Package: wide-dhcpv6-client Version: 20080615-7 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The DHCPv6 client should always add a route for all prefixes delegated to it to avoid routing loops. On Linux, this should be the equivalent of doing "ip route add unreachable prefix/len" In a typical ISP environment, a route to the delegated prefix will be installed on the BRAS pointing to the end user running DHCPv6-PD. The end user will have a default route pointing back to the BRAS. This means that the end user must null route the prefix to break the routing loop. This is also required by http://tools.ietf.org/html/draft-ietf-v6ops-ipv6-cpe-router-03 : WPD-4: If the delegated prefix is an aggregate route of multiple, more-specific routes the IPv6 CE router MUST discard packets that match the aggregate route, but not any of the more- specific routes. In other words, the "next-hop" for the aggregate route should be the null destination. This is necessary to prevent forwarding loops when some addresses covered by the aggregate are not reachable [RFC4632]. The IPv6 CE Router SHOULD send an ICMPv6 Destination Unreachable according to section 3.1 [RFC4443] back to the source of the packet if the packet is to be dropped due to this rule. Example of the current behaviour when being delegated a /48 and only using a single /64 out of it: Dec/22/2009 12:28:03: get_ia: make an IA: PD-0 Dec/22/2009 12:28:03: update_prefix: create a prefix 2001:4620:9::/48 pltime=600, vltime=12884902488 Dec/22/2009 12:28:03: ifaddrconf: add an address 2001:4620:9:0:5054:6ff:fe66:0/64 on eth0 Dec/22/2009 12:28:03: dhcp6_remove_event: removing an event on ppp0, state=REQUEST Dec/22/2009 12:28:03: dhcp6_remove_event: removing server (ID: 00:02:00:00:0a:4c:45:52:58:2d:33:31:30:2f:37:34:35:41:43:33:33:45:58:32:2f:01) Dec/22/2009 12:28:03: client6_recvreply: got an expected reply, sleeping. ipv6-pppoe-1:~# ip -6 route 2001:4600:10:11::/64 dev ppp0 proto kernel metric 256 expires 1643sec mtu 1452 advmss 1392 hoplimit 4294967295 2001:4620:9::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev ppp0 proto kernel metric 256 mtu 1452 advmss 1392 hoplimit 4294967295 fe80::/10 dev ppp0 metric 1 mtu 1452 advmss 1392 hoplimit 4294967295 fe80::/10 dev ppp0 proto kernel metric 256 mtu 1452 advmss 1392 hoplimit 4294967295 default via fe80::90:1a00:141:70f7 dev ppp0 proto kernel metric 1024 expires 1642sec mtu 1452 advmss 1392 hoplimit 4294967295 Trying to reach any part of 2001:4620:9::/48 outside 2001:4620:9::/64 will cause a loop: ipv6-pppoe-1:~# traceroute6 -n 2001:4620:9:1::1 traceroute to 2001:4620:9:1::1 (2001:4620:9:1::1), 30 hops max, 80 byte packets 1 2001:4600:10:11::1 51.316 ms 51.278 ms 55.295 ms 2 2001:4600:10:11::c 55.299 ms 59.247 ms 63.238 ms 3 2001:4600:10:11::1 167.290 ms 175.199 ms 175.188 ms 4 2001:4600:10:11::c 179.221 ms 179.215 ms 183.179 ms 5 2001:4600:10:11::1 247.143 ms 247.132 ms 251.139 ms 6 2001:4600:10:11::c 251.146 ms 203.857 ms 207.814 ms 7 2001:4600:10:11::1 263.837 ms 267.813 ms 263.823 ms 8 2001:4600:10:11::c 275.843 ms 211.819 ms 227.964 ms Bjorn - -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages wide-dhcpv6-client depends on: ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii libc6 2.10.2-2 GNU C Library: Shared libraries ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii sharutils 1:4.6.3-1 shar, unshar, uuencode, uudecode wide-dhcpv6-client recommends no packages. wide-dhcpv6-client suggests no packages. - -- debconf information: * wide-dhcpv6-client/interfaces: * wide-dhcpv6-client/config_warn: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkswypkACgkQ10rqkowbIsmwqwCggSxYTNJGR6r4EZTLZOLzcRdN wSQAnRSuU5lYrBecO/4htiOm7CiDEuS5 =uHqm -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
