Because if it's not, if anyone ever tries to do netboot or diskless
operation over IPv6, the host's address may suddenly change once userland
is running?

Thor

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Not yet, but stay tuned.

http://tools.ietf.org/html/draft-ietf-6man-default-iids-00


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

The stable private addresses SHOULD be configured on the interface by
default. The SLAAC addresses MAY be configured on an interface by sysctl,
and I think that for a major release, this shoud be on by default.
Privacy Extensions addresses should also be easily turned on.

The question of which address shoud be used for outgoing connections is
really the question that we are discussing. I'm not even sure how that is
determined these days. And the choice of SLAAC, 7217, privacy extensions,
should probably be settable on a per-application and/or per-user basis.
(Probably, on a process session basis)

--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] ***@sandelman.ca http://www.sandelman.ca/ | ruby on rails [




--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

So, if you want a stable address, why aren't you configuring one manually?


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Because I want a central repository of the stable addresses.
My preferred way to use DHCP is for it to give out fixed addresses
to each client, and without a pool of 'spare' addresses.

Even if addresses are allocated from a pool, I want a system to (usually) have
the same address after a reboot. Even when the shutdown sequence gives up
the DHCP lease.

I've had to setup and run my own dhcp server at work (and I had to hack
the ISC source) because the corporate server is so broken.
It wouldn't give a machine back the same IP address after a reboot.

David

What we are talking about here is part of the RA/RS protocol.
DHCP is separate still in IPv6.

The prefix in the RA has a flag to say "create an an automatic address
for this prefix".
This discussion is about changing the hardware element of the address
into a stable private stateless one, generated by the host.
The latest dhcpcd code also uses the same logic to generate stable
private LL addresses as well, provided it beats another operation
bringing the interface up at boot time (like say wpa_supplicant or
ifconfig).

The same RA can also have flags to say obtain an address statefully via
DHCP.
I don't know of a use case where you would want both flags set but it's
possible and dhcpcd allows this.
A broken server should not form part of this discussion.
But they are the bane of my life at times.

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Hi, Roy,
I'm a bit confused. You've implemented RFC7217 for SLAAC, and have also
"ported" the same algrithm to DHCPv6?
Would you mind elaborating a bit more on this one?

Thanks!

Best regards,
--
Fernando Gont
e-mail: ***@gont.com.ar || ***@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1




--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

DHCPv6 doesn't use SLAAC directly.
However, it does rely on a link-local address assigned to the interface
which is SLAAC generated.
Sure.

When dhcpcd starts up it scans for interfaces it can use.
For each interface it adds the currently known addresses to it.
When dhcpcd decided to start IPv6RS or forced DHCPv6 on an interface it
consults it's list of known address for a link-local address.
If none found, it will add one using SLAAC.
Then it will UP the interface and continue on it's merry way.

BSD kernels will only add a link-local address on UP if none present.
Linux kernels will add one regardless, but actually use the 1st one
assigned (from my testing anyway).
As this is a kernel operation, it's quite possible for another userland
application which UPs the interface to do this before dhcpcd does it.
Because if this, I added a toggle to NetBSD sysctl to stop the kernel
from doing this - other BSD and Linux have the same toggle.

Thanks

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Date: Wed, 02 Jul 2014 00:48:01 +0100
From: Roy Marples <***@marples.name>
Message-ID: <***@mail.marples.name>

| BSD kernels will only add a link-local address on UP if none present.
| Linux kernels will add one regardless, but actually use the 1st one
| assigned (from my testing anyway).

That's weird - do you mean that every time the interface goes down/up
(on a linux system) it generates a new LL addr? Or just that there is one
particular LL addr (probably EUI64 based as a guess) that they believe an
interface just must have, and if that one isn't there, they add it, even if
there's another perfectly good one already existing that they actually use?
Either way looks wrong to me (but the first of those much more wrong than
the second). (That is, the BSD (KAME) way is correct I think.)

| As this is a kernel operation, it's quite possible for another userland
| application which UPs the interface to do this before dhcpcd does it.

Of course, is that some kind of problem?

| Because if this, I added a toggle to NetBSD sysctl to stop the kernel
| from doing this - other BSD and Linux have the same toggle.

I have no problem with the sysctl (is it per interface, or system wide?
or perhaps the ideal solution - both - a system wide default, with per
interface overrides) which (I am assuming) prevents the kernel assigning
a LL addr when the interface comes up) - but I don't understand your use
model.

In fact, I'd normally expect the interface to be up, and a LL addr assigned,
before dhcpcd can possibly start (at least, before it can start doing anything
dhcp related). The LL addr is needed to send an RS to obtain the RA that
indicates whether DHCP should be used or not after all. But I assume for this
the part of dhcpcd that counts is the part that receives and processes RA's,
and I assume sends the RS ? (The general network management role for which
the name dhcpcd is something of an anachronism).

Does it really matter if the LL is already assigned by some other process,
and if there is some other process that needs to use the network (perhaps
part of system booting, loading the kernel / modules (and dhcpcd itself...)
shouldn't it be able to configure the net as it needs it, and then simply
have it left that way? If dhcpcd wants to take over monitoring RA's and
managing prefix changes after, that's OK, it does not need to be involved in
the initial address assignment (either LL or global) for that to happen,
does it?

Further, I cannot see how the sysctl really helps - rather than being used
by dhcpcd it should be something dhcpcd obeys when set by the network
manager, to prevent v6 usage on an interface (or on the whole system).
(There should be a similar one for v4 incidentally.) After all, any
application that knows it needs an addr assigned, can trivially easily
alter the sysctl value if that's what it needs to make things work.

kre


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

See here:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/net/ipv6/addrconf.c?id=refs/tags/v3.15.3#n2731
There is no checking if there is already a suitable LL address.
Per interface with a global default.
You missed the part where dhcpcd adds it's own LL address which is
private
but stable, unlike the hardware derived address the kernel adds.
The kernel has no notation of how to do this, and frankly, nor should it
unless
you're happy with feeding it a private key loaded at boot time.
I would infact argue that too much IPv6 happens in the kernel.

Please read RFC 7217 and understand it's goals before commenting further
as you
seem to have ignored it.

And you are mistaken slightly, RA is not a pre-requisite for DHCPv6.
DHCPv6 has no routing knowledge in the normal use case RA is required,
but when
requesting a prefix delegation you don't need a RA to start DHCPv6.
It matters because the kernel hardware address only assignment is not
desired
as stated above and dhcpcd cannot control the boot order so a sysctl is
infact
needed by the operator to say "turn this off, I know what I'm doing."
dhcpcd will work correctly either way.

Thanks

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de