From owner-freebsd-net@FreeBSD.ORG Thu Jun 16 05:59:10 2011 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBC3C106564A for ; Thu, 16 Jun 2011 05:59:09 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.vlsi.ee.noda.tus.ac.jp (sekine00.ee.noda.sut.ac.jp [133.31.107.40]) by mx1.freebsd.org (Postfix) with ESMTP id 5DD688FC1B for ; Thu, 16 Jun 2011 05:59:08 +0000 (UTC) Received: from alph.allbsd.org (p2237-ipbf904funabasi.chiba.ocn.ne.jp [122.26.37.237]) (user=hrs mech=DIGEST-MD5 bits=128) by mail.vlsi.ee.noda.tus.ac.jp (8.14.4/8.14.4) with ESMTP id p5G5wfD5092230 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 16 Jun 2011 14:58:51 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.allbsd.org (8.14.4/8.14.4) with ESMTP id p5G5wdWr004666; Thu, 16 Jun 2011 14:58:41 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Thu, 16 Jun 2011 14:57:12 +0900 (JST) Message-Id: <20110616.145712.10896502890982069.hrs@allbsd.org> To: spork@bway.net From: Hiroki Sato In-Reply-To: <4DF9970D.5000505@bway.net> References: <4DF56879.30204@bway.net> <4DF5761C.9040509@bway.net> <4DF9970D.5000505@bway.net> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.3 on Emacs 23.1 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Thu_Jun_16_14_57_12_2011_457)--" Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.5 (mail.vlsi.ee.noda.tus.ac.jp [133.31.107.40]); Thu, 16 Jun 2011 14:58:55 +0900 (JST) X-Spam-Status: No, score=6.4 required=14.0 tests=BAYES_50, CONTENT_TYPE_PRESENT, RCVD_IN_CHINA, RCVD_IN_CHINA_KR, RCVD_IN_PBL, RCVD_IN_RP_RNBL, RCVD_IN_TAIWAN, SPF_SOFTFAIL,X_MAILER_PRESENT autolearn=no version=3.3.1 X-Spam-Level: ****** X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.vlsi.ee.noda.tus.ac.jp Cc: freebsd-net@FreeBSD.org Subject: Re: link-local needed w/static IP and gateway? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2011 05:59:10 -0000 ----Security_Multipart(Thu_Jun_16_14_57_12_2011_457)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Charles Sprickman wrote in <4DF9970D.5000505@bway.net>: sp> -Edit rc.conf to include your IPv6 IP(s) and default route, specify sp> which interfaces will run IPv6, and enable IPv6: sp> sp> ipv6_enable="YES" sp> ipv6_network_interfaces="lo0 bce1" sp> ipv6_defaultrouter="2001:xxx:xxxx::1" sp> ipv6_ifconfig_bce1="2001:xxx:xxxx:1::23/48" sp> sp> -Use sysctl to enable link-local addresses: sp> sp> # sysctl -w net.inet6.ip6.auto_linklocal=1 This is not needed when ipv6_enable="YES". sp> -Bounce the interface, which seems to kick something that triggers the sp> kernel to setup link-local addresses: sp> sp> # ifconfig bce1 down up sp> (that's literal - you don't need to down/up it in two commands) Ditto. sp> -Run the ipv6 rc.d script: sp> sp> # /etc/rc.d/network_ipv6 start I do not recommend to use the rc.d/network_ipv6 script for manual configuration because it often ends up an incomplete configuration as you experienced. Rebooting the system would be better. The rc.d/netif script on 9.X works well for that purpose without a reboot, though. sp> I'm still fuzzy on the explanation, but the default route does not seem sp> to stick to the external interface until the link-local address comes sp> up, even though the host has learned the L2 address of the default gateway. On IPv6 router, MLD works only when at least one LLA is configured on all of the interfaces. In short, ND will completely be broken on a router with a GUA and no LLA. LLA is a MUST for every IPv6-speaking interface, not for automatic router discovery only. This is because ICMPv6 heavily depends on it. Without LLA some unexpected and/or inconsistent behaviors can happen, especially on a router as you experienced. I would not recommend you to try to understand what will happen without LLA because it is quite complex and just ends up various kind of inconsistent behaviors. For why LLA is needed, the primary documents are RFC 3810, 4007, 4291, 4861, and 4884. -- Hiroki ----Security_Multipart(Thu_Jun_16_14_57_12_2011_457)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEABECAAYFAk35mzgACgkQTyzT2CeTzy0sKQCgzALF9a/CeifjO+wG01KcN0kQ t9kAniypnyiqVIqQuKGDnNOankhzH8qY =B/3f -----END PGP SIGNATURE----- ----Security_Multipart(Thu_Jun_16_14_57_12_2011_457)----