From owner-freebsd-net@FreeBSD.ORG Mon Aug 30 01:17:05 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3F2910656B7 for ; Mon, 30 Aug 2010 01:17:05 +0000 (UTC) (envelope-from dhorn2000@gmail.com) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 98EF38FC20 for ; Mon, 30 Aug 2010 01:17:05 +0000 (UTC) Received: by qyk4 with SMTP id 4so5144102qyk.13 for ; Sun, 29 Aug 2010 18:17:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=xCnsO7yzumEOfyPAxlLWCRDkBtX3mWyHY6SN5teGufo=; b=ShEJX1gkOXinavf6XMBLF6eUtHhHUVoVbrhjsrdJZ9Wv46opE1Wgi1wsDI+uS3L5zu QKbft3TdOPyP4YD07TMRgQvs/UTBB2yk0tCer37nslwvDEx285l8LcJoy+I3oBjhJx0n 96HlkvpgLjFAQOZ5N74/Ky5J4ReMo39FS1LIc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=d6o2Z3yB0ZtxnDfFVDJOYIk9LWNllvB3kFW/fGkXMaBIFTvrNE+9pMzvgXesxWobb9 THBFMiUFO/eSxUEblvtlnzcuI4u0+L6Y0XZmzWvGxPktVTi25Xx/44vUZLqL6IbMSVFT Lnhr2aqHz88kMxnqEH2vsurUXLHQ4mYZ73hLY= MIME-Version: 1.0 Received: by 10.224.89.76 with SMTP id d12mr2362740qam.251.1283129639532; Sun, 29 Aug 2010 17:53:59 -0700 (PDT) Received: by 10.229.51.229 with HTTP; Sun, 29 Aug 2010 17:53:59 -0700 (PDT) In-Reply-To: <4C7AAB54.2050309@bitfreak.org> References: <4C7AAB54.2050309@bitfreak.org> Date: Sun, 29 Aug 2010 20:53:59 -0400 Message-ID: From: David Horn To: Darren Pilgrim Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org, Doug Barton Subject: Re: How to configure non-EUI64 IPv6 addresses with solicited prefixes? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2010 01:17:06 -0000 On Sun, Aug 29, 2010 at 2:47 PM, Darren Pilgrim wrot= e: > I have two machines where I need them to: > > 1. Solicit a prefix; > 2. Apply the solicitation to a non-EUI64 address; > 3. Use the non-EUI64 address as the default source address. > > Retaining the EUI64 address is not necessary. =A0Static configuration pre= vents > 1 and I have not been able to get 2 or 3 to work at all. =A0The original = KAME > documentation implies this is/was possible, but current documentation say= s > nothing about it (not that I can find, anyway). =A0A grep of /etc/* indic= ates > interface_ipv6_ifid_* variables (mentioned in the KAME documentation) are > not supported. > Your choices are: 1) Static IPv6 address using rc.conf variables or 2) RA IPv6 address using EUI64 or 3) RA IPv6 address using EUI64 + IPv6 address with Random IID EUI64 (only in head right now via rc.conf, otherwise needs sysctl entries for older code) {net.inet6.ip6.use_tempaddr/net.inet6.ip6.prefer_tempaddr} RFC3041 Doug B, how about an MFC to RELENG_8 of the relevant bits for privacy addresses in rc.conf. ? It is fairly self-contained. or a bit more work 4) Install a DHCPv6 client and roll your own configuration via dhcpv6 server config. or even more work 5) Submit a patch for review that does what you want. I'm certain that someone will come up with other options as well. Probably best to read the rc.conf man page, and /etc/defaults/rc.conf as well, although I can not seem to find any documentation on the use_tempaddr/prefer_tempaddr sysctls at the moment. Can you be specific on what you want to use instead of EUI64, or is this just a case of I want a dynamic prefix, and a static last 64 bits that are NOT EUI64 derived ? For example, are you wanting to use PREFIX::42 or something where PREFIX would be 2001:db8:: or the like which would result in 2001:db8::42/64 ? EUI64 without privacy extensions gives a fairly reliable static address (barring DAD issues with another mis-configured host). RFC3041 privacy extensions gives you both the normal (mac based IID) EUI64 address AND the random Interface Identifier (IID) EUI64 address. Are you just worried about EUI64 on the global address, or are you wanting it for link-local (fe80::) as well ? > One is running 8.1, the other 6.4 (I can upgrade it if necessary). 6.4 (and RELENG 6) are due to be EOL at the end of November, so probably best to consider your upgrade strategy. http://www.freebsd.org/security/#sup Good Luck. --Dave