rtadvd oddity (what am I missing?)

[Tickerguy]

rtadvd should, by the documentation, allow me to control the SLAAC pltime and vltime intervals. I have the following in my /etc/rtadvd.conf file:

# Set the preferred lifetime to 10 minutes on advertised prefixes.
# All other parameters are default.
#
default:\
        :pltime#3600:\
        :vltime#86400:\
        :prefixlen#64:
ix1:\
        :pltime#3600:\
        :vltime#86400:\
        :prefixlen#64:
ix1.4:\
        :pltime#3600:\
        :vltime#86400:\
        :prefixlen#64:

And it is invoked with this in /etc/rc.conf:

#
# Ipv6 routing; we MUST be an IPv6 router for the INTERNAL interface to
# distribute IPv6
#
rtadvd_enable="Yes"
rtadvd_interfaces="ix1 ix1.4"

And is indeed running with these two interfaces (the latter is a VLAN)

However, when a device gets a SLAAC address....

[karl@NewFS ~]$ ifconfig mce0
mce0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=66ef07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,NV,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,HWRXTSTMP,MEXTPG,VXLAN_HWCSUM,VXLAN_HWTSO>
        ether 50:6b:4b:12:c8:58
        inet 192.168.10.100 netmask 0xffffff00 broadcast 192.168.10.255
        inet6 fe80::526b:4bff:fe12:c858%mce0 prefixlen 64 scopeid 0x4
        inet6 2606:83c0:8000:1b00:526b:4bff:fe12:c858 prefixlen 64 autoconf pltime 604800 vltime 2592000
        media: Ethernet 10GBase-CR1 <full-duplex,rxpause,txpause>
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

Note the pltime and vltime.

And a tcpdump shows indeed that while rtadvd is advertising, it is sending the defaults and NOT what I set:

[root@NewFS /home/karl]# tcpdump -v -n -i mce0 icmp6 and ip6[40] == 134
tcpdump: listening on mce0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

13:25:49.345417 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::2e0:b4ff:fe68:f895 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
        hop limit 64, Flags [none], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
          source link-address option (1), length 8 (1): 00:e0:b4:68:f8:95
          prefix info option (3), length 32 (4): 2606:83c0:8000:1b00::/64, Flags [onlink, auto], valid time 2592000s, pref. time 604800s

And further, on the gateway:

root@IpGw:/usr/local/etc # rtadvctl show
ix1: flags=<UP,CONFIGURED,PERSIST> status=<RA_SEND> mtu 1500
        DefaultLifetime: 30m
        MinAdvInterval/MaxAdvInterval: 3m20s/10m
        AdvLinkMTU: <none>, Flags: <none>, Preference: medium
        ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64
        AdvIfPrefixes: yes
        Next RA send: Wed Jul 23 13:29:52 2025
        Last RA send: Wed Jul 23 13:25:49 2025
ix1.4: flags=<UP,CONFIGURED,PERSIST> status=<RA_SEND> mtu 1500
        DefaultLifetime: 30m
        MinAdvInterval/MaxAdvInterval: 3m20s/10m
        AdvLinkMTU: <none>, Flags: <none>, Preference: medium
        ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64
        AdvIfPrefixes: yes
        Next RA send: Wed Jul 23 13:28:31 2025
        Last RA send: Wed Jul 23 13:19:55 2025

Ok, what am I missing? That /etc/rtadvd.conf syntax certainly LOOKS correct.

Freebsd-14.3-STABLE, if it matters.

 

[dave14305]

This old mailing list post suggests a time without an address does nothing.

IPv6 autoconf addresses with changing RAs...

 

[Tickerguy]

Yes; if the delegated address changes the host in question does get it marked "deprecated" essentially immediately but it remains in the address table for a very long time which is both pointless and, if the delegated address changes on a relatively frequent basis (you'd hope it doesn't but it might) you will wind up with a lot of deprecated addresses. That's annoying but otherwise not a huge problem.

What is a significant problem is if IPv6 disappears (that is, presume the gateway crashes or is rebooted and on restart fails to get a new IPv6 delegation at all) since you can't set the shorter valid time and have it work the system(s) that previously got those SLACC addresses will attempt to connect outbound on them and fail, wildly damaging performance until said time expires, you reboot them or manually remove the IPv6 SLACC address from the interface.