Date: Tue, 23 Jul 2024 21:48:15 -0400 From: Karl Denninger <karl@denninger.net> To: freebsd-net@freebsd.org Subject: Re: DHCPv6 IA_PD - how-to Message-ID: <ed40dd43-3aa9-42ac-aff9-0d14c041379a@denninger.net> In-Reply-To: <190e09e6c1a.11450232913849.654798645277119294@marples.name> References: <CA0C0E7D-4956-4DB4-A274-D74C84A18529@distal.com> <190e09e6c1a.11450232913849.654798645277119294@marples.name>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------17tDUlZSFDGv7ZTp1B0GVA3K
Content-Type: multipart/mixed; boundary="------------O0oc3gjOxrPUJh6zwngxVD8y";
protected-headers="v1"
From: Karl Denninger <karl@denninger.net>
To: freebsd-net@freebsd.org
Message-ID: <ed40dd43-3aa9-42ac-aff9-0d14c041379a@denninger.net>
Subject: Re: DHCPv6 IA_PD - how-to
References: <CA0C0E7D-4956-4DB4-A274-D74C84A18529@distal.com>
<190e09e6c1a.11450232913849.654798645277119294@marples.name>
In-Reply-To: <190e09e6c1a.11450232913849.654798645277119294@marples.name>
--------------O0oc3gjOxrPUJh6zwngxVD8y
Content-Type: multipart/alternative;
boundary="------------LSnjR3BFpDhCtLaqkIZB0HBW"
--------------LSnjR3BFpDhCtLaqkIZB0HBW
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
T24gNy8yMy8yMDI0IDEzOjIzLCBSb3kgTWFycGxlcyB3cm90ZToNCj4gSGkNCj4NCj4gLS0t
LSBPbiBUdWUsIDIzIEp1bCAyMDI0IDE4OjExOjE4ICswMTAwY3Jvc3MrZnJlZWJzZEBkaXN0
YWwuY29tICB3cm90ZSAtLS0tDQo+DQo+DQo+PiB0bDtkcjsgYW55b25lIGhhdmUgYSBnb29k
IElQdjYgbmV0d29yayBzZXR1cCBiYXNlZCBvbiBhbiBJQV9QRCBmcm9tDQo+PiB0aGVpciBw
cm92aWRlcj8gQW55IGRldGFpbHMgb3IgYWR2aWNlIHRvIHNoYXJlPw0KPj4NCj4+IFRoZSBj
dXJyZW50IHJvdXRlciBpcyB4ODZfNjQgRnJlZUJTRCAxMS54LCBidXQgSeKAmW0gYnVpbGRp
bmcgdGhlIEZyZWVCU0QNCj4+IDE0LjEgc3lzdGVtIHRvIHJlcGxhY2UgaXQgbm93LiBXaGF0
IHRvIGluc3RhbGwgb24gaXQgZm9yIHRoaXMgaXMgYSBwZW5kaW5nDQo+PiBxdWVzdGlvbi4N
Cj4+DQo+PiBIZWxsbyBhbGwuIEkgaGF2ZSBiZWVuIHJ1bm5pbmcgYSBGcmVlQlNEIHJvdXRl
ciBmb3IgeWVhcnMgYW5kIHllYXJzLiBJIGhhdmUNCj4+IHRoaXMgeWVhciBiZWVuIHRyeWlu
ZyB0byBmaWd1cmUgb3V0IGhvdyB0byB1c2UgYW4gSVB2NiBhbGxvY2F0aW9uIGZyb20gbXkN
Cj4+IHByb3ZpZGVyIChWZXJpem9uIEZpT1MpLiBUaGV5IGFyZSB1c2luZyB0aGUgUEQgZmVh
dHVyZSBvZiBESENQdjYgdG8gZ2l2ZQ0KPj4gYSBkZWxlZ2F0aW9uLCBhbmQgbm90IGdpdmVu
IGFuIGFkZHJlc3MgKE5BKSB3aGVuIGFza2VkLg0KPj4NCj4+IFRoZXJlIGFyZSwgdW5mb3J0
dW5hdGVseSwgX21hbnlfIHByb2dyYW1zIHRoYXQgY2FuIGhlbHAgbWUgd2l0aCB0aGlzLA0K
Pj4gYW5kIGdvb2dsZSB5aWVsZGVkIG5vIGNsZWFyIGJlc3QtcGF0aC4gSSBoYXZlIG5vdCBi
ZWVuIGFibGUgdG8gZ2V0DQo+PiBJU0MgZGhjbGllbnQgdG8gd29yayBmb3IgbWUgc28gZmFy
LCBhbmQgSSBkaWQgZ2V0IGRoY3BjZCB3b3JraW5nLCBidXQNCj4+IG9ubHkgd2l0aCBjb21t
YW5kLWxpbmUgb3B0aW9ucyByYXRoZXIgdGhhbiBjb25maWcgZmlsZSwgYW5kIHRoYXQNCj4+
IGFwcGxpY2F0aW9uIGRvZXNu4oCZdCBoYXZlIHRoZSBzbWFydHMgdG8gY29uZmlndXJlIHRo
aW5ncyBiYXNlZCBvbg0KPj4gdGhlIFBELCBzbyBJ4oCZZCBoYXZlIHRvIGNvZGUgYWxsIG9m
IHRoYXQgbXlzZWxmLg0KPg0KPiBJJ20gdXBzdHJlYW0gZm9yIGRoY3BjZC4NCj4gQWxsIG9w
dGlvbnMgcmVsYXRlZCB0byBQRCBhcmUgY29uZmlndXJhYmxlIGluIHRoZSBkaGNwY2QuY29u
Zig1KSBjb25maWd1cmF0aW9uIGZpbGUuIFRoZXJlIGFyZSBhbHNvIHNvbWUgZXhhbXBsZXMu
DQo+DQo+DQo+IFdoYXQgYXJlIHlvdSBzdHJ1Z2dsaW5nIHdpdGggc3BlY2lmaWNhbGx5Pw0K
Pg0KPg0KPiBSb3kNCg0KSGkgUm95Ow0KDQpJJ2QgbGlrZSB0byByZXBsaWNhdGUgdGhpcyB0
aGF0IGlzIGN1cnJlbnRseSBiZWluZyBzZW50IHVwIHZpYSBkaGNwNmMsIA0Kd2hpY2ggaXMg
bm90IHF1aXRlLWNsZWFyIHRvIG1lIGZyb20gdGhlIGRvY3Mgb24gaG93IHRvIGRvIHRoYXQu
DQoNCiMNCiMgVGhpcyBjb25maWd1cmF0aW9uIHdpbGwgYXR0ZW1wdCB0byBnZXQgLzU2IG9y
IGEgLzYwIGZyb20gdGhlDQojIElTUCBhbmQgYXNzaWduIGEgLzY0IGludGVybmFsbHkuDQoj
IE5vdGUgdGhhdCBpZiB5b3UgaGF2ZSBhIC82MCB5b3UgY2FuIGhhdmUgZm91ciAvNjRzIGRl
ZmluZWQ7IGlmIHlvdSBoYXZlIGENCiMgLzU2IHRoZW4gb2J2aW91c2x5IHlvdSBjYW4gaGF2
ZSAxNiBpbnRlcm5hbCBuZXR3b3Jrcy7CoCBGb3IgbW9zdCAiaG91c2UiDQojIHNpemUgbmV0
d29ya3MgZm91ciBzZXBhcmF0ZSBkZWxpbmVhdGlvbnMgaXMgZW5vdWdoLCBmb3IgbW9zdCAi
bW9kZXJhdGUiDQojIHNpemVkIGNvcnBvcmF0ZSBlbnZpcm9ubWVudHMgMTYgaXMgZW5vdWdo
LsKgIEJFIEFXQVJFIFRIQVQgVEhFIFNMQS1MRU4gTVVTVA0KIyBNQVRDSCBUSEUgRElGRkVS
RU5DRSBCRVRXRUVOIFRIRSBMT0NBTCBQUkVGSVggQU5EIFRIRSBSRU1PVEUgT05FIcKgIElm
DQojIHlvdSBhc2sgZm9yIGEgLzU2IHRoZW4gc2xhLWxlbiBpcyA4LCBpZiB5b3UgYXNrIGZv
ciBhIC82MCB0aGVuIHRoZSBzbGEtbGVuDQojIGlzIDQgKGRpZmZlcmVuY2UgYmV0d2VlbiB0
aGUgcmVxdWVzdGVkIHByZWZpeCBsZW5ndGggYW5kIDY0LCANCnJlc3BlY3RpdmVseS4pDQoj
DQoNCmludGVyZmFjZSBpZ2IwIHsNCiDCoMKgwqDCoCBzZW5kIGlhLXBkIDE7DQogwqDCoMKg
wqAgc2VuZCBpYS1uYSAxOw0KIMKgwqDCoMKgIHNlbmQgcmFwaWQtY29tbWl0Ow0KIMKgwqDC
oMKgIHNjcmlwdCAiL3Vzci9sb2NhbC9ldGMvZGhjcDZjLnNjcmlwdCI7DQp9Ow0KDQppZC1h
c3NvYyBuYSAxIHsNCg0KfTsNCg0KaWQtYXNzb2MgcGQgMSB7DQogwqAgcHJlZml4IDo6LzU2
IDE4MDA7DQoNCiDCoCBwcmVmaXgtaW50ZXJmYWNlIGlnYjEgew0KIMKgwqDCoCBzbGEtaWQg
MDsNCiDCoMKgwqAgc2xhLWxlbiA4Ow0KIMKgIH07DQoNCn07DQoNCmlnYjEgaXMgdGhlICJu
b3JtYWwiIGludGVybmFsIG5ldHdvcms7IGlnYjAgaXMgdGhlIGV4dGVybmFsIG9uZS4NCg0K
VGhlIElTUCBoYW5kcyBvdXQgLzU2cyAoYWx0aG91Z2ggYXQgb25lIHRpbWUgSSBjb3VsZCBj
aG9vc2UgZWl0aGVyIGEgLzU2IA0Kb3IgLzYwKTsgSSBoYXZlIHJvdXRpbmVzIGluIHRoZSBz
Y3JpcHQgZmlsZSB0aGF0IHRoZW4gZ2VuZXJhdGUgZHluYW1pYyANCnVwZGF0ZXMgZm9yIERO
UyBzbyB0aGUgZ2F0ZXdheSBoYXMgaXRzIHBvaW50ZXJzIHVwZGF0ZWQgaWYvd2hlbiB0aGUg
DQphZGRyZXNzIGNoYW5nZXMgKEkgcnVuIG15IG93biB6b25lcykNCg0KSXRzIG5vdCBlbnRp
cmVseS1jbGVhciBob3cgdG8gcmVwbGljYXRlIHRoYXQgaW4gdGhlIGNvbmZpZyBmaWxlIGZv
ciANCmRoY3BjZDsgSSBjYW4gZmlndXJlIG91dCB0aGUgc2NyaXB0IEknbSBzdXJlLCBidXQg
dGhlIGJhc2UgY29uZmlnIGlzIG5vdCANCmNsZWFyIHRvIG1lLg0KDQotLSANCkthcmwgRGVu
bmluZ2VyDQprYXJsQGRlbm5pbmdlci5uZXQNCi9UaGUgTWFya2V0IFRpY2tlci8NCi9bUy9N
SU1FIGVuY3J5cHRlZCBlbWFpbCBwcmVmZXJyZWRdLw0K
--------------LSnjR3BFpDhCtLaqkIZB0HBW
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
</head>
<body>
<div class=3D"moz-cite-prefix">On 7/23/2024 13:23, Roy Marples wrote:=
<br>
</div>
<blockquote type=3D"cite"
cite=3D"mid:190e09e6c1a.11450232913849.654798645277119294@marples.name">
<pre class=3D"moz-quote-pre" wrap=3D"">Hi
---- On Tue, 23 Jul 2024 18:11:18 +0100 <a class=3D"moz-txt-link-abbrevia=
ted" href=3D"mailto:cross+freebsd@distal.com">cross+freebsd@distal.com</a=
> wrote ----
</pre>
<blockquote type=3D"cite">
<pre class=3D"moz-quote-pre" wrap=3D"">tl;dr; anyone have a good =
IPv6 network setup based on an IA_PD from
their provider? Any details or advice to share?
The current router is x86_64 FreeBSD 11.x, but I=E2=80=99m building the F=
reeBSD
14.1 system to replace it now. What to install on it for this is a pendin=
g
question.
Hello all. I have been running a FreeBSD router for years and years. I ha=
ve
this year been trying to figure out how to use an IPv6 allocation from my=
provider (Verizon FiOS). They are using the PD feature of DHCPv6 to give
a delegation, and not given an address (NA) when asked.
There are, unfortunately, _many_ programs that can help me with this,
and google yielded no clear best-path. I have not been able to get
ISC dhclient to work for me so far, and I did get dhcpcd working, but
only with command-line options rather than config file, and that
application doesn=E2=80=99t have the smarts to configure things based on
the PD, so I=E2=80=99d have to code all of that myself.
</pre>
</blockquote>
<pre class=3D"moz-quote-pre" wrap=3D"">
I'm upstream for dhcpcd.
All options related to PD are configurable in the dhcpcd.conf(5) configur=
ation file. There are also some examples.
What are you struggling with specifically?
Roy
</pre>
</blockquote>
<p>Hi Roy;</p>
<p>I'd like to replicate this that is currently being sent up via
dhcp6c, which is not quite-clear to me from the docs on how to do
that.</p>
<p>#<br>
# This configuration will attempt to get /56 or a /60 from the<br>
# ISP and assign a /64 internally.<br>
# Note that if you have a /60 you can have four /64s defined; if
you have a<br>
# /56 then obviously you can have 16 internal networks.=C2=A0 For m=
ost
"house"<br>
# size networks four separate delineations is enough, for most
"moderate"<br>
# sized corporate environments 16 is enough.=C2=A0 BE AWARE THAT TH=
E
SLA-LEN MUST<br>
# MATCH THE DIFFERENCE BETWEEN THE LOCAL PREFIX AND THE REMOTE
ONE!=C2=A0 If<br>
# you ask for a /56 then sla-len is 8, if you ask for a /60 then
the sla-len<br>
# is 4 (difference between the requested prefix length and 64,
respectively.)<br>
#<br>
<br>
interface igb0 {<br>
=C2=A0=C2=A0=C2=A0=C2=A0 send ia-pd 1;<br>
=C2=A0=C2=A0=C2=A0=C2=A0 send ia-na 1;<br>
=C2=A0=C2=A0=C2=A0=C2=A0 send rapid-commit;<br>
=C2=A0=C2=A0=C2=A0=C2=A0 script "/usr/local/etc/dhcp6c.script";<br>=
};<br>
<br>
id-assoc na 1 {<br>
<br>
};<br>
<br>
id-assoc pd 1 {<br>
=C2=A0 prefix ::/56 1800;<br>
<br>
=C2=A0 prefix-interface igb1 {<br>
=C2=A0=C2=A0=C2=A0 sla-id 0;<br>
=C2=A0=C2=A0=C2=A0 sla-len 8;<br>
=C2=A0 };<br>
=C2=A0 <br>
};<br>
</p>
<p>igb1 is the "normal" internal network; igb0 is the external one.</=
p>
<p>The ISP hands out /56s (although at one time I could choose
either a /56 or /60); I have routines in the script file that then
generate dynamic updates for DNS so the gateway has its pointers
updated if/when the address changes (I run my own zones)<br>
</p>
<p><span style=3D"white-space: pre-wrap">Its not entirely-clear how t=
o replicate that in the config file for dhcpcd; I can figure out the scri=
pt I'm sure, but the base config is not clear to me.
</span></p>
<div class=3D"moz-signature">-- <br>
Karl Denninger<br>
<a href=3D"mailto:karl@denninger.net" class=3D"moz-txt-link-freetex=
t">karl@denninger.net</a><br>
<i>The Market Ticker</i><br>
<font size=3D"-2"><i>[S/MIME encrypted email preferred]</i></font><=
/div>
</body>
</html>
--------------LSnjR3BFpDhCtLaqkIZB0HBW--
--------------O0oc3gjOxrPUJh6zwngxVD8y--
--------------17tDUlZSFDGv7ZTp1B0GVA3K
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEvWWSxnGhSYSUSaCtby3AFeuPWXgFAmagXV8FAwAAAAAACgkQby3AFeuPWXiI
4g/7BPUWbJE9LYVSakVRQlQLRFBQwyT+q/cChgta8haXkuJKCfFFCH0OrUPRzgYqvU5IhqvVowiY
fLnlP0ppZ93xaGxGx/ym9aQrrFXLCAjQIyiOqcVg5Sp6UEgYdH5nRpmL5vhnvQ+Ij4FFwA9a/ROf
sIj4WY95Ya691afY/kQjapH1DIwWWNFSo/kYuCD+uUYQN1HCG4OIaDCy7ZUGS1Vs1M47Qf0uhJiM
bDQV1vTwabmVVYaQdzrrZ4x26ogbKSCMuDlgucSsz8ZeVDy+35f8Ub9ItKnFPiOCz0loRcMZfXpS
u2tMThWJ3wzlB1E6aKf8Lviuc3P7JWgstIRMg7uNdtSyNojpY3sIqzaFK9ySQi4ZbSbcpGs7MGhi
pE7Vk4iGAqqvvr0Ko2QDHwlvqZ1p5K0h7Pfjg6zAz+PZNvd8d2+kPIUvJWqC3PL+I6GgO5HZXa4+
ZpeXRDLTz7+tKGvo7C2NJ4y7k1hkwidd+Zw8/G0xd723hFdYSiw9z6trz0QWyzGrxWWmJ0o/2Llr
4m6cP6TviggQ6jBRyOx5X88FliaQYih1VrjrnIcaW0OyZ7Rqzuhn36tz3Zm6BP56W4C9bKY+KXLe
jiEnseX3/ESwVRWXfyhZ6HmNT3sf5s1+AEMp1Y1E0HxcNK5hSU3WMQkRO6dcuxN8Unn55Fk9+I63
2mk=
=ozd7
-----END PGP SIGNATURE-----
--------------17tDUlZSFDGv7ZTp1B0GVA3K--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ed40dd43-3aa9-42ac-aff9-0d14c041379a>