From owner-freebsd-net@FreeBSD.ORG Wed Jan 13 12:02:10 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE3671065692 for ; Wed, 13 Jan 2010 12:02:10 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by mx1.freebsd.org (Postfix) with ESMTP id 5EAAA8FC16 for ; Wed, 13 Jan 2010 12:02:09 +0000 (UTC) Received: by qw-out-2122.google.com with SMTP id 3so198562qwe.7 for ; Wed, 13 Jan 2010 04:02:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=njbWo10T0X59kyPcz0XWAuGmIDZTVUrBddCAwFOAP2c=; b=JcnCqzJMr+2jlQDDma0rJxgB+ph/zR6ZEE/HnWzRNPzQxXfjKgU8rwrZxIqSDBh/m4 Fwo7Nsh5Wcyu4pU3apfQh86VBvaNsVEvuAjUR28/fBR/MV0OTfk3+znAzjOT5vGHTrvF oESHaQcNhlAT3xN8UqLd6qXYdo7adu7o1fSGc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=ECnW5cbIO9CBXeMc77/YN1J8KdrkMNYkHxij0XoT+eIG9iYm9VBxXZurykX8FEakXo 5ahiQPiV91ODEqE8oKt85R1+5TVn+KCtols2dtgtn2aa2Y/5PmJ3xSOG21lBxhmZgbMb 7CqFhLrO4OrIXrjzGYLnZ7C+kzg/Hw04DTC88= Received: by 10.224.50.137 with SMTP id z9mr2484189qaf.83.1263384126846; Wed, 13 Jan 2010 04:02:06 -0800 (PST) Received: from ?192.168.31.4? (ppp-21.103.dialinfree.com [209.172.21.103]) by mx.google.com with ESMTPS id 21sm1391923qyk.12.2010.01.13.04.01.59 (version=SSLv3 cipher=RC4-MD5); Wed, 13 Jan 2010 04:02:05 -0800 (PST) Sender: "J. Hellenthal" Message-ID: <4B4DB634.5040906@DataIX.net> Date: Wed, 13 Jan 2010 07:01:56 -0500 From: jhell User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 MIME-Version: 1.0 To: David Horn References: <4B4CEB41.3000805@Sun.COM> <25ff90d61001121642l7ac1de26ma7033ca997d90183@mail.gmail.com> In-Reply-To: <25ff90d61001121642l7ac1de26ma7033ca997d90183@mail.gmail.com> X-Enigmail-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Brett Lee Subject: Re: How to enable IPv6 on a subset of interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2010 12:02:10 -0000 On 1/12/2010 7:42 PM, David Horn wrote: > On Tue, Jan 12, 2010 at 4:36 PM, Brett Lee wrote: >> Hello, >> >> Using FreeBSD 8.0-RELEASE, and am trying variations in /etc/rc.conf in an >> attempt to enable IPv6 on ONLY one of the systems two interfaces. >> >> Specifically, em0 should be enabled IPv4 DHCP, and bge0 should be enabled >> IPv6 only. >> >> From the KAME link below, and the files /etc/network.subr and >> /etc/defaults/rc.conf, am reading that "ipv6_network_interface" should work; >> however the following still results in em0 obtaining IPv6 addresses: >> >> http://www.kame.net/~suz/freebsd-ipv6-config-guide.txt >> >> ifconfig_em0="DHCP" >> ipv6_enable="YES" >> ipv6_network_interface="bge0" >> ipv6_network_interfaces="bge0" >> >> In another attempt (see link below), it looks like "ifconfig_em0" may >> support a "NOIPV6" param, but in practice it doesn't seem to work for me: >> >> http://lists.freebsd.org/pipermail/freebsd-rc/2007-May/001106.html >> >> ifconfig_em0="DHCP NOIPV6" >> ipv6_enable="YES" >> #ipv6_network_interface="bge0" >> #ipv6_network_interfaces="bge0" >> >> Am hopeful that someone might point out how I could enable this >> configuration. >> >> Thanks in advance! -Brett > > NOIPV6 is not a valid rc.conf configuration token at this time. > > I am assuming that you are using SLAAC for IPv6 prefix/address > distribution (via rtadvd/radvd), and not DHCPv6. > > ipv6_network_interfaces is the correct rc.conf(5) variable to use to > specifically control which interface gets configured using SLAAC via > rtsol(8), but will not stop other interfaces from getting the RA > (Router Advertisement) packet which starts IPv6 SLAAC (Stateless > Autoconfiguration). > > In -current/9.0 there are nice new ifconfig parameters (inet6 > ifdisabled -nud -accept_rtadv) and rc.conf variables that do just what > you are looking for, but they are not in 8.0 at this time. > > In 8.0 you can use the ndp(8) utility to set the -accept_rtadv (and/or > ifdisabled/nud,etc.) flags on a per-interface basis. The > "-accept_rtadv" flag will disable SLAAC for the specified interface, > but must be called before the interface gets the "RA" packet to be > effective. > > You can do an ugly *unsupported hack* in 8.0 to call ndp from within > rc.conf/rc.d startup scripts until the new code makes it into a > release: > > ipv6_enable="YES" > ipv6_network_interfaces="bge0" > ifconfig_em0="DHCP `ndp -i em0 ifdisabled -nud -accept_rtadv >/dev/null 2>&1`" > ifconfig_bge0="UP" > > This will cause some boot-time error messages about not finding ndp > (before /usr is mounted), but these can be ignored, as the backticked > ndp line will be run EVERY time that rc.conf is sourced. This is > just a work-around for 8.0 that happened to work for me at the time. > If someone else has a better solution that fits properly within the > confines of rc.conf, please speak up. > Not sure if 8.0 still has this cap but you could put you interface commands in /etc/start_if.em0 /etc/start_if.bge0. If this works out let me know I would be interested since it seems like a better idea rather than trying to set some weird options inside some rcvars. > While on the subject, I have been thinking about putting together a > patchset to experiment with adding some improved logic surrounding > using DHCPv6 vs DHPCPv4 vs SLAAC/RTSOL in the rc.conf scripts and > adding M+0 flag support +rdnss (RFC 5006) support to the kernel and > userland and devd. If I can ever get a working prototype, I will > share to get some feedback. > -- jhell