[OpenWrt-Devel] option ip6assign 60
Hiya, I've installed trunk (r40576) on a few boxes because I want to play around with homenet (hnetd / package hnet-full). Before I even get there, I'm wondering about something. The sample /etc/config/network file has an option in there which confuses me: config interface 'lan' option ifname 'eth1' #option type 'bridge' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' what is option ip6assign good for, and why does it default to 60? (option bridge commented out by me, as hnetd supposedly does not like bridges) The effect it has is that the interface in question receives a /60 as IPv6 network connected to it: root@OpenWrt:/etc/config# ifconfig -a eth1 Link encap:Ethernet HWaddr 10:FE:ED:E6:5F:32 inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::12fe:edff:fee6:5f32/64 Scope:Link inet6 addr: fd83:af19:9ef::1/60 Scope:Global inet6 addr: 2001:608:0:c10::1/60 Scope:Global ... which is not exactly what the IETF says should be on a LAN - but some other parts of the system see the prefix as /64, like when sending out a RA on that LAN 17:51:19.741002 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 192) fe80::12fe:edff:fee6:5f32 ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 192 hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s source link-address option (1), length 8 (1): 10:fe:ed:e6:5f:32 mtu option (5), length 8 (1): 1500 prefix info option (3), length 32 (4): 2001:608:0:c10::/64, Flags [onlink, auto], valid time 2817s, pref. time 1017s prefix info option (3), length 32 (4): fd83:af19:9ef::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s ... which is perfectly correct, as SLAAC only works for /64. So, well, my question boils down to why is that default there?, and what effects does this option have, besides assigning /60 prefixes to LAN interfaces?. (As a side note: I really like the way IPv6 has gotten integrated into newer releases. Plug in that thing, received DHCPv6-PD from upstream routers, offer v6 to connected LANs, off you go...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpj0iFsvpaNY.pgp Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] option ip6assign 60
A /64 prefix and SLAAC can only really be applied to a single link in your network, so if you wanted to separate your network into multiple links (ie: not bridging) then you would use a shorter prefix to get the routing right between each of those links. For example, the IPv6 prefix generated by your router might be fd83:af19:9ef::/60, but your your ethernet devices would see fd83:af19:9ef:1::/64 for SLAAC, and your WiFi devices might see fd83:af19:9ef:2::/64 for SLAAC. Because they are both subnets of the broader /60 prefix, your router can advertise itself as the router for all of the links in your home network. Cheers, Owen P.S. This is all hypothetical, I haven't actually played with this option to see what it does... but this is the typical use case for IPv6 prefixes shorter than 64-bits and ULAs. On 14-05-02 11:14 AM, Gert Doering wrote: Hiya, I've installed trunk (r40576) on a few boxes because I want to play around with homenet (hnetd / package hnet-full). Before I even get there, I'm wondering about something. The sample /etc/config/network file has an option in there which confuses me: config interface 'lan' option ifname 'eth1' #option type 'bridge' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' what is option ip6assign good for, and why does it default to 60? (option bridge commented out by me, as hnetd supposedly does not like bridges) The effect it has is that the interface in question receives a /60 as IPv6 network connected to it: root@OpenWrt:/etc/config# ifconfig -a eth1 Link encap:Ethernet HWaddr 10:FE:ED:E6:5F:32 inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::12fe:edff:fee6:5f32/64 Scope:Link inet6 addr: fd83:af19:9ef::1/60 Scope:Global inet6 addr: 2001:608:0:c10::1/60 Scope:Global ... which is not exactly what the IETF says should be on a LAN - but some other parts of the system see the prefix as /64, like when sending out a RA on that LAN 17:51:19.741002 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 192) fe80::12fe:edff:fee6:5f32 ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 192 hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s source link-address option (1), length 8 (1): 10:fe:ed:e6:5f:32 mtu option (5), length 8 (1): 1500 prefix info option (3), length 32 (4): 2001:608:0:c10::/64, Flags [onlink, auto], valid time 2817s, pref. time 1017s prefix info option (3), length 32 (4): fd83:af19:9ef::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s ... which is perfectly correct, as SLAAC only works for /64. So, well, my question boils down to why is that default there?, and what effects does this option have, besides assigning /60 prefixes to LAN interfaces?. (As a side note: I really like the way IPv6 has gotten integrated into newer releases. Plug in that thing, received DHCPv6-PD from upstream routers, offer v6 to connected LANs, off you go...) gert ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] option ip6assign 60
Hi, On Fri, May 02, 2014 at 11:28:29AM -0700, Owen Kirby wrote: A /64 prefix and SLAAC can only really be applied to a single link in your network, so if you wanted to separate your network into multiple links (ie: not bridging) then you would use a shorter prefix to get the routing right between each of those links. For example, the IPv6 prefix generated by your router might be fd83:af19:9ef::/60, but your your ethernet devices would see fd83:af19:9ef:1::/64 for SLAAC, and your WiFi devices might see fd83:af19:9ef:2::/64 for SLAAC. Because they are both subnets of the broader /60 prefix, your router can advertise itself as the router for all of the links in your home network. I do understand *that*, and I can see that if you do multi-level DHCPv6-PD, the first router might want to give the second router a /60, so that this one has 16 /64s for all of its LANs (and so on). But you'd then normally not configure the /60 onto a LAN segment in between, but have a /64 between router A and router B, and the /60 routed across that... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpXyce0NB9VQ.pgp Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] option ip6assign 60
Hi Gert, In regular OpenWrt ip6assign means that - as already written - a /60 (if available) is taken from the DP and the assigned to the given interface. That value was chosen rather arbitrarily. The first /64 of that DP is handed out via RA and stateful DHCPv6 (IA_NA). The rest of the /60 (or whatever you set in ip6assign) can be acquired by downstream routers on that interface via DHCPv6-PD. Regarding homenet / hnetd, please see http://www.homewrt.org for some documentation. Also feel free to ask me (I'm one of the authors of the draft and implementation) or join us on #hnet-hackers on freenode about anything you might need / want to know. hnetd implements its own prefix delegation algorithm (as its managed throughout the homenet) so usual ip6assign-stuff doesn't apply here. You can also use it with bridges but it might make more sense to use individual ports instead to e.g. avoid unnecessary traffic on WiFi or make proper use of the border detection (e.g. use one switch-port for a second uplink and another for downstream or so). Cheers, Steven ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] option ip6assign 60
Hi Gert, you are right its a bit unusual and you may very well consider it bad practice and if I have enough time it will hopefully solve it in a better way at some point. The reasoning behind this is that this way the DHCPv6 (PD) server can easily learn about the whole available prefix range and any lifetime etc. changes immediately via Kernel netlink updates and thus reconfigure clients and downstream routers easily if needed without a separate IPC or configuration channel. Of course it still sets up a more specific routes once a prefixes is actually assigned to a downstream router so that routing works correctly. Cheers, Steven ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] option ip6assign 60
Hi, On Fri, May 02, 2014 at 08:44:06PM +0200, Steven Barth wrote: In regular OpenWrt ip6assign means that - as already written - a /60 (if available) is taken from the DP and the assigned to the given interface. That value was chosen rather arbitrarily. The first /64 of that DP is handed out via RA and stateful DHCPv6 (IA_NA). The rest of the /60 (or whatever you set in ip6assign) can be acquired by downstream routers on that interface via DHCPv6-PD. Ah! So it's a reservation for downstream-DHCPv6-PD. It's still slightly confusing, tbh, to see the ifconfig and route values point the /60 towards the actual interface. But maybe that's just me :-) - it certainly isn't causing problems, just to say that again. Regarding homenet / hnetd, please see http://www.homewrt.org for some documentation. Also feel free to ask me (I'm one of the authors of the draft and implementation) or join us on #hnet-hackers on freenode about anything you might need / want to know. Thanks for the offer. Right now, only one of the routers is life (due to convenience of access to stuff, like arbitrary upstream routers, I'm building this at office, and 3 out of 4 boxes are still at home...), but I'm planning to have this operational in the next few days - and I'm sure questions will come. I've read everything that's linked from the start page on http://www.homewrt.org/ - but it's not really much as far as how can I see what it does? how can I debug it? Is there only one single option to turn this on and off (option proto 'hnet'), or is there more? Does hnetd handle IPv4 and IPv6 today? How do I force selection of a certain /64 on a specific interface? question go... :-) (I *have* read all the *-homenet-* drafts, so I feel I understand the basic concepts and requirements, but now I need to see it) hnetd implements its own prefix delegation algorithm (as its managed throughout the homenet) so usual ip6assign-stuff doesn't apply here. You Understood. I was just curious what it was, spending too much time on side-track curiousity again :-) can also use it with bridges but it might make more sense to use individual ports instead to e.g. avoid unnecessary traffic on WiFi or make proper use of the border detection (e.g. use one switch-port for a second uplink and another for downstream or so). I think the does not like bridges thing came from the old stuff on http://github.org/fingon/hnet-core/ or something like that - can't find it right now. It's good to know that it works, though I'm fully intending to not use bridging anyway :-) - I really really like the hnet approach. Will let you know how it works out! thanks, gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpnvZ5qjUsp7.pgp Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] option ip6assign 60
Am 02.05.2014 21:00, schrieb Gert Doering: Ah! So it's a reservation for downstream-DHCPv6-PD. It's still slightly confusing, tbh, to see the ifconfig and route values point the /60 towards the actual interface. But maybe that's just me :-) - it certainly isn't causing problems, just to say that again. Yes, please see other e-mail in the thread for justification ;) Thanks for the offer. Right now, only one of the routers is life (due to convenience of access to stuff, like arbitrary upstream routers, I'm building this at office, and 3 out of 4 boxes are still at home...), but I'm planning to have this operational in the next few days - and I'm sure questions will come. I've read everything that's linked from the start page on http://www.homewrt.org/ - but it's not really much as far as how can I see what it does? how can I debug it? Is there only one single option to turn this on and off (option proto 'hnet'), or is there more? Does hnetd handle IPv4 and IPv6 today? How do I force selection of a certain /64 on a specific interface? question go... :-) Yeah to turn it on on a given interface simply change the proto to hnet (and remove any previous interface using the same interface in /etc/config/network). If you want to not use bridging you need to create one logical interface in /etc/config/network for each switch-port / vlan. Once you have configured an interface e.g. like this: config interface h1 option ifname eth1 option proto hnet and brough it up with /etc/init.d/network reload ifup h1 you can watch its state using: ifstatus h1. hnet also automatically creates a dhcp and dhcpv6 client subinterface which you can also monitor using ifstatus h1_4 and ifstatus h1_6. If there is 6rd or dslite provided by dhcp / dhcpv6 then there is a in addition an interface h1_6rd or h1_dslite. All these virtual interface are created automatically (you don't need to put then in /etc/config/network). Also hnetd at the moment is very talkative in syslog so you should get a pretty good view of whats going on. Forcing a certain prefix on an interface is implemented but not exposed to interface config yet. I will try to put it on todo for sometime next week and push a new version to OpenWrt once its working shouldn't be very hard. Regards, Steven ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
