6qPBKYwOFByXLnJxmtj6pdiZVFFI5No87J+FI3MspAxMcN/S6L451LLmDqT4vst BQ7uK0n4O50AMNkJjjwWTF7wX66Fpw8iWbIELuW2Ve23xdk3/a06VxoLw+ssq3pubo/+EDmMENlj GKA= =mu3I -----END PGP SIGNATURE----- --------------aOW0sQzSHoJuaOntZQ6QerXy--