IPv6: Preventing EUI-64 link-local addresses being used over manually configured ones on router

jem

Well-Known Member

Reaction score: 70
Messages: 398

Hi.

I run an IPv6-enabled FreeBSD router on my home network, which has been working fine for years. I have a global-scope /48 prefix delegated by my ISP, from which FreeBSD advertises a /64 chunk to my LAN. IPv6-enabled hosts on the LAN see the router advertisements and configure themselves using SLAAC, using the router's link-local address as their default gateway.

Until now, my router has just used a EUI-64 link-local address on its LAN interface, based on the MAC addresses (fe80::xxxx:xxff:fexx:xxxx). In the rc.conf(5) man page, I noticed the following earlier:
If only a link-local address is needed on the interface, the following configuration can be used:

ifconfig_ed0_ipv6="inet6 auto_linklocal"

A link-local address can also be configured manually. This is useful for the default router address of an IPv6 router so that it does not change when the network interface card is replaced. For example:

ifconfig_ed0_ipv6="inet6 fe80::1 prefixlen 64"

Having recently switched the router to new hardware by just moving the SSD, I encountered this issue of the address changing with the new NIC. This hasn't caused a problem as LAN hosts are now using the router's new EUI-64 addresses for their default gateway, but based on that snippet from the man page, I thought it would be useful to configure a fixed fe80::1/64 address on the router's LAN interfaces, so that it will never change even if the MAC addresses do.

However, the router's LAN interfaces are still getting the EUI-64 address in addition to the manually configured fe80::1/64 one and LAN clients are still using the EUI-64 one as their default gateway, defeating the object of the change. How can I alter this behaviour?

I've tried setting -auto_linklocal on the interface to prevent automatic configuration of an EUI-64 address, but it still gets one. rtadvd doesn't seem to have any way of specifying which router address should be used either.

Can anyone suggest anything else?
 

Zirias

Daemon

Reaction score: 1,095
Messages: 1,977

This hasn't caused a problem as LAN hosts are now using the router's new EUI-64 addresses for their default gateway, but based on that snippet from the man page, I thought it would be useful to configure a fixed fe80::1/64 address on the router's LAN interfaces, so that it will never change even if the MAC addresses do.
Sorry for NOT helping (I have no idea 🙈) – but I'm curious why this would be useful? What's the scenario?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 10,683
Messages: 36,456

You need the link-local addresses for IPv6's equivalent of ARP, which is done with ICMP and uses link-local addresses. Removing the link-local addresses would be similar to blocking ARP on IPv4, it's going to stop all communication.
 

Zirias

Daemon

Reaction score: 1,095
Messages: 1,977

SirDice my question was about the scenario of assigning a fixed one (instead of derived from the MAC). What's the usecase for this, or, put it the other way around, what's the problem when it changes on the default gateway?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 10,683
Messages: 36,456

or, put it the other way around, what's the problem when it changes on the default gateway?
Annoying if you have static addresses (and thus a static default gateway). SLAAC doesn't have a problem with the address changing, it'll just send the new router address and clients automatically pick this up. It's also perfectly fine to use link-local addresses with SLAAC and configure your static hosts with the global IPv6 address of the router. Both will work just fine next to each other.
 

mickey

Aspiring Daemon

Reaction score: 281
Messages: 725

I use this in my /boot/loader.conf:
Code:
# Disable auto generated link-local IPv6 addresses.
net.inet6.ip6.auto_linklocal=0
And in /etc/rc.conf:
Code:
ifconfig_igb0_ipv6="inet6 FE80::1 prefixlen 64 -accept_rtadv no_radr"
If you got more interfaces you will probably want to configure each of those accordingly.
 
OP
J

jem

Well-Known Member

Reaction score: 70
Messages: 398

Thanks Mickey.

The sysctl setting you put in /boot/loader.conf just sets the global default for auto_linklocal. I have already tried disabling auto_linklocal on a per interface basis using the '-auto_linklocal' flag to ifconfig(8):
Code:
[root@router ~]# grep lan0 /etc/rc.conf
ifconfig_igb0_name="lan0"
ifconfig_lan0="inet 192.168.0.1 netmask 255.255.255.0"
ifconfig_lan0_alias0="inet 192.168.0.2 netmask 255.255.255.255"
ifconfig_lan0_ipv6="inet6 fe80::1 prefixlen 64 -auto_linklocal"
rtadvd_interfaces="lan0"

It results in the following interface config:

Code:
lan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 40:62:31:0b:69:9d
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        inet 192.168.0.2 netmask 0xffffffff broadcast 192.168.0.2
        inet6 fe80::4262:31ff:fe0b:699d%lan0 prefixlen 64 scopeid 0x1
        inet6 fe80::1%lan0 prefixlen 64 scopeid 0x1
        inet6 2a02:xxxx:xxxx:xxxx:4262:31ff:fe0b:699d prefixlen 64
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=1<PERFORMNUD>

Here's the routing table automatically configured on another FreeBSD host on my LAN:

Code:
[root@filer ~]# netstat -6rn
Routing tables

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
default                           fe80::4262:31ff:fe0b:699d%lan0 UG        lan0
::1                               link#4                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2a02:xxxx:xxxx:xxxx::/64          link#3                        U          lan0
2a02:xxxx:xxxx:xxxx:3e4a:92ff:fe77:c459 link#3                   UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lan0/64                    link#3                        U          lan0
fe80::3e4a:92ff:fe77:c459%lan0    link#3                        UHS         lo0
fe80::%lo0/64                     link#4                        U           lo0
fe80::1%lo0                       link#4                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0

I either need to prioritise the use of the manually configured fe80::1 gateway address somehow, or ensure that it is the only link-local address on the interface.
 

mickey

Aspiring Daemon

Reaction score: 281
Messages: 725

I either need to prioritise the use of the manually configured fe80::1 gateway address somehow, or ensure that it is the only link-local address on the interface.
Using the sysctl accomplishes exactly that, you get no auto-configured link local addresses on your interfaces at all, so you have to configure those manually, which is what you wanted, nah? There was a reason to put it in /boot/loader.conf instead of /etc/sysctl.conf, probably because it needs to be toggled early to be effective.
 
  • Thanks
Reactions: jem
OP
J

jem

Well-Known Member

Reaction score: 70
Messages: 398

Using the sysctl accomplishes exactly that, you get no auto-configured link local addresses on your interfaces at all
You're right. I tried it and it had the desired effect.

I had assumed incorrectly that it would have the same effect as setting '-auto_linklocal' on each interface when it's configured during boot, which I already tried, but it doesn't quite work that way.

My router's LAN interfaces now have a sole link-local address of fe80::1/64, and my other hosts have already started using it as their default gateway.

Thank you!
 
Top