link-local needed w/static IP and gateway?

Charles Sprickman spork at bway.net
Thu Jun 16 07:12:15 UTC 2011 

Hiroki Sato wrote:
> Charles Sprickman <spork at bway.net> wrote
>   in <4DF9970D.5000505 at bway.net>:
> 
> sp> -Edit rc.conf to include your IPv6 IP(s) and default route, specify
> sp> which interfaces will run IPv6, and enable IPv6:
> sp>
> sp> ipv6_enable="YES"
> sp> ipv6_network_interfaces="lo0 bce1"
> sp> ipv6_defaultrouter="2001:xxx:xxxx::1"
> sp> ipv6_ifconfig_bce1="2001:xxx:xxxx:1::23/48"
> sp>
> sp> -Use sysctl to enable link-local addresses:
> sp>
> sp> # sysctl -w net.inet6.ip6.auto_linklocal=1
> 
>  This is not needed when ipv6_enable="YES".

Correct, unless you have not rebooted.  It would be nice to have a hook
to enabling that in the ipv6 rc.d script though.

> sp> -Bounce the interface, which seems to kick something that triggers the
> sp> kernel to setup link-local addresses:
> sp>
> sp> # ifconfig bce1 down up
> sp> (that's literal - you don't need to down/up it in two commands)
> 
>  Ditto.

Correct.  Unless you haven't rebooted...

> sp> -Run the ipv6 rc.d script:
> sp>
> sp> # /etc/rc.d/network_ipv6 start
> 
>  I do not recommend to use the rc.d/network_ipv6 script for manual
>  configuration because it often ends up an incomplete configuration as
>  you experienced.  Rebooting the system would be better.  The
>  rc.d/netif script on 9.X works well for that purpose without a
>  reboot, though.

OK.  I think there are a fair number of environments (ie: server) where
rebooting for an IP change wouldn't be acceptable.  So I would like to
make sure that my manual method is close enough that I can share info
without leading others down the wrong path.  Good to hear this will be
easier in 9.x.

> sp> I'm still fuzzy on the explanation, but the default route does not seem
> sp> to stick to the external interface until the link-local address comes
> sp> up, even though the host has learned the L2 address of the default gateway.
> 
>  On IPv6 router, MLD works only when at least one LLA is configured on
>  all of the interfaces.  In short, ND will completely be broken on a
>  router with a GUA and no LLA.
>
>  LLA is a MUST for every IPv6-speaking interface, not for automatic
>  router discovery only.  This is because ICMPv6 heavily depends on it.
>  Without LLA some unexpected and/or inconsistent behaviors can happen,
>  especially on a router as you experienced.

I'm puzzled by why hosts with static IPv6 IPs could communicate with
each other.  I noticed in some of my netstat output that even though the
ff02 multicast network was in the table, it was only bound to the
loopback.  However I still logged multicast to/from the box.  One of the
RFCs also noted that multicast is limited in scope to the link-local
address, so in theory, not even the host to host ND should have worked.
 I guess that's what threw me.

>  I would not recommend you to try to understand what will happen
>  without LLA because it is quite complex and just ends up various kind
>  of inconsistent behaviors.  For why LLA is needed, the primary
>  documents are RFC 3810, 4007, 4291, 4861, and 4884.

I knew I'd eventually have to read RFCs. :)

I totally agree with you, and what I've been reading elsewhere suggests
that ND really shouldn't work without a link-local interface enabled.  I
have to assume that the multicast traffic somehow still making its way
onto the wire.  Not sure if that's a bug or a feature or a quirk of how
what's a L3 protocol (icmp6 multicast) gets mapped to L2.

Thanks,

Charles

> -- Hiroki

More information about the freebsd-net mailing list