From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 07:22:02 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C8C85CA1 for ; Wed, 27 Aug 2014 07:22:02 +0000 (UTC) Received: from mail-ig0-x22a.google.com (mail-ig0-x22a.google.com [IPv6:2607:f8b0:4001:c05::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 946623D64 for ; Wed, 27 Aug 2014 07:22:02 +0000 (UTC) Received: by mail-ig0-f170.google.com with SMTP id h3so6910002igd.1 for ; Wed, 27 Aug 2014 00:22:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=8QEtneyPnYcnP7YX3Q9jaisWdgzfW6TP5yZzwSLag4Q=; b=Vt6hSqG+x4WqzugNHH4H0Z88/me2LYqxmA9XQ16PqpOrZlDYgNuc5JXbnfSwW2FhrH XYVD6bbXS11vnvFMudY7354JsaxPvw+bFo6fUQ5F2fFqLBnDmOlCw+o8VI3F2h6atEpd gAu851m6sIg1ud4lkc58DZ5Uo9FMgR1mH+2vu57HOzoQ2xu/DuS0M5t7iopiOS7jt15j FWDUOOdEcEP/X83yDlOh8B8ZQkHHMC4X3IKts/bLWLWEfvlPWxPWFgnghkHuhqFN7I+X qd8IU3sJelG2Hd+Mt66lStDhyu+qM9DY6pTcSUhRMCesUrDzKREoO2lswukemLTOe0A+ aXVA== MIME-Version: 1.0 X-Received: by 10.50.25.41 with SMTP id z9mr27788281igf.0.1409124121837; Wed, 27 Aug 2014 00:22:01 -0700 (PDT) Sender: kob6558@gmail.com Received: by 10.107.163.148 with HTTP; Wed, 27 Aug 2014 00:22:01 -0700 (PDT) In-Reply-To: <53FD7B34.1050408@jonathanprice.org> References: <88a42e1006e3fac7508a9419e342f1b2@mail.jonathanprice.org> <2173103.SJdXL7NPLT@overcee.wemm.org> <53FD7B34.1050408@jonathanprice.org> Date: Wed, 27 Aug 2014 00:22:01 -0700 X-Google-Sender-Auth: g3dS-tjGFEY7d4pB-ncjPwwjRiY Message-ID: Subject: Re: Should I be using ipv6_activate_all_interfaces or ip6addrctl_policy="ipv6_prefer" From: Kevin Oberman To: Jonathan Price Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-net@freebsd.org" , Peter Wemm X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2014 07:22:03 -0000 On Tue, Aug 26, 2014 at 11:31 PM, Jonathan Price wrote: > On 2014-08-27 01:40, Peter Wemm wrote: > >> On Tuesday 26 August 2014 10:40:27 freebsd@jonathanprice.org wrote: >> >>> Hello, >>> >>> I am configuring a server with IPv4 and IPv6 addresses and have noticed >>> that >>> FreeBSD seems to be preferring IPv4, such as when establishing SSH >>> connections. >>> >>> After reading through /etc/defaults/rc.conf, and later >>> /etc/rc.d/ip6addrctl >>> I have come to the conclusion that I have two ways to tell FreeBSD to >>> prefer IPv6: >>> >>> 1) Add ipv6_activate_all_interfaces to /etc/rc.conf >>> 2) Add ip6addrctl_policy="ipv6_prefer" to /etc/rc.conf >>> >>> Could anybody with a little more knowledge on the matter explain to me >>> which >>> of the two options is more preferential? >>> >> >> They both do different things. >> >> The activate knob is to enable ipv6 on an interface. To oversimplify it, >> if >> you configure an address on an interface, it is "enabled". However, this >> switch enables this on all the rest of the interfaces, even the ones you >> didn't configure. >> >> ip6addrctl* affects things like hostname lookups to sort the addresses >> returned >> to the caller. >> >> They are different things entirely. I think you are expecting the >> behavior >> that ip6_prefer policy gives you. That's what we use in the freebsd.org >> cluster to have it use ipv6 where possible. >> >> > Hi, and thanks for the response. > > Would it be possible to go into a little detail as to what > ipv6_activate_all_interfaces="YES" does to interfaces which don't > explicitly have an address configured? I can't appear to find much > information on this option. > > However, it does sound like for my purposes it would make more sense to > use ip6addrctl_policy="ipv6_prefer" as that is more explicitly the > feature I want, rather than getting it inadvertently through the other knob. > > As to Kevin's question, I have working IPv6 connectivity both with and > without the knobs in mention, it's just that certain applications which can > use both IPv4 and IPv6 (such as SSH), won't use IPv6 unless explicitly told > to (with -6 in this example), or one of the above tunables is used While doubting Peter's networking answers is usually foolish, I think this one is at least a bit misleading. As he says, ipv6_activate_all_interfaces="YES" will set all interfaces on the system to -ifdisable which, since it is an IPv6 option, will enable IPv6 on all interfaces. NO will disable IPv6 on all interfaces. But it is related to ipaddrctl_policy as it will set ipaddrctl_policy to "ipv6_prefer" if no explicit setting overrides it. So IPv6 is working, and "ssh -6" does use IPv6. I'd still like to see the output of ip6addrctl. It should look like: ::1/128 50 0 ::/0 40 1 ::ffff:0:0/96 35 4 2002::/16 30 2 2001::/32 5 5 fc00::/7 3 13 ::/96 1 3 fec0::/10 1 11 3ffe::/16 1 12 For more explanation, look at /etc/rc.d/ip6addrctl and /etc/network.subr. The list of prefixes set by it should match what I list above. If 'ipv6_activate_all_interfaces="NO"', or ipaddrctl_policy="ipv4_prefer", you should get: ::1/128 50 0 ::/0 40 1 ::ffff:0:0/96 100 4 2002::/16 30 2 2001::/32 5 5 fc00::/7 3 13 ::/96 1 3 fec0::/10 1 11 3ffe::/16 1 12 Any other output indicates manual setting of the policy. the "magic" is the precedence of ::ffff:0:0/96 which is an odd way of saying IPv4. I generally recommend ipv6_activate_all. Now I fear Peter will explain how I have misread the code. -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com