Hi, Linux ethernet interfaces do not use autoconfiguration and do ignore router advertisings if the packet forwarding is turned on in the configuration (i.e. /proc/sys/net/ipv6/conf/eth0/forwarding set to 1) This might be wrong. IPv6 network devices can have multiple IPv6 addresses and server several purposes at the same time. A machine can have a statically assigned local IPv6 address and act as a router (e.g. to a virtual machine or a VPN tunnel) and thus needs to turn forwarding on, while at the same time it needs to listen to router advertisements and autoconfigure, e.g. because a network is connected to the internet through a DSL router with dynamically assigned network adresses, either through direct IPv6 assignment or a 6to4 tunnel. So there are cases where you need to have autoconfiguration of an IP address and forwarding on the same interface at the same time. Therefore, it might be technically wrong to have this mutually exclusive. regards
(switched to email. Please respond via emailed reply-to-all, not via the bugzilla web interface). On Sat, 5 Feb 2011 18:06:31 GMT bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=28282 > > Summary: forwarding turns autoconfiguration off > Product: Networking > Version: 2.5 > Kernel Version: 2.6.35 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: IPV6 > AssignedTo: yoshfuji@linux-ipv6.org > ReportedBy: hadmut@danisch.de > Regression: No > > > Hi, > > Linux ethernet interfaces do not use autoconfiguration and do ignore router > advertisings if the packet forwarding is turned on in the configuration (i.e. > /proc/sys/net/ipv6/conf/eth0/forwarding set to 1) > > > This might be wrong. > > IPv6 network devices can have multiple IPv6 addresses and server several > purposes at the same time. A machine can have a statically assigned local > IPv6 > address and act as a router (e.g. to a virtual machine or a VPN tunnel) and > thus needs to turn forwarding on, while at the same time it needs to listen > to > router advertisements and autoconfigure, e.g. because a network is connected > to > the internet through a DSL router with dynamically assigned network adresses, > either through direct IPv6 assignment or a 6to4 tunnel. > > So there are cases where you need to have autoconfiguration of an IP address > and forwarding on the same interface at the same time. Therefore, it might be > technically wrong to have this mutually exclusive. >
From: Andrew Morton <akpm@linux-foundation.org> Date: Tue, 8 Feb 2011 13:34:08 -0800 >> Linux ethernet interfaces do not use autoconfiguration and do ignore router >> advertisings if the packet forwarding is turned on in the configuration >> (i.e. >> /proc/sys/net/ipv6/conf/eth0/forwarding set to 1) >> >> >> This might be wrong. >> >> IPv6 network devices can have multiple IPv6 addresses and server several >> purposes at the same time. A machine can have a statically assigned local >> IPv6 >> address and act as a router (e.g. to a virtual machine or a VPN tunnel) and >> thus needs to turn forwarding on, while at the same time it needs to listen >> to >> router advertisements and autoconfigure, e.g. because a network is connected >> to >> the internet through a DSL router with dynamically assigned network >> adresses, >> either through direct IPv6 assignment or a 6to4 tunnel. >> >> So there are cases where you need to have autoconfiguration of an IP address >> and forwarding on the same interface at the same time. Therefore, it might >> be >> technically wrong to have this mutually exclusive. This is a case where we're probably just following what the RFC documents state we should do, which means unless you can provide clear reference to a specification that states we should behave otherwise this isn't changing.
From: Hadmut Danisch <hadmut@danisch.de> Date: Tue, 08 Feb 2011 23:12:30 +0100 > On 08.02.2011 22:44, David Miller wrote: >> >> This is a case where we're probably just following what the RFC documents >> state we should do, which means unless you can provide clear reference to >> a specification that states we should behave otherwise this isn't changing. > > Could you cite where exactly this is stated in the RFC documents? I'm working on other bugs at the moment, so I am personally unable to help you with this at this time. Perhaps someone else can.
On 08.02.2011 22:44, David Miller wrote: > > This is a case where we're probably just following what the RFC documents > state we should do, which means unless you can provide clear reference to > a specification that states we should behave otherwise this isn't changing. Could you cite where exactly this is stated in the RFC documents? (Would save me the time to dig through all the RFCs to find that particular statement and help avoid misunderstanding.) It appears to me to be a contradiction in terms. IPv6 interfaces must be able to have several IP addresses, and IPv6 does not have a default route (or 0::0/0). IPv6 interfaces are designed to participate in multiple independend logical networks (and several address ranges have been reserved for future extensions and uses). It therefore does not make sense if autoconfiguration for one network and routing for another are mutually exclusive. I'd like to check this (and maybe file a bug in the RFC). regards Hadmut
On 08.02.2011 23:44, Francois Romieu wrote: > > RFC 4862 IPv6 Stateless Address Autoconfiguration September 2007 > [...] > The autoconfiguration process specified in this document applies only > to hosts and not routers. Since host autoconfiguration uses > information advertised by routers, routers will need to be configured > by some other means. However, it is expected that routers will > generate link-local addresses using the mechanism described in this > document. In addition, routers are expected to successfully pass the > Duplicate Address Detection procedure described in this document on > all addresses prior to assigning them to an interface. Thanks for the citation. Since Linux machines can - in contrast to Windows desktops and cisco routers - can be a host and a router at the same time, even on the same interface (i.e. use a autoconf IPv6 address as a host and an fe80:: address as a router address). So I'd consider this in a different way. From my point of view the decision between host and router must be done per assigned IPv6 address (or address range) and not per IPv6 interface. (Maybe it would be a more correct implementation to assign a special IP address pattern like xxxx::.../64 to tell the interface to accept autoconfiguration for a particular network range, probably for 2::/3 in most cases.) regards Hadmut
David Miller <davem@davemloft.net> : > From: Hadmut Danisch <hadmut@danisch.de> > Date: Tue, 08 Feb 2011 23:12:30 +0100 > > > On 08.02.2011 22:44, David Miller wrote: > >> > >> This is a case where we're probably just following what the RFC documents > >> state we should do, which means unless you can provide clear reference to > >> a specification that states we should behave otherwise this isn't > changing. > > > > Could you cite where exactly this is stated in the RFC documents? > > I'm working on other bugs at the moment, so I am personally unable to > help you with this at this time. Perhaps someone else can. This one MAY^W may be relevant (see http://www.ietf.org/rfc/rfc4862.txt) : Thomson, et al. Standards Track [Page 3] RFC 4862 IPv6 Stateless Address Autoconfiguration September 2007 [...] The autoconfiguration process specified in this document applies only to hosts and not routers. Since host autoconfiguration uses information advertised by routers, routers will need to be configured by some other means. However, it is expected that routers will generate link-local addresses using the mechanism described in this document. In addition, routers are expected to successfully pass the Duplicate Address Detection procedure described in this document on all addresses prior to assigning them to an interface. -- Ueimor
Hadmut Danisch <hadmut@danisch.de> : [...] > Since Linux machines can - in contrast to Windows desktops and cisco > routers - can be a host and a router at the same time, even on the same > interface (i.e. use a autoconf IPv6 address as a host and an fe80:: > address as a router address). > > So I'd consider this in a different way. From my point of view the > decision between host and router must be done per assigned IPv6 address > (or address range) and not per IPv6 interface. o^O Afaik networking does not operate this way in the kernel. Really. May I suggest you to have some sleep and see how your (dhcpv6 enabled ?) DSL router can be convinced to collaborate with the existing tools under Linux _without_ modifications ?
Reply-To: billfink@mindspring.com On Tue, 8 Feb 2011, Francois Romieu wrote: > David Miller <davem@davemloft.net> : > > From: Hadmut Danisch <hadmut@danisch.de> > > Date: Tue, 08 Feb 2011 23:12:30 +0100 > > > > > On 08.02.2011 22:44, David Miller wrote: > > >> > > >> This is a case where we're probably just following what the RFC > documents > > >> state we should do, which means unless you can provide clear reference > to > > >> a specification that states we should behave otherwise this isn't > changing. > > > > > > Could you cite where exactly this is stated in the RFC documents? > > > > I'm working on other bugs at the moment, so I am personally unable to > > help you with this at this time. Perhaps someone else can. > > This one MAY^W may be relevant (see http://www.ietf.org/rfc/rfc4862.txt) : > > Thomson, et al. Standards Track [Page 3] > > RFC 4862 IPv6 Stateless Address Autoconfiguration September 2007 > [...] > The autoconfiguration process specified in this document applies only > to hosts and not routers. Since host autoconfiguration uses > information advertised by routers, routers will need to be configured > by some other means. However, it is expected that routers will > generate link-local addresses using the mechanism described in this > document. In addition, routers are expected to successfully pass the > Duplicate Address Detection procedure described in this document on > all addresses prior to assigning them to an interface. I believe there is a difference between being a router and merely being capable of forwarding IP packets. To me, a router participates in a routing protocol and/or advertises routes/prefixes. So perhaps Hadmut has a valid point that autoconfiguration should not depend on ip_forward being off, although I'm not sure what the appropriate alternate test for not being a router should be. -Bill
Bill Fink <billfink@mindspring.com> : [...] > I believe there is a difference between being a router and merely > being capable of forwarding IP packets. To me, a router participates > in a routing protocol and/or advertises routes/prefixes. So perhaps > Hadmut has a valid point that autoconfiguration should not depend > on ip_forward being off, although I'm not sure what the appropriate > alternate test for not being a router should be. It is here (same document, same page): [...] 2. Terminology IP - Internet Protocol Version 6. The terms IPv4 and IPv6 are used only in contexts where necessary to avoid ambiguity. node - a device that implements IP. router - a node that forwards IP packets not explicitly addressed to itself. Why should we put our brains at pain ? Is there really a problem ?
Am 09.02.2011 08:42, schrieb Francois Romieu: > > Why should we put our brains at pain ? Is there really a problem ? > Yep. It does not work. I have a regular internet connection at home, as usual with dynamically assigned IPv4 addresses. My router automatically creates an IPv6 tunnel, so the IPv6 addresses are dynamic as well. German Internet providers will offer IPv6 soon, and due to the german privacy requirements, they will most probably offer dynamic IPv6 assignments as well. So a Linux machine at home must accept autoconfiguration, if you do not want to change your address manually at least once a day. On the other hand, a regular Linux machine can have routing tasks. E.g. when using a VPN, when dealing with virtual machines, for testing, for TUN/TAP devices, and so on. Although there is no good technical reason for not having both at the same time, Linux does not allow this. The machine's admin should at least have the choice to turn routing and autoconf on and off independently. regards Hadmut
Hi all, since the discussion seems to have completely died, just allow me a simple question: How would I configure a Linux machine to accept ipv6 prefix ads (because they are dynamically assigned and advertised by my router) and to work as a VPN tunnel end? Remember: Linux does not allow autoconfiguration and routing at the same time, without any good reason. The only reason I've seen so far is that the Terminology in an RFC vaguely distinguishes between router machines and nodes. If you believe that Linux is correct here the way it is, just tell me how to solve that problem with Linux. best regards Hadmut
Reply-To: equinox@diac24.net On Thu, Mar 24, 2011 at 04:07:10PM +0100, Hadmut Danisch wrote: > How would I configure a Linux machine to accept ipv6 prefix ads (because > they are dynamically assigned and advertised by my router) and to work > as a VPN tunnel end? > > > Remember: Linux does not allow autoconfiguration and routing at the same > time, without any good reason. You seem to have arrived at a bit of a misunderstanding here. Linux does not forbid autoconfiguration when you enable routing. It just disables the in-kernel code, for reasons that usually are well-founded. > If you believe that Linux is correct here the way it is, just tell me > how to solve that problem with Linux. You grab rdisc6 from the ndisc6 package (http://www.remlab.net/ndisc6/, probably packaged by your distro) and do the autoconfiguration in user space. The userspace application will also give you an amount of control over the autoconfiguration that is IMHO neccessary if you use it this way and which the kernel cannot provide. -David