From owner-freebsd-net@FreeBSD.ORG Thu Jun 16 05:39:28 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30854106566C for ; Thu, 16 Jun 2011 05:39:28 +0000 (UTC) (envelope-from spork@bway.net) Received: from xena.bway.net (xena.bway.net [216.220.96.26]) by mx1.freebsd.org (Postfix) with ESMTP id E58458FC08 for ; Thu, 16 Jun 2011 05:39:27 +0000 (UTC) Received: (qmail 26273 invoked by uid 0); 16 Jun 2011 05:39:26 -0000 Received: from smtp.bway.net (216.220.96.25) by xena.bway.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 16 Jun 2011 05:39:26 -0000 Received: (qmail 26267 invoked by uid 90); 16 Jun 2011 05:39:26 -0000 Received: from unknown (HELO hotlap.nat.fasttrackmonkey.com) (spork@96.57.144.66) by smtp.bway.net with (AES256-SHA encrypted) SMTP; 16 Jun 2011 05:39:26 -0000 Message-ID: <4DF9970D.5000505@bway.net> Date: Thu, 16 Jun 2011 01:39:25 -0400 From: Charles Sprickman User-Agent: Postbox 2.1.4 (Macintosh/20110310) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4DF54139.1050004@FreeBSD.org> <4DF56879.30204@bway.net> <4DF5761C.9040509@bway.net> In-Reply-To: <4DF5761C.9040509@bway.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: link-local needed w/static IP and gateway? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2011 05:39:28 -0000 Just wanted to summarize after I was able to watch all this on another host. I ran tcpdump on the host that I was adding to the IPv6 network as well as on another host that would see all the broad^H^H^H multicast traffic for neighbor discovery. First I'll just lay out what appears to be the correct procedure for bringing a FreeBSD box up on an IPv6 network in an environment where you're using static IPv6 IPs. -Edit rc.conf to include your IPv6 IP(s) and default route, specify which interfaces will run IPv6, and enable IPv6: ipv6_enable="YES" ipv6_network_interfaces="lo0 bce1" ipv6_defaultrouter="2001:xxx:xxxx::1" ipv6_ifconfig_bce1="2001:xxx:xxxx:1::23/48" -Use sysctl to enable link-local addresses: # sysctl -w net.inet6.ip6.auto_linklocal=1 -Bounce the interface, which seems to kick something that triggers the kernel to setup link-local addresses: # ifconfig bce1 down up (that's literal - you don't need to down/up it in two commands) -Run the ipv6 rc.d script: # /etc/rc.d/network_ipv6 start What I observed was fairly interesting. I manually added the IPv6 IP and default route. At this point, address resolution (mapping L3 to L2) works fine with other hosts on the network. After spending many hours reading up on link-local and how ND (neighbor discovery) works in IPv6 (which I think is actually much more clever than ARP - ND is actually at layer 3 and uses multicast), it really didn't look to me like ND really relied on link-local addresses. As soon as the host has any IPv6 IP, it joins the multicast group (ff02::/16) and can see NA (neighbor advertisement) and ND traffic. In receiving NAs it learns L3-L2 mappings and in sending them other nodes learn L3-L2 mappings. Everything is peachy keen. It can even see the router. All these hosts are able to ping each other. What does not work is the default route. I could see outside traffic hitting the host (indicating the router had a L3-L2 mapping to the host) and I could see the host responding to pings from outside. But that traffic did not ever leave the host. I'm still fuzzy on the explanation, but the default route does not seem to stick to the external interface until the link-local address comes up, even though the host has learned the L2 address of the default gateway. Anyhow, it would be great if the procedure from bringing IPv6 up on a running host without a reboot could be documented somewhere. Seeing everything pingable inside the network might lead other v6 noobs like myself chasing off in all sorts of directions before giving up and rebooting. The whole thing was a wonderful learning experience though, but info on the guts of address resolution was hard to come by. It would be really great if the network_ipv6 script would toggle the link-local sysctl when run. Why it does not puzzles me. Thanks, Charles Charles Sprickman wrote: > (sending to list, accidentally missed "reply to all" when I replied to Doug) > > Doug Barton wrote: >> On 6/12/2011 3:30 PM, Charles Sprickman wrote: >>> Can anyone help me understand what the relationship is between address >>> resolution for the router >> I don't know what you mean by "address resolution for the router." > > Layer-2 to Layer-3 mapping and discovery. > >>> and link-local? Why is this required? Why >>> can I ping other hosts on the subnet without enabling link-local? >> link-local is required for IPv6. The gateway address should be the >> link-local address, not the GUA. > > What is the purpose then of the default route statement for IPv6 in > rc.conf and why have my providers offered up a non-link-local gateway > address? > > Thanks, > > Charles >