Re: IPv6 status on Debian for workstations / DHCP networks?

[Kurt Roeckx]

On Fri, Jul 05, 2013 at 08:43:27PM +0200, Daniel Pocock wrote:
> 
> 
> On 05/07/13 20:14, Andrew Shadura wrote:
> > Hello,
> > 
> > On Fri, 5 Jul 2013 10:12:24 -0700 Philipp Kern 
> > wrote:
> > 
> >>> Is there a way to configure the interfaces file to "just work"
> >>> on any network, without NetworkManager?
> > 
> >> Nope.
> > 
> > Not true.
> > 
> 
> 
> Let me put it another way, I can see various permutations:
> 
> a) If the user has nothing in interfaces, then the IPv6 will just do
> SLAAC by itself anyway.  If it receives an RA with M=1 it won't have
> any dhclient process running and it won't start one and so it has no
> address and no DNS.

If you have NetworkManager running, I think it will take over the
device in that case.  Will NetworkManager do the right thing?


Kurt


-- 
To UNSUBSCRIBE, email to debian-ipv6-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130706132318.ga...@roeckx.be

Re: schein.debian.org

[Kurt Roeckx]

On Wed, Jun 01, 2011 at 06:07:26PM -0300, Henrique de Moraes Holschuh wrote:
> On Wed, 01 Jun 2011, Gerald Turner wrote:
> > Henrique de Moraes Holschuh  writes:
> >  $ tracepath6 schein.debian.org
> >   1?: [LOCALHOST]0.031ms pmtu 1480
> >   1:  shub-niggurath.unzane.com 0.162ms
> >   1:  shub-niggurath.unzane.com 0.360ms
> >   2:  gturner-1.tunnel.tserv14.sea1.ipv6.he.net 6.576ms
> >   3:  gige-g2-6.core1.sea1.he.net   5.654ms
> >   4:  10gigabitethernet9-1.core1.sjc2.he.net   26.522ms
> >   5:  10gigabitethernet3-2.core1.pao1.he.net   34.657ms
> >   6:  he.pao1.isc.org  29.855ms
> >   7:  int-0-0-0.r1.sjc3.isc.org31.418ms asymm 5
> >   8:  schein.debian.org27.519ms reached
> >   Resume: pmtu 1480 hops 8 back 59
> 
> 8 hops to get to shein, and *59* hops to get back?!

That's normal, and it really shouldn't be returning that since it
has no way to properly detected that in the first place.


Kurt


-- 
To UNSUBSCRIBE, email to debian-ipv6-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110601232553.ga24...@roeckx.be

Re: correct definition of localhost?

[Kurt Roeckx]

On Sun, Jul 06, 2008 at 05:14:44PM -0700, Steve Langasek wrote:
> On Mon, Jul 07, 2008 at 01:39:37AM +0200, Kurt Roeckx wrote:
> 
> > You don't seem to request ipv4 addresses, you request AF_UNSPEC, which
> > should get you both ipv4 and ipv6.  You get 127.0.0.1 twice, and ::1 one
> > time.
> 
> You'll find that the duplication of 127.0.0.1 is still there if you specify
> AF_INET instead, because the problematic duplication happens when requesting
> records for the ipv4 address family.  I left it as AF_UNSPEC in the test
> case to show that the problem exists when using protocol-agnostic best
> practices, which is what slapd does.

I was just confused when reading it, and understood it as only
requesting AF_INET.  That was just to make it clear.

> >> - the ::1 address should *not* be special-cased by nss_files.  I really
> >>   can't perceive any reason why it should be special-cased in the first
> >>   place; i.e., why should the files backend behave differently than the DNS
> >>   backend, and why would we want names that were specifically assigned to
> >>   ::1, including names like "ip6-loopback", to be automatically mapped to
> >>   127.0.0.1?
> 
> > I can't find any good reason why it should be changing ::1 to 127.0.0.1.
> > So I think that atleast glibc should stop doing that.  In any case, it
> > shouldn't return 127.0.0.1 twice when it's not configured to return
> > it twice.
> 
> What do you mean by "configured to return it twice"?  Would that mean
> duplicate lines in /etc/hosts (i.e., misconfiguration)?

Yes.

> >> - we should only set up a single 'localhost' entry in /etc/hosts, pointing
> >>   at ::1, and let nss_files handle the mapping to 127.0.0.1 automatically.
> 
> > - You could also argue that openldap should get fixed to deal with cases
> >   where it tries to bind to the same ip/port twice.  On the other hand,
> >   I don't think it a normal case, and I think it's unlikely that people
> >   would set up dns to have 2 times the same IP address and then try
> >   to bind to that hostname.
> 
> Well, as I said before,
> 
> >> I don't think it's the responsibility of callers such as slapd to check 
> >> that
> >> getaddrinfo() hasn't returned duplicate entries [...]
> 
> so if you have an argument of why extra complexity should be added to the
> caller to deal with duplicate records which, one way or another, should not
> exist (IMHO), I'm interested to hear it.

The only case I can come up with would be misconfiguration, which I
don't think is a good reason.


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: correct definition of localhost?

[Kurt Roeckx]

On Sun, Jul 06, 2008 at 03:09:09PM -0700, Steve Langasek wrote:
> Hi folks,
> 
> I've run across an ipv4/ipv6 configuration issue which I think needs to have
> light cast on it so we can try to resolve this in time for lenny (whatever
> the right resolution actually is), in order to avoid a pile-up of
> /etc/hosts-related kludges as has been known to happen before...
> 
> In response to bug #427067, the netbase maintainer made a change that adds
> localhost as an alias for ::1 on new installs.  In April of this year, the
> Debian Installer team followed suit, adding this line in the netcfg udeb.
> 
> The result of these changes is that since July 2007, any new lenny or sid
> chroots have had two addresses listed for localhost, and since April of this
> year, any new installs of lenny done using d-i have had it as well.
> 
> Now, the problem I ran into is that when I enabled the test suite in the
> openldap2.3 package, the build failed mysteriously on a seemingly random set
> of architectures.  The reason?  The test suite configures slapd to run on a
> particular port on localhost, and the glibc "files" NSS backend
> special-cases the ::1 IPv6 loopback address, so that when you request an
> IPv4 address, it will map any ::1 entries to 127.0.0.1 for you.  But of
> course we already have an entry for localhost as 127.0.0.1, so now we end up
> with duplicate addresses returned, and slapd tries to bind twice to the same
> address and port!

You don't seem to request ipv4 addresses, you request AF_UNSPEC, which
should get you both ipv4 and ipv6.  You get 127.0.0.1 twice, and ::1 one
time.

> A test program showing this behavior is attached - compile and run it on a
> system with '::1 localhost' set in /etc/hosts, and you'll see 127.0.0.1
> returned twice.  An alternate test case, which also works on systems with
> older /etc/hosts and which I think shows the counterintuitiveness of the
> nss_files special-casing, is to run "getent ahostsv4 ip6-localhost".
> 
> I don't think it's the responsibility of callers such as slapd to check that
> getaddrinfo() hasn't returned duplicate entries, so I see a couple of
> solutions here:
> 
> - the ::1 address should *not* be special-cased by nss_files.  I really
>   can't perceive any reason why it should be special-cased in the first
>   place; i.e., why should the files backend behave differently than the DNS
>   backend, and why would we want names that were specifically assigned to
>   ::1, including names like "ip6-loopback", to be automatically mapped to
>   127.0.0.1?

I can't find any good reason why it should be changing ::1 to 127.0.0.1.
So I think that atleast glibc should stop doing that.  In any case, it
shouldn't return 127.0.0.1 twice when it's not configured to return
it twice.

> - we should only set up a single 'localhost' entry in /etc/hosts, pointing
>   at ::1, and let nss_files handle the mapping to 127.0.0.1 automatically.

- You could also argue that openldap should get fixed to deal with cases
  where it tries to bind to the same ip/port twice.  On the other hand,
  I don't think it a normal case, and I think it's unlikely that people
  would set up dns to have 2 times the same IP address and then try
  to bind to that hostname.


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to disable ipv6 in Lenny to avoid 1.0.0.0 in name resolution for AAAA type queries?

[Kurt Roeckx]

On Sat, Dec 15, 2007 at 09:47:08PM +0530, Amogh Hooshdar wrote:
> Could you please provide an example of a DNS server which I can
> install using aptitude? Is bind or bind9 fine for this job?
> 
> I wonder why this problem doesn't occur with Ubuntu. If the community
> would be interested, I can send some logs from both my Debian and
> Ubuntu system for comparision. Or should I raise this discussion in
> Debian bugs?

See:
http://lists.debian.org/debian-ipv6/2007/07/msg2.html


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: IPv6 in Debian

[Kurt Roeckx]

On Tue, Jul 31, 2007 at 12:04:50PM +0200, Bastian Blank wrote:
> On Mon, Jul 30, 2007 at 07:52:47PM +0200, Tomas Pospisek wrote:
> > * Software that binds to the first socket found
> >   Then there's software that binds to the first port it gets and is
> >   difficult to teach not to do so. [2]
> 
> There is nothing like a "first socket". Software either binds to any
> address or to a specific address. Some software may lookup the "first"
> ip, this is rather broken.

When using something like getaddrinfo() you get a list of addresses
you can connect to.  Software should try all those addresses until one
of them works.  If you only try the first one, things will break if the
host you try to connect to has an IN  address and you don't have
ipv6 connectivity.


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: IPv6 in Debian

[Kurt Roeckx]

[I move this to the ipv6 list, I think this has little to do with
the -release list]

On Tue, Jul 31, 2007 at 12:29:37AM +0200, Tomas Pospisek wrote:
>
> I was trying to say that I had been bitten by the "libc's name resolver 
> does by default an  name lookup before it does an A lookup" before and 
> am asking whether that's still a problem as [1] suggest that it was for 
> Ubuntu at least until Dec 06 and whether someone can confirm it. As told I 
> can not reproduce it on my systems any more since I removed ipv6 as soon as 
> it started causing me trouble and as such cannot file a bug report against 
> libc.

It still queries both  and A records as soon as 1 ipv6 is
configured, which you'll always get for lo's ::1.

It appears this is not a problem for me because the nameserver I use
properly supports IPv6.

> You can not build systems that can deal with all and any unforseen 
> fundamental chang in their environments.
>
> And arguably ipv6 is such a change (since it breaks applications). So 
> arguing that applications don't "behave properly" or "behave wrong" is IMHO 
> not correct. They break with ipv6 but not without. ipv6 is a new 
> fundamental property of the system to deal with that came after the apps.

As far as I know, all applications that "break" are those that are
supposed to have ipv6 support, but the ipv6 support is broken.

It seems that some get a delay they shouldn't because of external
(to Debian) factors.  This is most likely only a problem for people
who only have ipv4 connectivity.  And we should do something about
that.

>> I've never actually had a problem on ipv4-only hosts.  It would be nice
>> if you could describe your problems in more detail.
>
> The (concrete!) problems are described in the references I sent:
>
> [0] https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/24828
> [1] http://lists.debian.org/debian-devel/2000/12/msg01922.html

This seems to be about extra  queries which seem to cause
delays for people with broken nameservers.

I think the rfc4472 referenced in the ubuntu bug report is something
we should get glibc to implement.  It basicly suggests not do do 
lookups in case you're not sure you have ipv6 connectivity. This
would basicly disable ipv6 by default, and atleast was the behaviour I
was expecting when you use AI_ADDRCONFIG.

> [2] 
> http://www.google.com/search?q=dccproc+socket(UDP)%3A+Address+family+not+supported+by+protocol

Which just seems like a broken application.

Anyway, there are other type of applications that have a problem, and
that are those that fail to work if you disable ipv6 by disabling the
ipv6 module.


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: facing problem in dns inverse query for IPv6

[Kurt Roeckx]

On Thu, Sep 15, 2005 at 09:34:39PM +0530, Sanjib Das wrote:
> Hi
> 
> [EMAIL PROTECTED] root]# dig -x fe80::210:b5ff:fea7:f057
> 
> ; <<>> DiG 9.2.1 <<>> -x fe80::210:b5ff:fea7:f057
[...]
> ;; QUESTION SECTION:
> ;\[xFE800210B5FFFEA7F057/128].ip6.arpa. IN PTR

Where did you get that version of dig?  I'm guessing it's part of
dnsutils?

The problem is that the query you're generated is using bitlabels
while your zone file is using nibbles (as it should.)

The version in sarge (9.2.4-1) and sid (9.3.1-2) both do the
right thing for me:
;; QUESTION SECTION:
;7.5.0.f.7.a.e.f.f.f.5.b.0.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.
IN PTR

I suggest you upgrade.


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Are link-scope addresses ping6'able? (connect: Invalid argument)

[Kurt Roeckx]

On Fri, Jun 24, 2005 at 09:45:52AM -0700, Marc Singer wrote:
>   [EMAIL PROTECTED] ~ > ping6 fe80::209:5bff:fe68:7c0a

ping6 -I ath0 fe80::209:5bff:fe68:7c0a


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Abnormal behaviour of ping6

[Kurt Roeckx]

On Tue, Oct 19, 2004 at 06:28:15PM +0530, Sharmila wrote:
> 
> The ipv6 addresses are as follows:
> 
> host1 eth0  =   fec0::e2d2:50:fcb2:7251 / 80
> router eth0  =   fec0::e2d2:50:fcb1:de7b / 80
> router eth1  =   fec0::a4b4:11:111b:9dd3 / 80
> host2 eth0   =  fec0::a4b4:50:fcb2:4574 / 80
> 
> Added corresponding routes on host1 and host2

You have a default route from host1 to the gateway
(fec0::e2d2:50:fcb1:de7b)?

How did you exactly configure this?

How did you route the packets on the router itself?  Did you just
assign the ip address (fec0::e2d2:50:fcb1:de7b/80) to the
interface and have the kernel add the route itself?  Or did you
manualy have to add a route?

> Now the problem is , ping6 from host1 to host2 is successful sometimes and 
> failure sometimes.In case of failure,it gives "Destination not 
> reachable:Address unreachable" message.

It stops working about 90 seconds after the last packet you send?
Then you send 1 packet from the other side (the router?) and it
starts working again?

If that is the case, it really sounds like the neighbour
discovery isn't working and it can't get the MAC address for it.


Kurt

Re: How to create an ipv6 lan with a /64

[Kurt Roeckx]

On Sun, Oct 17, 2004 at 11:50:17PM +0200, Lionel Elie Mamane wrote:
> On Sun, Oct 17, 2004 at 06:16:33PM +0200, Kurt Roeckx wrote:
> > On Sun, Oct 17, 2004 at 11:34:47AM +0200, Arnout Engelen wrote:
> 
> >> And: what is the best way to choose the IP's for the local
> >> interfaces of the router?
> 
> > Just pick something like ::0 or ::1.
> 
> ::0 is reserved for the special anycast group "routers on this
> network".

This will not cause problems as long as there is only one router
on the subnet, but you're right, it's a "required" anycast
address.

Anyway, what you need to pick is something with bit 70
(universal/local bit) set to 0.  What you don't want is something
like ::0200:0:0:1.


Kurt

Re: How to create an ipv6 lan with a /64

[Kurt Roeckx]

On Sun, Oct 17, 2004 at 11:21:14PM +0200, Wouter Verhelst wrote:
> 
> I don't know what project you saw, but I've seen
> , which does not appear to be dead. Does that
> help?

I didn't find that one, but I didn't look very hard either.

It would be useful if someone could package this for debian.


Kurt

Re: How to create an ipv6 lan with a /64

[Kurt Roeckx]

On Sun, Oct 17, 2004 at 11:34:47AM +0200, Arnout Engelen wrote:
> On Sun, Oct 10, 2004 at 08:09:31PM +0200, Wouter Verhelst wrote:
> > On Sat, Oct 09, 2004 at 11:39:25PM +0200, Niki R wrote:
> > > how to assign an ipv6 to an internal pc with my debian box? 
> > 
> > apt-get install radvd
> > vi /etc/radvd.conf
> 
> Well, yes - but what if Niki has been assigned ('only') a /64, and has 2
> local subnets? radvd can't work with prefixes other than /64.

Then he really should get a /48.  You're even supposed to get a
/48 when only having 1 subnet.

He could also either set everything up staticly, or use dhcp.

Is there any dhcp client/server that supports ipv6?  I know there
is an rfc about it (rfc3315). I just never had the need to use it
yet.  The only project I could find about it said it was dead.

> Would assigning the same /64 to each subnet work (i.e., wouldn't that 
> possibly give the same IP out on both subnets)?

An IP address is supposed to be unique.  The problem however is
routing.  How will you know what subnet to route to based on the
IP address?

> And what if Niki didn't get a /64, but a /80?

Then his only options left are static and dhcp.

> And: what is the best way to choose the IP's for the local interfaces of the
> router?

Just pick something like ::0 or ::1.


Kurt

Re: multiple v6 address config

[Kurt Roeckx]

On Sun, Jun 06, 2004 at 12:21:53PM +0200, Dick Visser wrote:
> Hi guys
> 
> # default route to gateway
> up ip -6 route add default via 2001:0898:1001:1001::20 dev eth0

What kernel are you using?  Some older kernels had a problem with
"default" and you had to use 2000::/3 with them.

> # ip's for services
> up ip addr add 2001:0898:2000:001b::1/64 dev eth0
> up ip addr add 2001:0898:2000:001b::2/64 dev eth0
> up ip addr add 2001:0898:2000:001b::3/64 dev eth0
> up ip addr add 2001:0898:2000:001b::4/64 dev eth0
> up ip addr add 2001:0898:2000:001b::5/64 dev eth0

Try /128 with those.  Atleast try without them and see if it
works.


Kurt