Hello,
I'm setting up an IPv6-only virtual platform on a debian wheezy, with complex
networking setup and net namespaces.
For doing this, i run a radvd on one of the virtual networks. I experimented on
this platform a use case where the constraint of enforcing ipv6 forwarding when
radvd starts is harmful.
The network where radvd runs is configured with Unique Local Addresses and is
not supposed to be used for sending packets outside of the system.
This looks like the following:
VM1 [ fd00:dead:beef::<EUI64> ] \
VM2 [ fd00:dead:beef::<EUI64> ] --- [ fd00:dead:beef::1 ] Host (forwarding
disabled)
VM3 [ fd00:dead:beef::<EUI64> ] /
This setup is perfectly valid and it is possible to specify in Router
Advertisements that the "router" (in the sense of the node that sends router
advertisements) should not be considered as a default route. In radvd, it is
performed by setting the option "AdvDefaultLifetime" to "0".
The hosts are still able to perform SLAAC on this prefix and knows that it is
not to be used for default route:
> root@test:~# ip -6 a show eth0
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> inet6 fd00:dead:beef::5054:ff:fe12:3456/64 scope global dynamic
> valid_lft 86341sec preferred_lft 14341sec
> inet6 fe80::5054:ff:fe12:3456/64 scope link
> valid_lft forever preferred_lft forever
> root@test:~# ip -6 r
> fd00:dead:beef::/64 dev eth0 proto kernel metric 256 expires 86285sec
> fe80::/64 dev eth0 proto kernel metric 256
The RFC is consistent with this behaviour. It states that a node may send
Router Advertisements while having its forwarding capabilities disabled, as
soon as it sets the Router Lifetime field (AdvDefaultLifetime) to zero.
RFC 4861 section 6.2.5:
> Note that system management may disable a router's IP forwarding
> capability (i.e., changing the system from being a router to being a
> host), a step that does not necessarily imply that the router's
> interfaces stop being advertising interfaces. In such cases,
> subsequent Router Advertisements MUST set the Router Lifetime field
> to zero.
As a conclusion, i kindly ask you to consider relaxing the constraint of having
net.ipv6.conf.all.forwarding enabled. It breaks some use cases were disabling
forwarding is intended and legal.
Regards.
Emmanuel Thierry
PS: See below my full radvd configuration
> interface virbr1 {
> IgnoreIfMissing off;
> AdvSendAdvert on;
> AdvDefaultLifetime 0;
>
> prefix fd00:dead:beef::1/64 {
> AdvOnLink on;
> AdvAutonomous on;
> };
>
> RDNSS fd00:dead:beef::1 {
> };
> };
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
