DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th February 2017
nyg nyg is offline
Port Guard
 
Join Date: Jan 2017
Posts: 14
Default Getting a specific IPv6 address using DHCP (or not)

Hello,

I've managed to do what I wanted but I'd like to know if this is the correct way. Some context: I have a OpenBSD box behind a modem/router that provides both IPv4 address (LAN) and IPv6 address (DHCPv6 stateless).

In order to always get the same IPv6 even after reboot I've put this in my /etc/hostname.nfe0:

Code:
dhcp
rtsol
inet6 my_ip6_here
So, dhcp is to get my LAN IPv4 address.

But what is/was rtsol? I found out that it was removed in the 5.7 release. However, if I remove the line I can't access my box from the outside. I'm not sure what "ICMPv6 Router Solicitations" are but my guess is that's what's being used to communicate with the DHCPv6 server of my modem, correct? Strange name though... So, if rtsol was removed is it correct for me to use this line? (I found it in man hostname.if)

Then, the inet6 line is what I use to add my "fixed" IPv6 address. It works correctly so this line must somehow be telling the DHCPv6 server I'm requesting this IPv6 address, correct?

Another thing that's bothering me is that my nfe0 interface still has other IPv6 addresses, is there a way to only have one? (the one I specify in hostname.if)

Thanks a lot!
Reply With Quote
  #2   (View Single Post)  
Old 10th February 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,152
Default

My only use of DHCP in IPv6 is an implementation of net/wide-dhcpv6, required by one of my ISPs for "prefix delegation." In English, that is how that ISP assigns a /64 to a customer.

I have two types of static global addresses. 1) a static address assigned by an ISP, or 2) an alias address. Both are only used for inbound "listening" services.

A typical NIC for me will have a link local address, a static address assigned by the ISP, a current autoconfprivacy address for outbound services, and six days worth of deprecated autoconfprivacy addresses. Optionally, I may have one more static addresses included as aliases.

Here's a hostname.if(5) file with example IPv4 and IPv6 alias addresses.
Code:
inet 198.51.100.17/24
alias 203.0.113.118/24
rtsol
inet6 alias 2001:db8::1:2:c:9/64
When you add "rtsol" - routing solicitation - to a hostname.if file, netstart(8) issues "ifconfig <nic> inet6 autoconf" for us. We no longer need or have a userland daemon; these are handled by the kernel's IPv6 stack.

Last edited by jggimi; 10th February 2017 at 08:57 PM. Reason: added the rtsol answer
Reply With Quote
  #3   (View Single Post)  
Old 10th February 2017
nyg nyg is offline
Port Guard
 
Join Date: Jan 2017
Posts: 14
Default

I don't necessarily want to use DHCP to get my IPv6 but I don't know how else to do it. I need a fixed IPv6 so I can access my OpenBSD from outside my home network.

My ISP also gives me a /64 and I'd like to chose a specific one for my OpenBSD box.

Are you saying I shouldn't be using DHCP in my case?

Concerning rtsol, that means I could replace it by inet6 autoconf?
Reply With Quote
  #4   (View Single Post)  
Old 10th February 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,152
Default

Quote:
Originally Posted by nyg View Post
I don't necessarily want to use DHCP to get my IPv6 but I don't know how else to do it. I need a fixed IPv6 so I can access my OpenBSD from outside my home network.

My ISP also gives me a /64 and I'd like to chose a specific one for my OpenBSD box.
I deal with 2 ISPs. Both assign addresses with NDP, and accept router solicitations and send router advertisements via NDP.

One assigns a global /128 and uses prefix delegation to assign a separate /64. This is a residential connection, and I treat the /128 as dynamic, while I consider the /64 a permanent delegation. I am not currently assigning any inbound static addresses on this network, I'm only using it outbound. But if I did, I would use "inet6 alias [my.chosen.alias.address]" in my hostname.if file, selecting one of the 18-and-a-half septillion addresses within my allocated /64.

The other ISP merely handed me an IPv6 address within a /64, and said, "this is your base address, and you may allocate whatever you wish within your /64." The base address is derived from the EUI64 translation of the NIC's 48-bit MAC address.
Quote:
Are you saying I shouldn't be using DHCP in my case?
DHCP is not necessary with "pure" IPv6 traffic. Outbound, dynamic addresses are assigned automatically by NDP SLAAC. Inbound addresses are statically assigned, and as I have posted I do that with an alias. I can place that alias in /etc/hosts, or I can add the alias to a domain nameserver as an AAAA record.

DHCP (version 6, of course) has its place, and its uses, but it is not typically used for individual address assignments in IPv6, either dynamic, which is built into SLAAC, or static, where I just use an alias or a statically assigned address, such as with my commercial ISP.
Quote:
Concerning rtsol, that means I could replace it by inet6 autoconf?
Yes, but I'm using rtsol as recommended by the hostname.if(5) man page.

Last edited by jggimi; 11th February 2017 at 12:30 AM. Reason: typo
Reply With Quote
  #5   (View Single Post)  
Old 10th February 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,152
Default

I'll add that I see three current uses for DHCPv6. At least, in any use case I can foresee the possibility of needing.
  1. Prefix delegation from an ISP (as I am using now)
  2. Nameserver provisioning for dynamic devices (workstations, mobile)
  3. Dynamic addressing for prefixes smaller than /64. SLAAC requires a /64 prefix. Subdividing a /64 would eliminate SLAAC.
Reply With Quote
  #6   (View Single Post)  
Old 11th February 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,152
Default

A follow-on post to try to add a little clarity.

The commercial ISP and its /64 are the simplest. I have an externally facing server with a single NIC, and no internal network. At the moment, there are 10 IPv6 addresses assigned to the NIC: 1 local link, 2 static addresses, and 7 dynamic, private addresses.
  • I use rtsol and inet6 alias in the hostname.if(5) file.
  • The link local address is defined by the kernel, for use with NDP.
  • NDP SLAAC from the ISP assigns the "base" address within the assigned /64 prefix. This address does not use privacy. While it has pltime/vltime counters, it is a permanent, static address assigned to the server by the ISP, as the address is based on the MAC address, using EUI64.
  • The second static address is the alias. This is truly static, as there are no pltime/vltime counters shown in ifconfig(8) output.
  • Both of these static addresses are in my authoritative nameserver database, in AAAA records.
  • The remaining 7 addresses are dynamic, use privacy, and are for outbound traffic. 1 is active, the other 6 are deprecated and not used for new sessions. See autoconfprivacy in the ifconfig() man page regarding default timings.
The residential ISP connection is quite different. I am routing IPv6 on the home network, primarily so that I can use it from a workstation to test IPv6 connections on the remote server above. The firewall and the workstation both use rtsol for NDP for address assignments on their egress NICs.
  • The workstation has 4 IPv6 addresses. 1 local link, one dynamically assigned "base" address using EUI64, and 2 outbound dynamic addresses that use privacy. One active, one deprecated. The workstation has only been up 1 day and 5 hours since it was last rebooted, which is why it doesn't have more outbound privacy addresses.
The workstation operates similarly to my remote server. It has a "base" address in the /64 that has an address assigned based upon on its MAC, which could be used if I were running services that were listening for inbound connections.

My router is configured differently. There are two NICs that are used to forward IPv6: an internally facing NIC, and the egress NIC. As noted previously, wide-dhcpv6 is used for /64 delegation. The server uses rtadvd(8) to apply the delegation on the local network.
  • The internally facing NIC does not use rtsol, nor any other inet6 directives. There are two IPV6 addresses: a link local address, and a "base" address assigned with EUI64.
  • The IPv6 addresses on this NIC are allocated by rtadvd().
The externally facing NIC uses rtsol. It also has two IPv6 addresses: a link local address and the single /128 address assigned by the ISP. This /128 address is truly dynamic, with pltime/vltime counters, and it does not use EUI64. It can change at ISP whim.

The last piece of the puzzle is DHCPv6. The client configuration accepts the prefix delegation by communicating on the egress NIC, and assigns the prefix delegation to the inner NIC, so that it can be used by rtadvd().

Last edited by jggimi; 11th February 2017 at 04:10 PM. Reason: typos. always.
Reply With Quote
  #7   (View Single Post)  
Old 11th February 2017
nyg nyg is offline
Port Guard
 
Join Date: Jan 2017
Posts: 14
Default

Well thanks for detailed answers! I'll add the alias keyword then, but what's the practical difference if I don't use the keyword? The ifconfig output seems to be the same. Also, is there a way for my OpenBSD box not to use rtsol and directly inform my ISP of which IPv6 (within the /64 I'm assigned) I want to use?
Reply With Quote
  #8   (View Single Post)  
Old 11th February 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,152
Default

A NIC can have multiple IP addresses assigned simultaneously. OpenBSD IPv4 treats one address as the primary, and any additional addresses as alias addresses. The NIC will respond to all of them. For IPv6, as there are always multiple addresses, I let NDP set the primary address and set my secondary static addresses as aliases.

I will guess that if you did not set a primary address in your hostname.if(5) file, NDP SLAAC would assign the address for you. That assumes your ISP is using SLAAC for your /64, as one of my ISPs does.

---

The only listening addresses I use are addresses that either I have assigned with an alias, or the unique /64 address assigned by an ISP. As my rtadvd(8) service has assigned such a "base" address to the workstation when it configures with SLAAC, I could use that for any listening services, but I have nothing configured to listen to it.

All other unique local addresses I have are for outgoing traffic, using autoconfprivacy.

I am not using any unique local addresses (fd00::/8), but if I were I would set them via aliases also.
Unique local addresses are somewhat equivalent to the private addresses in IPv4 (10/8, 192.168/16, 172.16/12). Their purpose is for local network communications, as they cannot be routed over the Internet.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPv6 and address reputation management: blocklists, &c. jggimi General software and network 3 18th January 2017 08:01 PM
Specific DHCP config on OpenBSD avayax OpenBSD General 3 8th January 2016 11:37 PM
5.6 ifconfig add IPv6 address no longer adds route for whole subnet. SlyM OpenBSD General 6 4th November 2014 02:05 PM
With World IPv6 Launch, IPv6 on by default will be the new normal J65nko News 0 29th March 2012 07:59 PM
Asking about IPv6 address berlowin Off-Topic 2 9th July 2008 02:39 AM


All times are GMT. The time now is 09:21 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick