From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 11:59:38 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CAAB4870; Wed, 27 Aug 2014 11:59:38 +0000 (UTC) Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5333F3714; Wed, 27 Aug 2014 11:59:37 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id B80EA25D3871; Wed, 27 Aug 2014 11:59:27 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id DD0C5C7705D; Wed, 27 Aug 2014 11:59:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id mMY4iXjLyqCZ; Wed, 27 Aug 2014 11:59:24 +0000 (UTC) Received: from [IPv6:fde9:577b:c1a9:4420:cabc:c8ff:fe8b:4fe6] (orange-tun0-ula.sbone.de [IPv6:fde9:577b:c1a9:4420:cabc:c8ff:fe8b:4fe6]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 97688C7705C; Wed, 27 Aug 2014 11:59:23 +0000 (UTC) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: Should I be using ipv6_activate_all_interfaces or ip6addrctl_policy="ipv6_prefer" From: "Bjoern A. Zeeb" In-Reply-To: <53FD7B34.1050408@jonathanprice.org> Date: Wed, 27 Aug 2014 11:59:25 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <2D16BCE4-5E5A-4C06-8927-76953DDEC348@lists.zabbadoz.net> References: <88a42e1006e3fac7508a9419e342f1b2@mail.jonathanprice.org> <2173103.SJdXL7NPLT@overcee.wemm.org> <53FD7B34.1050408@jonathanprice.org> To: Jonathan Price X-Mailer: Apple Mail (2.1878.6) Cc: FreeBSD Net , Hiroki Sato X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2014 11:59:39 -0000 On 27 Aug 2014, at 06:31 , Jonathan Price = wrote: > On 2014-08-27 01:40, Peter Wemm wrote: >> On Tuesday 26 August 2014 10:40:27 freebsd@jonathanprice.org wrote: >>> Hello, >>>=20 >>> I am configuring a server with IPv4 and IPv6 addresses and have = noticed that >>> FreeBSD seems to be preferring IPv4, such as when establishing SSH >>> connections. >>>=20 >>> After reading through /etc/defaults/rc.conf, and later = /etc/rc.d/ip6addrctl >>> I have come to the conclusion that I have two ways to tell FreeBSD = to >>> prefer IPv6: >>>=20 >>> 1) Add ipv6_activate_all_interfaces to /etc/rc.conf >>> 2) Add ip6addrctl_policy=3D"ipv6_prefer" to /etc/rc.conf >>>=20 >>> Could anybody with a little more knowledge on the matter explain to = me which >>> of the two options is more preferential? >>=20 >> They both do different things. >>=20 >> The activate knob is to enable ipv6 on an interface. To oversimplify = it, if >> you configure an address on an interface, it is "enabled". However, = this >> switch enables this on all the rest of the interfaces, even the ones = you >> didn't configure. >>=20 >> ip6addrctl* affects things like hostname lookups to sort the = addresses returned >> to the caller. >>=20 >> They are different things entirely. I think you are expecting the = behavior >> that ip6_prefer policy gives you. That's what we use in the = freebsd.org >> cluster to have it use ipv6 where possible. >>=20 >=20 > Hi, and thanks for the response. >=20 > Would it be possible to go into a little detail as to what = ipv6_activate_all_interfaces=3D"YES" does to interfaces which don't = explicitly have an address configured? I can=92t appear to find much = information on this option. man rc.conf has a description (which I should probably read myself;-) in case that = gets you a bit further. I think it=92s a =93backward compat helper=94 = to the old ipv6_enable=3D=93YES=94 switch which existed before we could = enable IPv6 on a per-interface base. > However, it does sound like for my purposes it would make more sense = to use ip6addrctl_policy=3D=93ipv6_prefer" as that is more explicitly = the feature I want, rather than getting it inadvertently through the = other knob. Yes. Definitively. I am not sure if it has happened but if IPv6 config = is configured through rc.conf that setting should be(come) default. Bjoern =97=20 Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983