Reply
Highlighted
Established Member
Posts: 871
Registered: ‎12-10-2009
Kudos: 186
Solutions: 16

IPv6 SLAAC Assignment On Wan Interface

Hi

 

On our network i have setup a gateway on a ubuntu machine using Hurricane Electric tunnelbroker.

 

On the LAN interface I have setup radvd to dish out a routed /64 network.

 

All my windows hosts (mainly xp) and esx servers and other devices automatically assign themselves a global IPv6 address from within the assigned routed range. And they can happily see the internet. All is well.

 

However, we then have several edgerouters with there WAN interfaces connected to the LAN.  However these edgerouters do not generate a global IPv6 address on their WAN interfaces - all they have is a scope address.

 

Do i have to do something to tell the WAN interface to configure a global interface by listening to RA announcements?

 

KR's

 

Mark

 

 

Established Member
Posts: 1,211
Registered: ‎06-14-2012
Kudos: 1008
Solutions: 80
Contributions: 9

Re: IPv6 SLAAC Assignment On Wan Interface

You should just need to:

 set interfaces ethernet eth0 ipv6 address autoconf

 

Established Member
Posts: 871
Registered: ‎12-10-2009
Kudos: 186
Solutions: 16

Re: IPv6 SLAAC Assignment On Wan Interface

Thanks for that but i get 

 

ubnt@erl1-mfarm:~$ configure
[edit]
ubnt@erl1-mfarm# set interfaces ethernet eth1 ipv6 address autoconf
[edit]
ubnt@erl1-mfarm# commit
[ interfaces ethernet eth1 ipv6 address autoconf ]
Enabling address auto-configuration for eth1
Warning: IPv6 forwarding is currently enabled.
         IPv6 address auto-configuration will not be performed
         unless IPv6 forwarding is disabled.

[edit]
ubnt@erl1-mfarm#

 

How should i get around that?  

 

Many Thanks

 

KR's

 

Mark

Established Member
Posts: 1,211
Registered: ‎06-14-2012
Kudos: 1008
Solutions: 80
Contributions: 9

Re: IPv6 SLAAC Assignment On Wan Interface

That would be a bug. It requires setting a sysctl flag for the specific interface.

Established Member
Posts: 871
Registered: ‎12-10-2009
Kudos: 186
Solutions: 16

Re: IPv6 SLAAC Assignment On Wan Interface

If it is a bug then it is in:

 

1.4.1

1.5.0

1.6alpha2

 

Kr's

 

Marj

Established Member
Posts: 871
Registered: ‎12-10-2009
Kudos: 186
Solutions: 16

Re: IPv6 SLAAC Assignment On Wan Interface

To answer my own question you need to edit 

 

 

/etc/sysctl.com and add the following to the bottom

 

net.ipv6.conf.eth1.accept_ra=2

 reboot or

echo 2 > /proc/sys/net/ipv6/conf/eth1/accept_ra

 then 

configure
set interfaces ethernet eth1 ipv6 address autoconf
commit

 Kr's

 

Mark

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5465
Solutions: 1656
Contributions: 2

Re: IPv6 SLAAC Assignment On Wan Interface

The way the configuration is implemented right now, the following should work:

 

root@ubnt# set interfaces ethernet eth0 ipv6 disable-forwarding
[edit]
root@ubnt# commit
[ interfaces ethernet eth0 ipv6 disable-forwarding ]
Disabling IPv6 forwarding for eth0

[edit]
root@ubnt# set interfaces ethernet eth0 ipv6 address autoconf
[edit]
root@ubnt# commit
[ interfaces ethernet eth0 ipv6 address autoconf ]
Enabling address auto-configuration for eth0

[edit]
root@ubnt#

Also ordering shouldn't matter as it's only a warning, and autoconf should work when forwarding is disabled (or at least that's the theory). The "accept_ra" thing looks like a separate issue?

Established Member
Posts: 1,211
Registered: ‎06-14-2012
Kudos: 1008
Solutions: 80
Contributions: 9

Re: IPv6 SLAAC Assignment On Wan Interface


@UBNT-ancheng wrote:

Also ordering shouldn't matter as it's only a warning, and autoconf should work when forwarding is disabled (or at least that's the theory). The "accept_ra" thing looks like a separate issue?


accept_ra has 3 settings.  0= don't accept RA, 1= accept RA but will disable if forwarding is enabled on the system.  2 = accept RA when forwarding is enabled.  I think the better answer would be when you configure an interface for SLAAC, it should automagically set accept_ra=2 instead of having to separately disable forwarding.  It is a router afterall, it is always going to be forwarding.

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3126
Solutions: 945
Contributions: 16

Re: IPv6 SLAAC Assignment On Wan Interface

It's an easy change if you edit the file /opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/ipv6/address/autoconf/node.def you see the following:

echo "Enabling address auto-configuration for $VAR(../../../@)"
	    sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/$VAR(../../../@)/autoconf"
	    forwarding=`cat /proc/sys/net/ipv6/conf/$VAR(../../../@)/forwarding`
	    if [ $forwarding = 1 ]; then
		echo "Warning: IPv6 forwarding is currently enabled."
		echo "         IPv6 address auto-configuration will not be performed"
                echo "         unless IPv6 forwarding is disabled."
	    fi

 Change that to:

echo "Enabling address auto-configuration for $VAR(../../../@)"
	    sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/$VAR(../../../@)/autoconf"
	    

 

 

EdgeMAX Router Software Development
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5465
Solutions: 1656
Contributions: 2

Re: IPv6 SLAAC Assignment On Wan Interface


mrjester wrote: I think the better answer would be when you configure an interface for SLAAC, it should automagically set accept_ra=2 instead of having to separately disable forwarding.

Yeah that's a good point, we should look into that! Thanks for the feedback.

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3126
Solutions: 945
Contributions: 16

Re: IPv6 SLAAC Assignment On Wan Interface


@mrjester wrote:

UBNT-ancheng wrote:

Also ordering shouldn't matter as it's only a warning, and autoconf should work when forwarding is disabled (or at least that's the theory). The "accept_ra" thing looks like a separate issue?


accept_ra has 3 settings.  0= don't accept RA, 1= accept RA but will disable if forwarding is enabled on the system.  2 = accept RA when forwarding is enabled.  I think the better answer would be when you configure an interface for SLAAC, it should automagically set accept_ra=2 instead of having to separately disable forwarding.  It is a router afterall, it is always going to be forwarding.


Well I did some experimenting with changing the autoconf to set accept_ra=2 and with that I do see a default gateway and connected route, but oddly the address isn't assigned to the interface:

ubnt@ER-Pro2:~$ show ipv6 route forward 
2001:db8:1111::/64 dev eth5  proto kernel  metric 256  expires 86293sec
fe80::/64 dev eth7  proto kernel  metric 256 
fe80::/64 dev eth3  proto kernel  metric 256 
fe80::/64 dev eth4  proto kernel  metric 256 
fe80::/64 dev eth5  proto kernel  metric 256 
fe80::/64 dev eth1  proto kernel  metric 256 
fe80::/64 dev eth0  proto kernel  metric 256 
default via fe80::de9f:dbff:fe17:138d dev eth5  proto ra  metric 1024  expires 1693sec

ubnt@ER-Pro2:~$ show interfaces 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description                 
---------    ----------                        ---  -----------                 
eth0         172.16.3.51/24                    u/u  WAN                         
eth1         192.168.10.1/24                   u/u                              
eth2         -                                 u/D                              
eth3         -                                 u/u                              
eth4         -                                 u/u                              
eth5         200.0.0.1/24                      u/u                              
eth6         -                                 u/D                              
eth7         -                                 u/u                              
lo           127.0.0.1/8                       u/u                              
             ::1/128                          

 If I also set autoconf=1 then I get an address assigned.  Does that seem right?

EdgeMAX Router Software Development
Established Member
Posts: 1,211
Registered: ‎06-14-2012
Kudos: 1008
Solutions: 80
Contributions: 9

Re: IPv6 SLAAC Assignment On Wan Interface

No, that is bad behavior. Something else is going on there.  Did you check "ip a s"?  Perhaps the UI didn't pick up the address.

 

https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

 

accept_ra - INTEGER
	Accept Router Advertisements; autoconfigure using them.

	It also determines whether or not to transmit Router
	Solicitations. If and only if the functional setting is to
	accept Router Advertisements, Router Solicitations will be
	transmitted.

	Possible values are:
		0 Do not accept Router Advertisements.
		1 Accept Router Advertisements if forwarding is disabled.
		2 Overrule forwarding behaviour. Accept Router Advertisements
		  even if forwarding is enabled.

 

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3126
Solutions: 945
Contributions: 16

Re: IPv6 SLAAC Assignment On Wan Interface


@mrjester wrote:

No, that is bad behavior. Something else is going on there.  Did you check "ip a s"?  Perhaps the UI didn't pick up the address.

 

https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

 

accept_ra - INTEGER
	Accept Router Advertisements; autoconfigure using them.

	It also determines whether or not to transmit Router
	Solicitations. If and only if the functional setting is to
	accept Router Advertisements, Router Solicitations will be
	transmitted.

	Possible values are:
		0 Do not accept Router Advertisements.
		1 Accept Router Advertisements if forwarding is disabled.
		2 Overrule forwarding behaviour. Accept Router Advertisements
		  even if forwarding is enabled.

 


 

Maybe it's a bug, but here's what I see:

 

root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# cat autoconf 
0
root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# cat accept_ra
1
root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# echo 2 > accept_ra
root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# cat accept_ra
2

 Now I would think this would cause it to send out a RS, but it appears I need to wait for the next RA.  So I'll run radvdump to watch for the next RA:

root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# radvdump
#
# radvd configuration generated by radvdump 1.8.5
# based on Router Advertisement from fe80::de9f:dbff:fe17:138d
# received by interface eth5
#

interface eth5
{
	AdvSendAdvert on;
	# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
	AdvManagedFlag off;
	AdvOtherConfigFlag off;
	AdvReachableTime 0;
	AdvRetransTimer 0;
	AdvCurHopLimit 64;
	AdvDefaultLifetime 1800;
	AdvHomeAgentFlag off;
	AdvDefaultPreference medium;
	AdvSourceLLAddress on;

	prefix 2001:db8:1111::/64
	{
		AdvValidLifetime 86400;
		AdvPreferredLifetime 14400;
		AdvOnLink on;
		AdvAutonomous on;
		AdvRouterAddr on;
	}; # End of prefix definition


	RDNSS 2001:db8::35 2002::1
	{
		AdvRDNSSLifetime 600;
	}; # End of RDNSS definition

}; # End of interface definition

 Ok, now let's see what we got:

root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# ip -6 ro sh
2001:db8:1111::/64 dev eth5  proto kernel  metric 256  expires 86080sec
fe80::/64 dev eth7  proto kernel  metric 256 
fe80::/64 dev eth4  proto kernel  metric 256 
fe80::/64 dev eth3  proto kernel  metric 256 
fe80::/64 dev eth5  proto kernel  metric 256 
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev eth1  proto kernel  metric 256 
default via fe80::de9f:dbff:fe17:138d dev eth5  proto ra  metric 1024  expires 1480sec


root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# ip add sh eth5
3: eth5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 24:a4:3c:3d:53:b0 brd ff:ff:ff:ff:ff:ff
    inet 200.0.0.1/24 brd 200.0.0.255 scope global eth5
       valid_lft forever preferred_lft forever
    inet6 fe80::26a4:3cff:fe3d:53b0/64 scope link 
       valid_lft forever preferred_lft forever

 Now as soon as I enable autoconf:

root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# echo 1 > autoconf 

root@ER-Pro2:/proc/sys/net/ipv6/conf/eth5# ip add sh eth5
3: eth5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 24:a4:3c:3d:53:b0 brd ff:ff:ff:ff:ff:ff
    inet 200.0.0.1/24 brd 200.0.0.255 scope global eth5
       valid_lft forever preferred_lft forever
    inet6 2001:db8:1111:0:26a4:3cff:fe3d:53b0/64 scope global tentative dynamic 
       valid_lft 86400sec preferred_lft 14400sec
    inet6 fe80::26a4:3cff:fe3d:53b0/64 scope link 
       valid_lft forever preferred_lft forever

 

EdgeMAX Router Software Development
Established Member
Posts: 1,211
Registered: ‎06-14-2012
Kudos: 1008
Solutions: 80
Contributions: 9

Re: IPv6 SLAAC Assignment On Wan Interface

My instructions were from the perspective of vanilla Linux systems.  Sounds like both should be automatically set then due to other customizations you guys have done.

Member
Posts: 118
Registered: ‎06-08-2013
Kudos: 149
Solutions: 3

Re: IPv6 SLAAC Assignment On Wan Interface

[ Edited ]

Disclaimer: Sorry if this is a dup or has been discussed elsewhere. Just diss me (while referring to the correct thread, of course ... :-) if this is "old & busted" already!

 

 

I experience the exact same behavior with my PPPoE-Client setup. (Version 1.6.0 / Build 4716006).

 

No IPv6-joy at all until accept_ra is set to 2. After reception of the next RA, the router learns about the global /64 prefix for the link and the default route, but doesn't autoconfigure a global address for itself. Only after changing autoconf to 1 I am in (full) business.

 

Just for reference, here's the configuration in question: (within a pppoe xx sub-interface on a normal ethernet port)

 

 default-route none
 ipv6 {
     address {
         autoconf
     }
     dup-addr-detect-transmits 1
     enable {
     }
 }
 name-server none
 password *******
 user-id *******

 

PS: I'd be willing to throw you a Layer-2 bridge with OpenVPN/GRE, if you want to play/test with this PPPoE link.

 

Greetings,

 

Clemens

 

 

New Member
Posts: 9
Registered: ‎09-30-2014
Kudos: 5

Re: IPv6 SLAAC Assignment On Wan Interface

It's not entirely clear to me what the outcome for the original poster, but as far as I understood, SLAAC was destined for (preferably) single-homed "client" hosts, and should be avoided for routers. This is probably the reason for the orignal error message the OP got.

 

It seems that routers haver their own protcol Router Renumbering (https://tools.ietf.org/html/rfc2894), but I have no experience with this and haven't ecountered it yet! I also have no clue how it applies in EdgeOS. All my IPv6 addressing at router level are static, as fortunately I any have a few.

 

HTH!

Nicolas

Member
Posts: 118
Registered: ‎06-08-2013
Kudos: 149
Solutions: 3

Re: IPv6 SLAAC Assignment On Wan Interface

Well, it's the easiest way to obtain an IPv6 address and nothing precludes it from being used by routers - even as "clients".

 

The largest Telco in Germany (Deutsche Telekom) has turned on native IPv6 for their xDSL customers a while ago already and they provide their "dialup" customers (-> PPPoE) with an IPv6 address using this method.

 

In addition they also provide a /56 prefix, which the router can then obtain by DHCPv6-PD for delegation to subnets behind the router.

 

Pretty vanilla setup I must say - for "dialup" customers. 

 

Deutsche Telekom "believes" their customers do not want static address/prefix assignments and they are probably right about this - with the exception of a handful of nerds who try to operate their own datacenter out of their basement. I am also just fine with this, as I do not believe in static address assignments at all - neithe for IPv6 nor for IPv4. Those are sooooo 90s :-) :-) :-)

 

Established Member
Posts: 871
Registered: ‎12-10-2009
Kudos: 186
Solutions: 16

Re: IPv6 SLAAC Assignment On Wan Interface

Hi

 

What version of the firmware are you running?

 

Certainly for eth devices this was fixed in 1.6.0 and i thought PPPOE was fixed too.

 

Perhaps I am wrong on that.

 

KR's

 

Mark

Member
Posts: 118
Registered: ‎06-08-2013
Kudos: 149
Solutions: 3

Re: IPv6 SLAAC Assignment On Wan Interface

Version 1.6.0 / Build 4716006, like I said in my post.

 

Obviously it isn't fixed for PPPoE, no ...

 

Maybe "the fix" (as applied to ethernet interfaces) makes it into 1.7.0?!

 

And hopefully they won't forget to do it for PPPoE on bridge-interfaces as well - I often use these together with PPPoE.

 

Wink, wink ... ;-) (Naah, I don't believe anyone from UBNT is reading this ... :-)

 

Clemens

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3126
Solutions: 945
Contributions: 16

Re: IPv6 SLAAC Assignment On Wan Interface


@csch wrote:

 

And hopefully they won't forget to do it for PPPoE on bridge-interfaces as well - I often use these together with PPPoE.


I cringe at the thought of bridging a wan interface, but it does appear possible:

 

ubnt@ER-PoE:~$ show version 
Version:      v1.6.0
Build ID:     4716006
Build on:     10/31/14 17:31
Copyright:    2012-2014 Ubiquiti Networks, Inc.
HW model:     EdgeRouter PoE 5-Port
HW S/N:       24A43C057571
Uptime:       13:44:21 up 1 day, 22 min,  1 user,  load average: 0.07, 0.05, 0.05

ubnt@ER-PoE:~$ configure 
[edit]
ubnt@ER-PoE# set interfaces bridge br0 pppoe 0 ?
access-concentrator  idle-timeout         password
connect-on-demand    ip                   redirect
default-route        ipv6                 remote-address
description          local-address        service-name
dhcpv6-pd            mtu                  traffic-policy
firewall             name-server          user-id
[edit]

 

EdgeMAX Router Software Development
Reply