From owner-freebsd-net@FreeBSD.ORG Thu Jun 16 07:12:15 2011 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE0351065670 for ; Thu, 16 Jun 2011 07:12:14 +0000 (UTC) (envelope-from spork@bway.net) Received: from xena.bway.net (xena.bway.net [216.220.96.26]) by mx1.freebsd.org (Postfix) with ESMTP id B80B88FC1D for ; Thu, 16 Jun 2011 07:12:14 +0000 (UTC) Received: (qmail 28316 invoked by uid 0); 16 Jun 2011 07:12:14 -0000 Received: from smtp.bway.net (216.220.96.25) by xena.bway.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 16 Jun 2011 07:12:14 -0000 Received: (qmail 28308 invoked by uid 90); 16 Jun 2011 07:12:13 -0000 Received: from unknown (HELO hotlap.nat.fasttrackmonkey.com) (spork@96.57.144.66) by smtp.bway.net with (AES256-SHA encrypted) SMTP; 16 Jun 2011 07:12:13 -0000 Message-ID: <4DF9ACCC.5070506@bway.net> Date: Thu, 16 Jun 2011 03:12:12 -0400 From: Charles Sprickman User-Agent: Postbox 2.1.4 (Macintosh/20110310) MIME-Version: 1.0 To: Hiroki Sato References: <4DF56879.30204@bway.net> <4DF5761C.9040509@bway.net> <4DF9970D.5000505@bway.net> <20110616.145712.10896502890982069.hrs@allbsd.org> In-Reply-To: <20110616.145712.10896502890982069.hrs@allbsd.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.org Subject: Re: link-local needed w/static IP and gateway? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2011 07:12:15 -0000 Hiroki Sato wrote: > Charles Sprickman wrote > in <4DF9970D.5000505@bway.net>: > > sp> -Edit rc.conf to include your IPv6 IP(s) and default route, specify > sp> which interfaces will run IPv6, and enable IPv6: > sp> > sp> ipv6_enable="YES" > sp> ipv6_network_interfaces="lo0 bce1" > sp> ipv6_defaultrouter="2001:xxx:xxxx::1" > sp> ipv6_ifconfig_bce1="2001:xxx:xxxx:1::23/48" > sp> > sp> -Use sysctl to enable link-local addresses: > sp> > sp> # sysctl -w net.inet6.ip6.auto_linklocal=1 > > This is not needed when ipv6_enable="YES". Correct, unless you have not rebooted. It would be nice to have a hook to enabling that in the ipv6 rc.d script though. > sp> -Bounce the interface, which seems to kick something that triggers the > sp> kernel to setup link-local addresses: > sp> > sp> # ifconfig bce1 down up > sp> (that's literal - you don't need to down/up it in two commands) > > Ditto. Correct. Unless you haven't rebooted... > sp> -Run the ipv6 rc.d script: > sp> > sp> # /etc/rc.d/network_ipv6 start > > I do not recommend to use the rc.d/network_ipv6 script for manual > configuration because it often ends up an incomplete configuration as > you experienced. Rebooting the system would be better. The > rc.d/netif script on 9.X works well for that purpose without a > reboot, though. OK. I think there are a fair number of environments (ie: server) where rebooting for an IP change wouldn't be acceptable. So I would like to make sure that my manual method is close enough that I can share info without leading others down the wrong path. Good to hear this will be easier in 9.x. > sp> I'm still fuzzy on the explanation, but the default route does not seem > sp> to stick to the external interface until the link-local address comes > sp> up, even though the host has learned the L2 address of the default gateway. > > On IPv6 router, MLD works only when at least one LLA is configured on > all of the interfaces. In short, ND will completely be broken on a > router with a GUA and no LLA. > > LLA is a MUST for every IPv6-speaking interface, not for automatic > router discovery only. This is because ICMPv6 heavily depends on it. > Without LLA some unexpected and/or inconsistent behaviors can happen, > especially on a router as you experienced. I'm puzzled by why hosts with static IPv6 IPs could communicate with each other. I noticed in some of my netstat output that even though the ff02 multicast network was in the table, it was only bound to the loopback. However I still logged multicast to/from the box. One of the RFCs also noted that multicast is limited in scope to the link-local address, so in theory, not even the host to host ND should have worked. I guess that's what threw me. > I would not recommend you to try to understand what will happen > without LLA because it is quite complex and just ends up various kind > of inconsistent behaviors. For why LLA is needed, the primary > documents are RFC 3810, 4007, 4291, 4861, and 4884. I knew I'd eventually have to read RFCs. :) I totally agree with you, and what I've been reading elsewhere suggests that ND really shouldn't work without a link-local interface enabled. I have to assume that the multicast traffic somehow still making its way onto the wire. Not sure if that's a bug or a feature or a quirk of how what's a L3 protocol (icmp6 multicast) gets mapped to L2. Thanks, Charles > -- Hiroki