Date: Fri, 2 Aug 2024 18:05:33 -0400 From: Karl Denninger <karl@denninger.net> To: freebsd-net@freebsd.org Subject: Re: DHCPv6 IA_PD - how-to Message-ID: <9bcca610-711a-41b0-955a-12968a3a8be0@denninger.net> In-Reply-To: <2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net> References: <050440F8-B3D8-4B2C-85BD-D5C09C303037@distal.com> <20240727.122108.862717899466090274.moto@kawasaki3.org> <190fdf3e353.11351bb5e292296.3216692081725884177@marples.name> <20240730.091027.1008656135460861216.moto@kawasaki3.org> <fb6a9b28-7d52-42d8-a9e3-cd693b746bd2@denninger.net> <1910419702c.f8dcf010456961.6536659919669261420@marples.name> <2c1d5655-452c-4b7d-906d-8aa1affa64bd@denninger.net> <cd2a3579-257d-4de2-8467-94509cd9d03c@denninger.net> <191087bf5c4.109d82255531772.5427621875687457864@marples.name> <2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------aOW0sQzSHoJuaOntZQ6QerXy
Content-Type: multipart/mixed; boundary="------------RWgd4YUsogOfDIuUM4b6i6yW";
protected-headers="v1"
From: Karl Denninger <karl@denninger.net>
To: freebsd-net@freebsd.org
Message-ID: <9bcca610-711a-41b0-955a-12968a3a8be0@denninger.net>
Subject: Re: DHCPv6 IA_PD - how-to
References: <050440F8-B3D8-4B2C-85BD-D5C09C303037@distal.com>
<20240727.122108.862717899466090274.moto@kawasaki3.org>
<190fdf3e353.11351bb5e292296.3216692081725884177@marples.name>
<20240730.091027.1008656135460861216.moto@kawasaki3.org>
<fb6a9b28-7d52-42d8-a9e3-cd693b746bd2@denninger.net>
<1910419702c.f8dcf010456961.6536659919669261420@marples.name>
<2c1d5655-452c-4b7d-906d-8aa1affa64bd@denninger.net>
<cd2a3579-257d-4de2-8467-94509cd9d03c@denninger.net>
<191087bf5c4.109d82255531772.5427621875687457864@marples.name>
<2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net>
In-Reply-To: <2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net>
--------------RWgd4YUsogOfDIuUM4b6i6yW
Content-Type: multipart/alternative;
boundary="------------KRlzcMo49e03TW159gVFw1tj"
--------------KRlzcMo49e03TW159gVFw1tj
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
On 7/31/2024 08:00, Karl Denninger wrote:
> On 7/31/2024 07:10, Roy Marples wrote:
>> Roy Marples
>>
>>
>> ---- On Wed, 31 Jul 2024 03:38:46 +0100 Karl Denninger wrote ---
>> > Starting dhcpcd.
>> > dhcpcd-10.0.8 starting
>> > igb0: link state changed to UP
>> > igb1: link state changed to UP
>> > no interfaces have a carrier
>> > Additional TCP/IP options: IPv6 CPE WANIF=igb0.
>> > Setting up harvesting: [CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHE
>> > R],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
>> > Feeding entropy: dd: /boot/entropy: Read-only file system
>> > .
>> > igb0: link state changed to DOWN
>> > Setting hostname: IpGw.Denninger.Net.
>> > ELF ldconfig path: /lib /usr/lib /usr/local/lib /usr/local/lib/ipsec /usr/local/
>> > lib/perl5/5.36/mach/CORE
>> > 32-bit compatibility ldconfig path: /usr/lib32 /usr/lib32
>> > lo0: link state changed to UP
>> > igb1: link state changed to DOWN
>> > Starting Network: lo0 igb0 igb1 enc0.
>> > igb0: link state changed to UP
>>
>> This all looks fine.
>>
>> > Which would be ok EXCEPT all I get is an IPv4 address and its not
>> > repeatable either -- which it IS using DHCP provided by the system (that
>> > is, I RARELY get a different one -- with dhcpcd I ALWAYS get a different
>> > one. I'd prefer not to; obviously if I must then I must, but it appears
>> > dhcpcd is not maintaining any sort of requested ID and thus even if the
>> > server CAN give me the same IP, it doesn't.)
>> >
>> > But more troubling I don't get an IPv6 at all. The reason appears to be
>> > that the default route doesn't get populated off the other end, and I
>> > note that "ACCEPT_RTADV" is NOT there -- and neither is
>> > "AUTO_LINKLOCAL". If I stop it from /usr/local/etc/rc.d with "dhcpcd
>> > stop" and then "dhcpcd start" I *do* get the IPv6 delegation.
>> >
>> > Gotta put it back on the other setup for now, but any ideas would be
>> > helpful - I can't take the connection offline for the next couple of
>> > days, but can work on it over the weekend.
>>
>> So if dhcpcd handles IPv6 RS in any way for form on any interface then it
>> will disable the kernel handling it. This is what you are seeing.
>> You should also disable rtsold.
>> On the other hand, you can leave the kernel handling everything RS by adding
>> noipv6rs
>> at the top of /etc/dhcpcd.conf
>>
>> Is it possible you are using both?
>> Note that DHCPv6 will not set any default route, that's purely in the domain of RS.
>>
>> Roy
>
> This is what is typically in /etc/rc.conf:
>
> #
> # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg"
> # from the root directory as everything in these areas is in fact on a
> ramdisk!
> #
>
> hostname="IpGw.Denninger.Net"
>
> #dhcpcd_enable="YES"
>
> # Get a primary IPv4 address on the first (near serial port) ethernet port
> #
> #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal"
> ifconfig_igb0="DHCP -vlanhwtso -tso -lro"
> #ifconfig_igb0="DHCP -tso -lro"
>
> #
> # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED
> # to suit your configuration requirements! Also, if you change this you
> # must look in the dhcp configuation file and change THAT since this
> is the
> # network's DHCP server.
> #
> #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso
> -lro -vlanhwcsum -txcsum6"
> ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso
> -lro -vlanhwcsum"
> ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0"
> #
> # VLAN for secure subnet; if there are VLANs on the inside, define
> them here.
> #
> vlans_igb1="3 4"
> ifconfig_igb1_3="inet 192.168.4.200/24"
> #vlans_igb1="4"
> ifconfig_igb1_4="inet6 -ifdisabled"
>
> # If you are turning on IPv6 then you MUST set both these lines AND
> look in
> # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and
> # assignments for local prefix length. Note that we only accept
> routing info
> # on the WAN interface, NEVER on the internal one.
> #
> ipv6_cpe_wanif="igb0"
> ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"
> ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"
>
> #ipv6_activate_all_interfaces="yes"
> #
> # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
> # distribute IPv6
> #
> rtadvd_enable="Yes"
> rtadvd_interfaces="igb1 igb1.4"
>
> #
> # Dhcp6c client (get IPv6 addresses; note that
> /usr/local/etc/dhcp6c.conf must
> # also be edited or this will NOT work!)
> #
> dhcp6c_enable="Yes"
> dhcp6c_interfaces="igb0"
>
> #
> # Enable gateway functionality for both IPv4 and IPv6
> #
> gateway_enable="YES"
> ipv6_gateway_enable="YES"
>
> .... (then other stuff)
>
> When attempting to use dhcpcd I change the file to:
>
> #
> # If you change anything in /etc or /usr/local/etc you MUST run "save_cfg"
> # from the root directory as everything in these areas is in fact on a
> ramdisk!
> #
>
> hostname="IpGw.Denninger.Net"
>
> dhcpcd_enable="YES"
>
> # Get a primary IPv4 address on the first (near serial port) ethernet port
> #
> #ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal"
> #ifconfig_igb0="DHCP -vlanhwtso -tso -lro"
> #ifconfig_igb0="DHCP -tso -lro"
>
> #
> # Now configure up the internal interface; THIS WILL NEED TO BE CHANGED
> # to suit your configuration requirements! Also, if you change this you
> # must look in the dhcp configuation file and change THAT since this
> is the
> # network's DHCP server.
> #
> #ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso
> -lro -vlanh
> wcsum -txcsum6"
> ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso -tso
> -lro -vlanhw
> csum"
> ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0"
> #
> # VLAN for secure subnet; if there are VLANs on the inside, define
> them here.
> #
> vlans_igb1="3 4"
> ifconfig_igb1_3="inet 192.168.4.200/24"
> #vlans_igb1="4"
> ifconfig_igb1_4="inet6 -ifdisabled"
>
> # If you are turning on IPv6 then you MUST set both these lines AND
> look in
> # /usr/local/etc/dhcp6c.conf and make SURE you have the correct prefix and
> # assignments for local prefix length. Note that we only accept
> routing info
> # on the WAN interface, NEVER on the internal one.
> #
> ipv6_cpe_wanif="igb0"
> ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"
> ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"
>
> #ipv6_activate_all_interfaces="yes"
> #
> # Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
> # distribute IPv6
> #
> rtadvd_enable="Yes"
> rtadvd_interfaces="igb1 igb1.4"
>
> #
> # Dhcp6c client (get IPv6 addresses; note that
> /usr/local/etc/dhcp6c.conf must
> # also be edited or this will NOT work!)
> #
> #dhcp6c_enable="Yes"
> #dhcp6c_interfaces="igb0"
>
> #
> # Enable gateway functionality for both IPv4 and IPv6
> #
> gateway_enable="YES"
> ipv6_gateway_enable="YES"
>
> .....
>
> And in /usr/local/etc/dhcpcd.conf I have changed "duid" to "clientid"
> which appears to get a repeatable IPv4 IF the host will give me one
> (duid ALWAYS results in a different pool address on each boot/run):
>
>
> # A sample configuration for dhcpcd.
> # See dhcpcd.conf(5) for details.
>
> # Allow users of this group to interact with dhcpcd via the control
> socket.
> #controlgroup wheel
>
> # Inform the DHCP server of our hostname for DDNS.
> #hostname
>
> # Use the hardware address of the interface for the Client ID.
> clientid
> # or
> # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per
> RFC4361.
> # Some non-RFC compliant DHCP servers do not reply with this set.
> # In this case, comment out duid and enable clientid above.
> #duid
>
> # Persist interface configuration when dhcpcd exits.
> persistent
>
> # vendorclassid is set to blank to avoid sending the default of
> # dhcpcd-<version>:<os>:<machine>:<platform>
> vendorclassid
>
> # A list of options to request from the DHCP server.
> option domain_name_servers, domain_name, domain_search
> option classless_static_routes
> # Respect the network MTU. This is applied to DHCP routes.
> option interface_mtu
>
> # Request a hostname from the network
> #option host_name
>
> # Most distributions have NTP support.
> #option ntp_servers
>
> # Rapid commit support.
> # Safe to enable by default because it requires the equivalent option set
> # on the server to actually work.
> option rapid_commit
>
> # A ServerID is required by RFC2131.
> require dhcp_server_identifier
>
> # Generate SLAAC address using the Hardware Address of the interface
> #slaac hwaddr
> # OR generate Stable Private IPv6 Addresses based from the DUID
> #slaac private
>
>
> allowinterfaces igb0
>
> #ipv6only
> #ipv4only
>
> #
> # Do not run these hooks; DO run the DDNS one in exit-hooks
> #
> nohook resolv.conf hostname ntp.conf
>
> # Do not allow router solicits on anywhere EXCEPT the external
> #
> noipv6rs
>
> interface igb0
> ipv6rs
> ia_na 1
> ia_pd 1/::/56 igb1/0/64 igb1.4/1/64
>
> ------------------------
>
> I do not want the resolv.conf, hostname or ntp.conf hooks run as this
> is a gateway and those are in fact fixed (unbound is running on it
> with a local zone, for one thing) and I have an exit hook script that
> pokes a few things (and appears to be working)
>
> I turned off "ipv6rs" for every other interface than the one declared
> and then turned it on for igb0 (the external interface); is that
> incorrect?
>
> This machine IS the gateway so it does need to run rtadvd for the
> internal interfaces; rtsold is not enabled on this machine at all. It
> has to get the default route for IPv6 from the upstream. I do not
> want dhcpcd to tamper with anything other than igb0 -- other than
> delegating /64 v6 prefixes, which it is doing with the above.
>
> But when I boot it with this rather than dhcp6c I do not get an IPv6
> delegation and do get an IPv4 on a cold start. If I do a
> "/usr/local/etc/rc.d/dhcpcd restart" then IPv4 is left alone and IPv6
> populates. Looking at igb0 the ipv6 flags other than PERFORMNUD are
> off; when I using dhcp6c what I have it this:
>
> igb0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
> metric 0 mtu 1500
> options=4e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
> ether 00:0d:b9:46:71:88
> inet 71.15.252.132 netmask 0xfffffc00 broadcast 255.255.255.255
> inet6 fe80::20d:b9ff:fe46:7188%igb0 prefixlen 64 scopeid 0x1
> inet6 2600:6c5d:7009:600:896:206c:deea:394 prefixlen 128
> pltime 604800 vltime 604800
> media: Ethernet autoselect (1000baseT <full-duplex>)
> status: active
> nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
>
> Thus I am accepting routing from the upstream and I also have
> auto_linklocal. Both those flags are missing when I boot using
> dhcpcd. In addition there is no default route on boot on igb0 -- but
> again, if I re-run it then there is and the prefix gets assigned and
> distributed.
>
> Here's what the routing table for ipv6 on the gateway looks like when
> dhcp6c is being used:
>
> Internet6:
> Destination Gateway Flags Netif Expire
> ::/96 link#4 URS lo0
> default fe80::201:5cff:fe70:7c46%igb0 UG igb0
> ::1 link#4 UHS lo0
> ::ffff:0.0.0.0/96 link#4 URS lo0
> 2600:6c5d:5d00:ae00::/64 link#2 U igb1
> 2600:6c5d:5d00:ae00:20d:b9ff:fe46:7189 link#4
> UHS lo0
> 2600:6c5d:5d00:ae01::/64 link#6 U igb1.4
> 2600:6c5d:5d00:ae01:20d:b9ff:fe46:7189 link#4
> UHS lo0
> 2600:6c5d:7009:600:896:206c:deea:394 link#4
> UHS lo0
> fe80::%lo0/10 link#4 URS lo0
> fe80::%igb0/64 link#1 U igb0
> fe80::20d:b9ff:fe46:7188%lo0 link#4 UHS lo0
> fe80::%igb1/64 link#2 U igb1
> fe80::20d:b9ff:fe46:7189%lo0 link#4 UHS lo0
> fe80::%lo0/64 link#4 U lo0
> fe80::1%lo0 link#4 UHS lo0
> fe80::%igb1.4/64 link#6 U igb1.4
> fe80::20d:b9ff:fe46:7189%lo0 link#4 UHS lo0
> ff02::/16 link#4 URS lo0
>
> I can play with this more over the weekend.
>
> Given that the box is a gateway rather than an endpoint if that
> changes things please advise. All the stuff on the local network,
> once I have the prefix, picks up addresses via SLACC and that is
> working fine (I don't need dhcpcd on the FreeBSD machines behind the
> gateway as they have fixed addresses for IPv4 and SLACC has been
> working well for them.)
>
More on this.....
If I boot with the above as noted I get no IPv6 address. However, if I
sign into the box on the inside address and do "ifconfig igb0 down.....
ifconfig igb0 up" (no need to stop/restart dhcpcd itself) then the
system DOES get an IPv6 prefix.
But it doesn't on boot, which I don't understand.
Ideas for further troubleshooting? It appears something is coming up in
the wrong order and precluding getting the IPv6 address.
--
Karl Denninger
karl@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
--------------KRlzcMo49e03TW159gVFw1tj
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 7/31/2024 08:00, Karl Denninger
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2d51761e-7836-4002-b2b5-0d8e66a0204c@denninger.net">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">On 7/31/2024 07:10, Roy Marples
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:191087bf5c4.109d82255531772.5427621875687457864@marples.name">
<pre class="moz-quote-pre" wrap="">Roy Marples
---- On Wed, 31 Jul 2024 03:38:46 +0100 Karl Denninger wrote ---
> Starting dhcpcd.
> dhcpcd-10.0.8 starting
> igb0: link state changed to UP
> igb1: link state changed to UP
> no interfaces have a carrier
> Additional TCP/IP options: IPv6 CPE WANIF=igb0.
> Setting up harvesting: [CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHE
> R],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
> Feeding entropy: dd: /boot/entropy: Read-only file system
> .
> igb0: link state changed to DOWN
> Setting hostname: IpGw.Denninger.Net.
> ELF ldconfig path: /lib /usr/lib /usr/local/lib /usr/local/lib/ipsec /usr/local/
> lib/perl5/5.36/mach/CORE
> 32-bit compatibility ldconfig path: /usr/lib32 /usr/lib32
> lo0: link state changed to UP
> igb1: link state changed to DOWN
> Starting Network: lo0 igb0 igb1 enc0.
> igb0: link state changed to UP
This all looks fine.
> Which would be ok EXCEPT all I get is an IPv4 address and its not
> repeatable either -- which it IS using DHCP provided by the system (that
> is, I RARELY get a different one -- with dhcpcd I ALWAYS get a different
> one. I'd prefer not to; obviously if I must then I must, but it appears
> dhcpcd is not maintaining any sort of requested ID and thus even if the
> server CAN give me the same IP, it doesn't.)
>
> But more troubling I don't get an IPv6 at all. The reason appears to be
> that the default route doesn't get populated off the other end, and I
> note that "ACCEPT_RTADV" is NOT there -- and neither is
> "AUTO_LINKLOCAL". If I stop it from /usr/local/etc/rc.d with "dhcpcd
> stop" and then "dhcpcd start" I *do* get the IPv6 delegation.
>
> Gotta put it back on the other setup for now, but any ideas would be
> helpful - I can't take the connection offline for the next couple of
> days, but can work on it over the weekend.
So if dhcpcd handles IPv6 RS in any way for form on any interface then it
will disable the kernel handling it. This is what you are seeing.
You should also disable rtsold.
On the other hand, you can leave the kernel handling everything RS by adding
noipv6rs
at the top of /etc/dhcpcd.conf
Is it possible you are using both?
Note that DHCPv6 will not set any default route, that's purely in the domain of RS.
Roy
</pre>
</blockquote>
<p>This is what is typically in /etc/rc.conf:</p>
<p>#<br>
# If you change anything in /etc or /usr/local/etc you MUST run
"save_cfg"<br>
# from the root directory as everything in these areas is in
fact on a ramdisk!<br>
#<br>
<br>
hostname="IpGw.Denninger.Net"<br>
<br>
#dhcpcd_enable="YES"<br>
<br>
# Get a primary IPv4 address on the first (near serial port)
ethernet port<br>
#<br>
#ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal"<br>
ifconfig_igb0="DHCP -vlanhwtso -tso -lro"<br>
#ifconfig_igb0="DHCP -tso -lro"<br>
<br>
#<br>
# Now configure up the internal interface; THIS WILL NEED TO BE
CHANGED<br>
# to suit your configuration requirements! Also, if you change
this you<br>
# must look in the dhcp configuation file and change THAT since
this is the<br>
# network's DHCP server.<br>
#<br>
#ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso
-tso -lro -vlanhwcsum -txcsum6"<br>
ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso
-tso -lro -vlanhwcsum"<br>
ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0"<br>
#<br>
# VLAN for secure subnet; if there are VLANs on the inside,
define them here.<br>
#<br>
vlans_igb1="3 4"<br>
ifconfig_igb1_3="inet 192.168.4.200/24"<br>
#vlans_igb1="4"<br>
ifconfig_igb1_4="inet6 -ifdisabled"<br>
<br>
# If you are turning on IPv6 then you MUST set both these lines
AND look in<br>
# /usr/local/etc/dhcp6c.conf and make SURE you have the correct
prefix and<br>
# assignments for local prefix length. Note that we only accept
routing info<br>
# on the WAN interface, NEVER on the internal one.<br>
#<br>
ipv6_cpe_wanif="igb0"<br>
ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"<br>
ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"<br>
<br>
#ipv6_activate_all_interfaces="yes"<br>
#<br>
# Ipv6 routing; we MUST be an IPv6 router for the INTERNAL
interface to<br>
# distribute IPv6<br>
#<br>
rtadvd_enable="Yes"<br>
rtadvd_interfaces="igb1 igb1.4"<br>
<br>
#<br>
# Dhcp6c client (get IPv6 addresses; note that
/usr/local/etc/dhcp6c.conf must<br>
# also be edited or this will NOT work!)<br>
#<br>
dhcp6c_enable="Yes"<br>
dhcp6c_interfaces="igb0"<br>
<br>
#<br>
# Enable gateway functionality for both IPv4 and IPv6<br>
#<br>
gateway_enable="YES"<br>
ipv6_gateway_enable="YES"<br>
</p>
<p>.... (then other stuff)</p>
<p>When attempting to use dhcpcd I change the file to:</p>
<p>#<br>
# If you change anything in /etc or /usr/local/etc you MUST run
"save_cfg"<br>
# from the root directory as everything in these areas is in
fact on a ramdisk!<br>
#<br>
<br>
hostname="IpGw.Denninger.Net"<br>
<br>
dhcpcd_enable="YES"<br>
<br>
# Get a primary IPv4 address on the first (near serial port)
ethernet port<br>
#<br>
#ifconfig_igb0="inet6 -ifdisabled accept_rtadv auto_linklocal"<br>
#ifconfig_igb0="DHCP -vlanhwtso -tso -lro"<br>
#ifconfig_igb0="DHCP -tso -lro"<br>
<br>
#<br>
# Now configure up the internal interface; THIS WILL NEED TO BE
CHANGED<br>
# to suit your configuration requirements! Also, if you change
this you<br>
# must look in the dhcp configuation file and change THAT since
this is the<br>
# network's DHCP server.<br>
#<br>
#ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso
-tso -lro -vlanh<br>
wcsum -txcsum6"<br>
ifconfig_igb1="192.168.10.200 netmask 255.255.255.0 -vlanhwtso
-tso -lro -vlanhw<br>
csum"<br>
ifconfig_igb1_alias0="inet 192.168.2.200 netmask 255.255.255.0"<br>
#<br>
# VLAN for secure subnet; if there are VLANs on the inside,
define them here.<br>
#<br>
vlans_igb1="3 4"<br>
ifconfig_igb1_3="inet 192.168.4.200/24"<br>
#vlans_igb1="4"<br>
ifconfig_igb1_4="inet6 -ifdisabled"<br>
<br>
# If you are turning on IPv6 then you MUST set both these lines
AND look in<br>
# /usr/local/etc/dhcp6c.conf and make SURE you have the correct
prefix and<br>
# assignments for local prefix length. Note that we only accept
routing info<br>
# on the WAN interface, NEVER on the internal one.<br>
#<br>
ipv6_cpe_wanif="igb0"<br>
ifconfig_igb0_ipv6="inet6 -ifdisabled accept_rtadv"<br>
ifconfig_igb1_ipv6="inet6 -ifdisabled -accept_rtadv"<br>
<br>
#ipv6_activate_all_interfaces="yes"<br>
#<br>
# Ipv6 routing; we MUST be an IPv6 router for the INTERNAL
interface to<br>
# distribute IPv6<br>
#<br>
rtadvd_enable="Yes"<br>
rtadvd_interfaces="igb1 igb1.4"<br>
<br>
#<br>
# Dhcp6c client (get IPv6 addresses; note that
/usr/local/etc/dhcp6c.conf must<br>
# also be edited or this will NOT work!)<br>
#<br>
#dhcp6c_enable="Yes"<br>
#dhcp6c_interfaces="igb0"<br>
<br>
#<br>
# Enable gateway functionality for both IPv4 and IPv6<br>
#<br>
gateway_enable="YES"<br>
ipv6_gateway_enable="YES"<br>
<br>
</p>
<p>.....</p>
<p>And in /usr/local/etc/dhcpcd.conf I have changed "duid" to
"clientid" which appears to get a repeatable IPv4 IF the host
will give me one (duid ALWAYS results in a different pool
address on each boot/run):</p>
<p><br>
</p>
# A sample configuration for dhcpcd.<br>
# See dhcpcd.conf(5) for details.<br>
<br>
# Allow users of this group to interact with dhcpcd via the
control socket.<br>
#controlgroup wheel<br>
<br>
# Inform the DHCP server of our hostname for DDNS.<br>
#hostname<br>
<br>
# Use the hardware address of the interface for the Client ID.<br>
clientid<br>
# or<br>
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as
per RFC4361.<br>
# Some non-RFC compliant DHCP servers do not reply with this set.<br>
# In this case, comment out duid and enable clientid above.<br>
#duid<br>
<br>
# Persist interface configuration when dhcpcd exits.<br>
persistent<br>
<br>
# vendorclassid is set to blank to avoid sending the default of<br>
#
dhcpcd-<version>:<os>:<machine>:<platform><br>
vendorclassid<br>
<br>
# A list of options to request from the DHCP server.<br>
option domain_name_servers, domain_name, domain_search<br>
option classless_static_routes<br>
# Respect the network MTU. This is applied to DHCP routes.<br>
option interface_mtu<br>
<br>
# Request a hostname from the network<br>
#option host_name<br>
<br>
# Most distributions have NTP support.<br>
#option ntp_servers<br>
<br>
# Rapid commit support.<br>
# Safe to enable by default because it requires the equivalent
option set<br>
# on the server to actually work.<br>
option rapid_commit<br>
<br>
# A ServerID is required by RFC2131.<br>
require dhcp_server_identifier<br>
<br>
# Generate SLAAC address using the Hardware Address of the
interface<br>
#slaac hwaddr<br>
# OR generate Stable Private IPv6 Addresses based from the DUID<br>
#slaac private<br>
<span style="white-space: pre-wrap">
</span>
<p><br>
allowinterfaces igb0<br>
<br>
#ipv6only<br>
#ipv4only<br>
<br>
#<br>
# Do not run these hooks; DO run the DDNS one in exit-hooks<br>
#<br>
nohook resolv.conf hostname ntp.conf<br>
<br>
# Do not allow router solicits on anywhere EXCEPT the external<br>
#<br>
noipv6rs<br>
<br>
interface igb0<br>
ipv6rs<br>
ia_na 1<br>
ia_pd 1/::/56 igb1/0/64 igb1.4/1/64<br>
</p>
<p>------------------------</p>
<p>I do not want the resolv.conf, hostname or ntp.conf hooks run
as this is a gateway and those are in fact fixed (unbound is
running on it with a local zone, for one thing) and I have an
exit hook script that pokes a few things (and appears to be
working)</p>
<p>I turned off "ipv6rs" for every other interface than the one
declared and then turned it on for igb0 (the external
interface); is that incorrect?</p>
<p>This machine IS the gateway so it does need to run rtadvd for
the internal interfaces; rtsold is not enabled on this machine
at all. It has to get the default route for IPv6 from the
upstream. I do not want dhcpcd to tamper with anything other
than igb0 -- other than delegating /64 v6 prefixes, which it is
doing with the above.<br>
</p>
<p>But when I boot it with this rather than dhcp6c I do not get an
IPv6 delegation and do get an IPv4 on a cold start. If I do a
"/usr/local/etc/rc.d/dhcpcd restart" then IPv4 is left alone and
IPv6 populates. Looking at igb0 the ipv6 flags other than
PERFORMNUD are off; when I using dhcp6c what I have it this:</p>
<p>igb0:
flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500<br>
options=4e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG><br>
ether 00:0d:b9:46:71:88<br>
inet 71.15.252.132 netmask 0xfffffc00 broadcast
255.255.255.255<br>
inet6 fe80::20d:b9ff:fe46:7188%igb0 prefixlen 64 scopeid
0x1<br>
inet6 2600:6c5d:7009:600:896:206c:deea:394 prefixlen 128
pltime 604800 vltime 604800<br>
media: Ethernet autoselect (1000baseT
<full-duplex>)<br>
status: active<br>
nd6
options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL><br>
</p>
<p>Thus I am accepting routing from the upstream and I also have
auto_linklocal. Both those flags are missing when I boot using
dhcpcd. In addition there is no default route on boot on igb0
-- but again, if I re-run it then there is and the prefix gets
assigned and distributed.</p>
<p>Here's what the routing table for ipv6 on the gateway looks
like when dhcp6c is being used:</p>
<p><font face="monospace">Internet6:<br>
Destination
Gateway Flags Netif Expire<br>
::/96
link#4 URS lo0<br>
default
fe80::201:5cff:fe70:7c46%igb0 UG igb0<br>
::1
link#4 UHS lo0<br>
::ffff:0.0.0.0/96
link#4 URS lo0<br>
2600:6c5d:5d00:ae00::/64
link#2 U igb1<br>
2600:6c5d:5d00:ae00:20d:b9ff:fe46:7189
link#4 UHS lo0<br>
2600:6c5d:5d00:ae01::/64
link#6 U igb1.4<br>
2600:6c5d:5d00:ae01:20d:b9ff:fe46:7189
link#4 UHS lo0<br>
2600:6c5d:7009:600:896:206c:deea:394
link#4 UHS lo0<br>
fe80::%lo0/10
link#4 URS lo0<br>
fe80::%igb0/64
link#1 U igb0<br>
fe80::20d:b9ff:fe46:7188%lo0
link#4 UHS lo0<br>
fe80::%igb1/64
link#2 U igb1<br>
fe80::20d:b9ff:fe46:7189%lo0
link#4 UHS lo0<br>
fe80::%lo0/64
link#4 U lo0<br>
fe80::1%lo0
link#4 UHS lo0<br>
fe80::%igb1.4/64
link#6 U igb1.4<br>
fe80::20d:b9ff:fe46:7189%lo0
link#4 UHS lo0<br>
ff02::/16
link#4 URS lo0</font><br>
</p>
<p>I can play with this more over the weekend.</p>
<p>Given that the box is a gateway rather than an endpoint if that
changes things please advise. All the stuff on the local
network, once I have the prefix, picks up addresses via SLACC
and that is working fine (I don't need dhcpcd on the FreeBSD
machines behind the gateway as they have fixed addresses for
IPv4 and SLACC has been working well for them.)<br>
</p>
</blockquote>
<p>More on this.....</p>
<p>If I boot with the above as noted I get no IPv6 address.
However, if I sign into the box on the inside address and do
"ifconfig igb0 down..... ifconfig igb0 up" (no need to
stop/restart dhcpcd itself) then the system DOES get an IPv6
prefix.</p>
<p>But it doesn't on boot, which I don't understand.</p>
<p>Ideas for further troubleshooting? It appears something is
coming up in the wrong order and precluding getting the IPv6
address.<br>
</p>
<div class="moz-signature">-- <br>
Karl Denninger<br>
<a href="mailto:karl@denninger.net" class="moz-txt-link-freetext">karl@denninger.net</a><br>
<i>The Market Ticker</i><br>
<font size="-2"><i>[S/MIME encrypted email preferred]</i></font></div>
</body>
</html>
--------------KRlzcMo49e03TW159gVFw1tj--
--------------RWgd4YUsogOfDIuUM4b6i6yW--
--------------aOW0sQzSHoJuaOntZQ6QerXy
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEvWWSxnGhSYSUSaCtby3AFeuPWXgFAmatWC0FAwAAAAAACgkQby3AFeuPWXgU
Lg/9HFegurd3V5hOZ6J8Eop0QcGyr7woA6GtdqsdQABdKo035y/j/We3iNpqZ/hs8DpaCPR240RI
F8FR/Pw/MA9UBI+aluu0FCu4B4nWoCncl2yNSuQdErHRr4NNb5BkkbTwIzmWiUqPO4Cix5KUn5hR
DR7Xq8kpngnAnn2zhwKrjrNo5AYJXO8PMZKDxKjzxDc0bh003WavGYEcH0A6QEQHcJwxwsbgk7l4
kTLrM18hY7KFIlX7NmVTJog80M64/OAR2vTO3Z7P58lZPe5Y4AOvoAGfXV9Og3i/zJPBtTJSzT5R
oVhX45kMVUXd+X/cFJJGwAw87gUkeGxQVWHLacakDie/ZVFfDmfU0/zc6YJ5dG+3rKMxJlrJemTl
oiDXrUI49oH/woSinjymvg+NhxM/f1d9F4MmFXoP0zmFgQ0OI8Xt0JutGDu1wLGrZrRtBcH6CL1m
bM9qAijok+pYJNIoFIFZ2DMb3e3NFxCAiSYIJZg5tbSP9N4NQqyVO6WtS0tvXzvZzJh6Jq/gq/q/
4ZIMqB8Rxrwa/6qPBKYwOFByXLnJxmtj6pdiZVFFI5No87J+FI3MspAxMcN/S6L451LLmDqT4vst
BQ7uK0n4O50AMNkJjjwWTF7wX66Fpw8iWbIELuW2Ve23xdk3/a06VxoLw+ssq3pubo/+EDmMENlj
GKA=
=mu3I
-----END PGP SIGNATURE-----
--------------aOW0sQzSHoJuaOntZQ6QerXy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9bcca610-711a-41b0-955a-12968a3a8be0>