From nobody Tue Sep 30 11:43:42 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cbbml2nHdz68yFZ for ; Tue, 30 Sep 2025 11:43:51 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp-relay-int-backup.realworks.nl (smtp-relay-int-backup.realworks.nl [87.255.56.188]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4cbbml0cKqz3qmn for ; Tue, 30 Sep 2025 11:43:50 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Authentication-Results: mx1.freebsd.org; none Received: from smtp-relay-int-backup.realworks.nl (crmpreview5.colo2.realworks.nl [10.2.52.35]) by mailrelayint1.colo2.realworks.nl (Postfix) with ESMTP id 4cbbmZ4GLJzK4; Tue, 30 Sep 2025 13:43:42 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2; t=1759232622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Jq84RdXt5FrvOwIq3LWBGocfyM7v7nzdlHB89QUKAVg=; b=nuymkt13MGgl2ikNDf+1Wt/DEpcghC1BGYnCfb58YwJmxjb6GbBzjrDUiFLoMXDJB6ZVnu 4ZWx2fHUsa22SBTfkV9/aYRmxz7mu/v+/5hnOCv4atyQOWlqYTdCp7i7imF78TSziv6MeB a2csWHCWw/kfj76jlHhdVKv9KW5vdjr7c5FRZ7MX1LGuYxY76XRmMtdJAi0NYTVPrMNUi9 IeaDvj30itm0mkllX0OWuZBhANxdJ5fk06z80DQ5G2ejXia7UzxmVnCb+f8F1q4e1dggL1 m3zxdaKEKGstE0SBAhl38AA/oG1r39jslZ25s91MiVal8+z3SLMshD/qBTFrwQ== Received: from crmpreview5.colo2.realworks.nl (localhost [127.0.0.1]) by crmpreview5.colo2.realworks.nl (Postfix) with ESMTP id 43B53C007E; Tue, 30 Sep 2025 13:43:42 +0200 (CEST) Date: Tue, 30 Sep 2025 13:43:42 +0200 (CEST) From: Ronald Klop To: Tom Pusateri Cc: "net@freebsd.org" Message-ID: <1819478143.6522.1759232622123@localhost> In-Reply-To: References: Subject: Re: IPv6 accept_rtadv for default route and prefix but force host portion of /64 address? List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_6521_1265039737.1759232622098" X-Mailer: Realworks (767.1) X-Originating-Host: from (83-81-212-149.cable.dynamic.v4.ziggo.nl [83.81.212.149]) by crmpreview5.colo2.realworks.nl [10.2.52.35] with HTTP; Tue, 30 Sep 2025 13:43:42 +0200 Importance: Normal X-Priority: 3 (Normal) X-Originating-User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:143.0) Gecko/20100101 Firefox/143.0 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4cbbml0cKqz3qmn ------=_Part_6521_1265039737.1759232622098 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Van: Tom Pusateri Datum: maandag, 29 september 2025 23:32 Aan: "net@freebsd.org" Onderwerp: IPv6 accept_rtadv for default route and prefix but force host po= rtion of /64 address? >=20 > Is there a way to change the configuration in /etc/rc.conf to get the pre= fix from the router advertisement but fix the host portion to something lik= e ::123 so that I can change network cards in the server and never have to = worry about the IPv6 address changing? >=20 > I have a DMZ interface on a FreeBSD router with a prefix delegation from = my provider I assign to a downstream interface. I have another FreeBSD serv= er on the DMZ network and would like it to have a fixed address allocated o= ut of the assigned prefix from the router. >=20 > The router (also FreeBSD) is running rtadvd providing SLAAC and router ad= vertisements. >=20 > The /etc/rc.conf for the DMZ server currently looks like this: >=20 > ifconfig_igb0_ipv6=3D"inet6 2605:1:2:3::123/64 accept_rtadv=E2=80=9D >=20 > This works fine and manually assigns the address out of the assigned pref= ix range as configured on the router. >=20 > It also assigns a second IPv6 address via SLAAC that I don=E2=80=99t use. >=20 > ifconfig output looks like this: >=20 > igb0: flags=3D1008843 me= tric 0 mtu 1500 > options=3D4e527bb > ether ac:1f:6b:1a:04:c0 > inet 1.2.3.123 netmask 0xfffffff8 broadcast 1.2.3.127 > inet6 fe80::ae1f:6bff:fe1a:4c0%igb0 prefixlen 64 scopeid 0x1 > inet6 2605:1:2:3::123 prefixlen 64 > inet6 2605:1:2:3:ae1f:6bff:fe1a:4c0 prefixlen 64 autoconf pltime 6048= 00 vltime 2592000 > media: Ethernet autoselect (1000baseT ) > status: active > nd6 options=3D23 >=20 > I get the correct upstream next hop for a default route: >=20 > % netstat -nra6 > Routing tables >=20 > Internet6: > Destination Gateway Flags = Netif Expire > ::/96 link#3 URS = lo0 > default fe80::207:43ff:fe31:7078%igb0 UG = igb0 >=20 >=20 > The problem with this is that the IPv6 prefix is configured on the router= and configured on the server. >=20 > Thanks, > Tom >=20 >=20 > =20 >=20 >=20 >=20 Hi, I think DHCPv6 could help you here. In IPv6 the address via DHCP is not con= nected to the MAC address directly, but to a DUID, which is something simil= ar to the hostuuid. AFAIK it should be stable between hardware changes. The= details might be important, read something like this https://metebalci.com= /blog/a-note-on-dhcpv6-duid-and-prefix-delegation/. I think in my dhcpv6-cl= ient I can hardcode the DUID also if needed. Another option could be a new feature in 16-CURRENT: ifconfig stableaddr wh= ich could help in getting a stable address, although I don't know if that i= s also stable if you change the network card. The author of the feature mig= ht be able to explain more about that. See https://cgit.freebsd.org/src/commit/?id=3D31ec8b6407fdd5a87d70265762457= c67ce618283. Regards, Ronald. =20 ------=_Part_6521_1265039737.1759232622098 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Van: Tom Pusateri <pusateri@keehole.org>
Datum: maandag, 29 september 2025 23:32
Aan: "net@freebsd.org" <net@FreeBSD.org>
Onderwerp: IPv6 accept_rtadv for default route and prefix = but force host portion of /64 address?

Is there a way to change the conf= iguration in /etc/rc.conf to get the prefix from the router advertisement b= ut fix the host portion to something like ::123 so that I can change networ= k cards in the server and never have to worry about the IPv6 address changi= ng?

I have a DMZ interface on a FreeBSD router with a prefix delegation from my= provider I assign to a downstream interface. I have another FreeBSD server= on the DMZ network and would like it to have a fixed address allocated out= of the assigned prefix from the router.

The router (also FreeBSD) is running rtadvd providing SLAAC and router adve= rtisements.

The /etc/rc.conf for the DMZ server currently looks like this:

ifconfig_igb0_ipv6=3D"inet6 2605:1:2:3::123/64 accept_rtadv=E2=80=9D

This works fine and manually assigns the address out of the assigned prefix= range as configured on the router.

It also assigns a second IPv6 address via SLAAC that I don=E2=80=99t use.
ifconfig output looks like this:

igb0: flags=3D1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>= ; metric 0 mtu 1500
    options=3D4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HW= TAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HW= TSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether ac:1f:6b:1a:04:c0
    inet 1.2.3.123 netmask 0xfffffff8 broadcast 1.2.3.1= 27
    inet6 fe80::ae1f:6bff:fe1a:4c0%igb0 prefixlen 64 sc= opeid 0x1
    inet6 2605:1:2:3::123 prefixlen 64
    inet6 2605:1:2:3:ae1f:6bff:fe1a:4c0 prefixlen 64 au= toconf pltime 604800 vltime 2592000
    media: Ethernet autoselect (1000baseT <full-dupl= ex>)
    status: active
    nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LI= NKLOCAL>

I get the correct upstream next hop for a default route:

% netstat -nra6
Routing tables

Internet6:
Destination           &nb= sp;           Gatewa= y             &= nbsp;         Flags  &nbs= p;      Netif Expire
::/96            &nb= sp;            =     link#3        &n= bsp;            = ;   URS         &nbs= p;   lo0
default            &= nbsp;           &nbs= p;  fe80::207:43ff:fe31:7078%igb0 UG     &nbs= p;       igb0


The problem with this is that the IPv6 prefix is configured on the router a= nd configured on the server.

Thanks,
Tom


 


Hi,

I think DHCPv6 could help you here. In IPv6 the address via DHCP is not con= nected to the MAC address directly, but to a DUID, which is something simil= ar to the hostuuid. AFAIK it should be stable between hardware changes. The= details might be important, read something like this https://mete= balci.com/blog/a-note-on-dhcpv6-duid-and-prefix-delegation/. I think in= my dhcpv6-client I can hardcode the DUID also if needed.

Another option could be a new feature in 16-CURRENT: ifconfig stableaddr wh= ich could help in getting a stable address, although I don't know if that i= s also stable if you change the network card. The author of the feature mig= ht be able to explain more about that.
See https://cgit.freebsd.org/src/commit/?id=3D31ec= 8b6407fdd5a87d70265762457c67ce618283.

Regards,
Ronald.
  ------=_Part_6521_1265039737.1759232622098--