summaryrefslogtreecommitdiffstats
path: root/README.IPv6
blob: fe4be5fcf67a6b473c481685e172e6b9b18c8fad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
IPv6 for Slackware
==================

Features
--------
* Dual stack.  Interfaces can be configured with an IPv4 address or an IPv6
  address, or both.
* Each interface can have single or multiple v4 and/or v6 IPs.  Additional
  v4 IPs are added as 'alias' interfaces, whereas v6 IPs are simply added
  to the interface.
* Optional StateLess Address Auto Configuration (SLAAC) of v6 IP addresses
  (disabled by default).
* DHCPv6 support for server controlled address configuration.
* Fixed IP configuration of IPv6 interfaces.

Configuration
-------------
v6 IPs can be configured via SLAAC, DHCP6 or statically using the following new
options for rc.inet1.conf:
  USE_SLAAC[x]=""	Allow StateLess Address Auto Configuration of a
			(potentially) globally routable v6 IP. With this option
			set to "yes", the interface's v6 IP will ONLY be
			configured via SLAAC, even if RA indicates DHCP6 is
			available on the network - if SLAAC is not available on
			the network, no IPv6 address will be assigned.

			Since dhcpcd is capable of handling SLAAC as well as
			DHCP, it is better practice to set USE_DHCP6[x]="yes" to
			perform full auto configuration instead.

  USE_DHCP6[x]=""	Use dhcpcd to configure the interface.  This will bring
			up the interface using DHCP6, falling back to SLAAC (if
			configured on the network), or will leave the interface
			unconfigured after a timeout.  When this option is set
			to "yes", the USE_SLAAC[x] option is ignored.

			This is the preferred option to configure an interface
			dynamically - whether the network is setup for DHCP6 or
			SLAAC, dhcpcd will be able to configure the interface.

  IP6ADDRS[x]=""	The static v6 IP addresses for the interface.  This
			option takes a list of v6 IP addresses and prefix
			lengths in CIDR notation, in a space delimited list.
			For example: IP6ADDRS[x]="a:b:c:d:e::1/48 1:2:3:4::5/64"

			If a prefix length is not given (separated from the IP
			address with a /), a length of 64 will be assumed, and
			a warning emitted about the unset value.

			When either the USE_DHCP6[x] or USE_SLAAC[x] options are
			set to "yes", this setting is ignored - dynamic
			configuration takes precedence over fixed IPs in
			Slackware.

  GATEWAY6=""		The default IPv6 gateway for the network.  This is a
			IPv6 address in standard format.

The following lesser used misc options have been added for use in rc.inet1.conf:
  USE_RA[x]=""		Normally, unless USE_SLAAC[x]="yes" is set, Router
			Advertisment (RA) is disabled for the interface as it
			can result in extraneous routes being added to the
			routing table.  With this option set to "yes", RA
			packets will be accepted on the interface even when DHCP
			or fixed IP addressing is used, and the routes
			advertised by the router will be added to the table.

			Conversely, if this option is explicitly set to "no", RA
			will be disabled at all times - meaning SLAAC cannot be
			performed even when USE_SLAAC[x]="yes" is set. The
			default (unset) is to enable RA when SLAAC is in use,
			and to disable it otherwise.

			The use of this option should rarely be required as
			rc.inet1 will do the right thing.

  SLAAC_TIMEOUT[x]=""	The time to wait (in seconds) for an interface to be
			configured by SLAAC.  When unset, the default is 15.
			Some networks may require a longer period for the router
			to broadcast an advertisement packet on the network.


Disabling IPv6
--------------
For some use cases, where IPv6 support is not required at all, disabling IPv6
may be a better option than leaving the interface unconfigured.

There are two similar methods which can be used to disable IPv6.  Both of the
options involve creating (or replacing the content if it already exists) the
file /etc/modprobe.d/ipv6.conf (which overrides any configuration in the
/lib/modprobe.d/ipv6.conf file), and making the content as follows:
  alias ipv6 off
  alias net-pf-10 off
Or:
  install ipv6 /bin/true
  install net-pf-10 /bin/true

It is important to disable both the 'ipv6' and 'net-pf-10' modules since the
module can be automatically loaded by each name.


Changes from previous Slackware versions
----------------------------------------
* Previously, if the network the host is connecting to is configured for
  StateLess Address Auto Configuration (SLAAC), the host would bring up an
  interface with a (potentially) globally routable IPv6 address with no
  configuration by the user.  This has been changed so that all network
  configuration must be explicitly enabled.  Thus, interfaces will no longer
  automatically come up with a valid IPv6 address on networks which support auto
  configuration, without enabling the USE_SLAAC[x]="yes" option for the
  interface.  This is a security enhancement.

* Unless RA is explicitly enabled using the USE_RA[x]="yes" option, rc.inet1 now
  disables RA (via the accept_ra tunable in /proc) for an interface before
  trying to add any IPs configured for it.  This prevents RA on the network from
  automatically adding any routes to the table.  When USE_SLAAC[x]="yes" is set,
  RA is implicitly re-enabled for the interface (since SLAAC and RA are usually
  used together on a network), unless explicitly disabled with USE_RA[x]="no".
  This is a change from previous versions of Slackware, which would auto
  configure routes. This is a security enhancement in the same vein as above.

* Interfaces will no longer be brought into the 'up' state unless they are
  actually configured with an IP address.  In previous versions, no matter
  whether the interface was assigned an IP (either via DHCP or a fixed IP) or
  not, the interface would be left in the 'up' state after executing 'rc.inet1
  start'.  This will no longer happen and is considered a clean-up of the
  previous behaviour.

* If no NETMASK[x] is set for an interface, rc.inet1 will now assume a
  prefix/netmask of 24 (and will emit a warning). CIDR notation netmasks are now
  recommended (with the leading / as optional), but the old style dotted-quad
  notation is still accepted for IPv4.  This is a configuration enhancement.

* In previous versions, the IP aliases configuration for IPv4 assumed a netmask
  of /32, making the interface only addressable by itself.  Now, a netmask of
  /24 is assumed where none is provided in the configuration.  This is a bugfix.

* Sometime during this -current cycle, the call to dhcpcd gained a hard coded -L
  (disable use of IPv4LL addresses as last resort) parameter which effectively
  rendered the DHCP_NOIPV4LL[x] option redundant - the use of -L was not
  contingent upon the value of DHCP_NOIPV4LL[x].  The hard coded -L has been
  removed from the dhcpcd command line, restoring the behaviour of 14.2 and the
  usefulness of the DHCP_NOIPV4LL[x] option.


Known issues
------------
* When being invoked without the -4 or -6 option (that is, when both USE_DHCP[x]
  and USE_DHCP6[x] are set), dhcpcd will only wait until one type of IP is
  obtained before backgrounding - it will not wait for both a v4 AND v6 to be
  configured.  This means there is no way to know if the interface has been
  configured for both types of IP, as one type will continue to be sought in the
  background; but may ultimately fail.  This is an issue with the way dhcpcd
  operates and not an issue with rc.inet1.

* Changes in interface configuration type from DHCP to fixed IP or stateless
  will cause an issue where the dhcpcd daemon fails to be stopped during a
  restart or stop/start operation because rc.inet1 is unaware of how an
  interface was previously configured - it can only stop the interface based
  upon its current configuration.  This is a by-product of the way the rc.inet1
  script is coded (there is no record kept of the previous configuration type of
  an interface) and is present (but doesn't seem to be documented anywhere) on
  previous versions of Slackware.  This particular issue is not specifically
  related to IPv6, but is documented here for completeness.

* When being killed in if_down(), dhcpcd requires some command line options to
  match those which were used to invoke it - not only does the interface name
  need to match, but also the use of -4/-6.  This can cause a problem during a
  restart or stop/start of the interface if the configuration for DHCP has
  changed.  This manifests itself in the same way as the issue detailed above
  and is no more serious.  In both cases, the end user must kill the dhcpcd
  daemon manually.  This issue is caused by the new way dhcpcd is invoked when
  using/not using IPv6.


Thanks
------
* Robby Workman, for the original iproute2 version of rc.inet1 and advice.
* David Spencer, for advice, debating, and testing the SLAAC implementation.

-- 
Darren 'Tadgy' Austin.
<darren (at) afterdark.org.uk>