Re: Linux and ULA support and default route
On 15/10/2016 00:57, Holger Zuleger wrote: >> If the delegated prefix changes, you'll be simply postponing the local >> communication failure, not prevent it. > Only if the new prefix is different to the old one. > >> The last year has convinced me that the best user experience is >> achieved by having an in-home stable ULA prefix to complement the >> ISP-delegated global prefix[es] [if any], and that all the internal >> hostnames should resolve to the IPv6 addresses assigned from the ULA >> prefix. > Yes, but this is probably a bit different to the AVM behavior. I have in > mind that the default configuration on Fritzboxes is to announce the ULA > *only* if the upstream is down. Correct, there is an option to change that however. Brian > Then your local active sessions breaks > twice.
Re: Linux and ULA support and default route
On 14.10.2016 15:20, sth...@nethelp.no wrote: >> At the end, the whole behavior is because some host have problems in >> handling situations where they have an IPv6 address configured and now >> internet connectivity. But the solution to this requires that the host >> is able to understand and work with RIO options, which seams to be "at >> the time" not generally the case. >> >> Do we replace one evil by another? > > I like Tore's solution of using ULA for local communication even when > the external link is down. That's not the question. The question is: Should a router stop advertising a default route if the (or better say "his") upstream link is down. Holger smime.p7s Description: S/MIME Cryptographic Signature
Re: Linux and ULA support and default route
> At the end, the whole behavior is because some host have problems in > handling situations where they have an IPv6 address configured and now > internet connectivity. But the solution to this requires that the host > is able to understand and work with RIO options, which seams to be "at > the time" not generally the case. > > Do we replace one evil by another? I like Tore's solution of using ULA for local communication even when the external link is down. Steinar Haug, AS2116
Re: Linux and ULA support and default route
Holger, >>> Imagine a setup with *two* routers. One of them has broken Internet, >>> the other is working. How can the hosts decide if both keep announcing >>> themselves as "I can reach anything"? >> >> in the general case the host still has to take the 'I can reach anything' >> announcement with a pinch of salt. >> and it should be able to try both (or more) connections and react >> accordingly when one fails. > ...which is the default host behaviour if the OS supports RFC4861. > Sadly some "user friendly" network mangers breaks this and setting a > static route with a better metric to just one(!) router. not really. that only covers the first hop. any failure anywhere else along the path would not be dealt with by 4861. cheers, Ole
Re: Linux and ULA support and default route
>> Imagine a setup with *two* routers. One of them has broken Internet, >> the other is working. How can the hosts decide if both keep announcing >> themselves as "I can reach anything"? > > in the general case the host still has to take the 'I can reach anything' > announcement with a pinch of salt. > and it should be able to try both (or more) connections and react accordingly > when one fails. ...which is the default host behaviour if the OS supports RFC4861. Sadly some "user friendly" network mangers breaks this and setting a static route with a better metric to just one(!) router. Holger smime.p7s Description: S/MIME Cryptographic Signature
Re: Linux and ULA support and default route
> If the delegated prefix changes, you'll be simply postponing the local > communication failure, not prevent it. Only if the new prefix is different to the old one. > The last year has convinced me that the best user experience is > achieved by having an in-home stable ULA prefix to complement the > ISP-delegated global prefix[es] [if any], and that all the internal > hostnames should resolve to the IPv6 addresses assigned from the ULA > prefix. Yes, but this is probably a bit different to the AVM behavior. I have in mind that the default configuration on Fritzboxes is to announce the ULA *only* if the upstream is down. Then your local active sessions breaks twice. Holger smime.p7s Description: S/MIME Cryptographic Signature
Re: Linux and ULA support and default route
On 14.10.2016 12:32, Gert Doering wrote: > Hi, > > On Fri, Oct 14, 2016 at 12:00:04PM +0200, Holger Zuleger wrote: >> Of course the default route should *not* be withdrawn. >> The RA default router announcement says just, "Hey hosts, I'm the way >> out of your local subnet", and not "Hey host, I have a upstream >> connection to the rest of the internet". > > If the router has no default route, it should not announce one - this > is why PIO exists for more specific info. For cases where a router provides "in principle" only connectivity to a limited set of prefixes (think of VPN connection) I'm with you. > Imagine a setup with *two* routers. One of them has broken Internet, > the other is working. How can the hosts decide if both keep announcing > themselves as "I can reach anything"? This is just a corner case if both routers have directly the upstream connection. But then this behavior make only sense if the same prefix is used for both upstreams, which is seldom the case in residential user scenarios. Otherwise you have a lot to do with source specific routing, and yes, you are right: In this case the source specific default route for the failed prefix should no longer announced. Holger Zuleger smime.p7s Description: S/MIME Cryptographic Signature
Re: Linux and ULA support and default route
* Holger Zuleger> Hmm, what's so bad with still using the global prefix until the global > connectivity comes back and the CPE gets a new one? > Than it's early enough to set the preferred time of the former prefix to > 0 and let them time out. > In this way all local communication will not be interrupted if your > Internet connection fails. If the delegated prefix changes, you'll be simply postponing the local communication failure, not prevent it. I've run Homewrt for over a year now and have no shortage of annoying experiences like for instance a movie that is being streamed to my HTPC from my NAS just suddenly freeze just because the Internet uplink have gone down and/or the delegated prefix changes. The last year has convinced me that the best user experience is achieved by having an in-home stable ULA prefix to complement the ISP-delegated global prefix[es] [if any], and that all the internal hostnames should resolve to the IPv6 addresses assigned from the ULA prefix. Tore
Re: Linux and ULA support and default route
Hi, On Fri, Oct 14, 2016 at 12:00:04PM +0200, Holger Zuleger wrote: > Of course the default route should *not* be withdrawn. > The RA default router announcement says just, "Hey hosts, I'm the way > out of your local subnet", and not "Hey host, I have a upstream > connection to the rest of the internet". If the router has no default route, it should not announce one - this is why PIO exists for more specific info. Imagine a setup with *two* routers. One of them has broken Internet, the other is working. How can the hosts decide if both keep announcing themselves as "I can reach anything"? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AGVorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 smime.p7s Description: S/MIME cryptographic signature
Re: Linux and ULA support and default route
I was wrong. Randomly set: no, manually change possible: yes. The reason for my confusion was "::" versus ":" Sometimes reading ipv6-addresses is hard.
Re: Linux and ULA support and default route
>> Great idea, ULAs. > > In the right circumstances, yes, actually. And actually my circumstances > yesterday were right for a ULA prefix: the ISP failed to give my CE a prefix. > Today, they gave me a prefix, and so Linux gives me a default route. Hmm, what's so bad with still using the global prefix until the global connectivity comes back and the CPE gets a new one? Than it's early enough to set the preferred time of the former prefix to 0 and let them time out. In this way all local communication will not be interrupted if your Internet connection fails. And sending the old prefix as a hint in the DHCPv6-PD reqest let a chance open to get the same prefix again. Then local communication will not be affected by the upstream failure at all. Of course the default route should *not* be withdrawn. The RA default router announcement says just, "Hey hosts, I'm the way out of your local subnet", and not "Hey host, I have a upstream connection to the rest of the internet". BR Holger smime.p7s Description: S/MIME Cryptographic Signature
Re: Linux and ULA support and default route
Am 13.10.2016 um 21:56 schrieb Brian E Carpenter: On 13/10/2016 21:14, Lorenzo Colitti wrote: Of note is the fact that the ULA prefix being announced is the ubiquitous fd00::/64. 0 is a perfectly random number, just like the ubiquitous PIN code 1234. But yes, this a sloppy job by the FritzBox. Hopefully they've fixed this in more recent models. It is fixed. In newer versions it is a random number and can additionally changed manually. Thomas -- There’s no place like ::1 Thomas Schäfer (Systemverwaltung) Ludwig-Maximilians-Universität Centrum für Informations- und Sprachverarbeitung Oettingenstraße 67 Raum C109 80538 München ☎ +49/89/2180-9706 ℻ +49/89/2180-9701
Re: Linux and ULA support and default route
On 13/10/2016 21:14, Lorenzo Colitti wrote: > Of note is the fact that the ULA prefix being announced is the ubiquitous > fd00::/64. 0 is a perfectly random number, just like the ubiquitous PIN code 1234. But yes, this a sloppy job by the FritzBox. Hopefully they've fixed this in more recent models. > Great idea, ULAs. In the right circumstances, yes, actually. And actually my circumstances yesterday were right for a ULA prefix: the ISP failed to give my CE a prefix. Today, they gave me a prefix, and so Linux gives me a default route. Brian > > On Wed, Oct 12, 2016 at 9:16 PM, Brian E Carpenter < > brian.e.carpen...@gmail.com> wrote: > >> This creates a tricky problem for homenet, I think, but I agree that my CE >> is doing what that requirement says. This also creates a truly annoying >> coding problem for me, which I won't go into here (except to gripe that >> Linux >> makes it very annoying indeed to discover your own global unicast address). >> >> Thanks >>Brian >> >> On 13/10/2016 16:55, Lorenzo Colitti wrote: >>> The linux host is correctly not adding a default route because the RA >>> specifies a router lifetime of 0, likely due to RFC 7084 requirement G-4. >>> >>> On Wed, Oct 12, 2016 at 8:25 PM, Brian E Carpenter < >>> brian.e.carpen...@gmail.com> wrote: >>> I'll send you the RA packet off-list. Brian On 13/10/2016 14:10, Brian E Carpenter wrote: > On 13/10/2016 13:47, Lorenzo Colitti wrote: >> On Wed, Oct 12, 2016 at 5:39 PM, Brian E Carpenter < >> brian.e.carpen...@gmail.com> wrote: >> >>> But what it says (before I install the correct default route) is >>> >>> fd00::/64 via fe80::be05:43ff:fe8e:ce39 dev wlp2s0 proto ra metric 600 >>> pref medium >>> fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium >>> >>> No default, as you can see. >>> >> >> Do you have a tcpdump of the RA? > > No. Any suggestions how I can catch one? Would a Wireshark capture be useful? > > Brian > >>> >> >
Re: Linux and ULA support and default route
On 2016-10-13 09:36, Tore Anderson wrote: > * Jeroen Massar> >> RA's only install the /64 and when default announced a default. >> >> Thus 'the rest of the ULA /48' would require a default route to be >> installed to reach that... >> >> When the device does not install a default route, there won't be an >> entry for anything in that /48, just the /64 and thus that space won't >> be reachable. > > Not if you set the accept_ra_rt_info_max_plen sysctl to >= 48 (and the > router implements RFC 7084 L-3). Which is why looking at the exact RA is important. > As far as I know, this sysctl is 0 by > default which causes the kernel to ignore RIOs. Correct. See among st others here for reasoning: https://patchwork.ozlabs.org/patch/331802/ and as it is default 0, unless one does already salt/puppet/etc to change that default, it won't easily get deployed; and if one does salt/puppet/etc then adding static routes can also work. Much easier and better to let the actual routers decide on routing though and not end-hosts. > I believe that Windows do accept RIOs by default so that's probably why > it worked for Brian. NetworkManager user-space RA processing will also > respect RIOs by default. Only silly people run broken software like "NetworkManager" ;) Greets, Jeroen
Re: Linux and ULA support and default route
On 2016-10-13 02:30, Brian E Carpenter wrote: > Hi Jeroen, > On 13/10/2016 12:16, Jeroen Massar wrote: >> On 2016-10-13 00:51, Brian E Carpenter wrote: >> [..] >>> Kernel IPv6 routing table >>> DestinationNext Hop Flag Met Ref Use >>> If >>> fd00::/64 fe80::be05:43ff:fe8e:ce39 UG 600 112 >>> wlp2s0 >>> fe80::/64 :: U256 0 0 >>> wlp2s0 >>> ::/0 :: !n -1 1 137 >>> lo >>> ::1/128:: Un 0 3 7 >>> lo >>> fd00::c5bb:40f2:f3d5:94e4/128 :: Un 0 319 >>> lo >>> fe80::9051:543a:4c9e:e93e/128 :: Un 0 211 >>> lo >>> ff00::/8 :: U256 2 1763 >>> wlp2s0 >>> ::/0 :: !n -1 1 137 >>> lo >> >> Do you receive those prefixes over RA or manual config? > > RA of course > >> Is forwarding enabled? > > No > >> What does the ra_accept sysctl say? > > accept_ra = 1 > >> >> Also 'ip -6 ro get ' can be very useful to check where the >> routing table thinks packets are supposed to go. > > Well, once I create the default route it tells me exactly what it should, > for any global-scope address. But after reboot it says "unreachable" > for any address outside the ULA /64 (i.e. even the rest of the ULA /48 > is unreachable). RA's only install the /64 and when default announced a default. Thus 'the rest of the ULA /48' would require a default route to be installed to reach that... When the device does not install a default route, there won't be an entry for anything in that /48, just the /64 and thus that space won't be reachable. Btw: IMHO ULAs are in 99% of the cases the wrong thing to use anyway. But note, this is not specific to ULA at all. (Except maybe that your device chose to not push a default route, as there is no default route to the Internet). You might want to check with tcpdump with the exact details of the RA are. Greets, Jeroen
Re: Linux and ULA support and default route
This creates a tricky problem for homenet, I think, but I agree that my CE is doing what that requirement says. This also creates a truly annoying coding problem for me, which I won't go into here (except to gripe that Linux makes it very annoying indeed to discover your own global unicast address). Thanks Brian On 13/10/2016 16:55, Lorenzo Colitti wrote: > The linux host is correctly not adding a default route because the RA > specifies a router lifetime of 0, likely due to RFC 7084 requirement G-4. > > On Wed, Oct 12, 2016 at 8:25 PM, Brian E Carpenter < > brian.e.carpen...@gmail.com> wrote: > >> I'll send you the RA packet off-list. >> >> Brian >> >> On 13/10/2016 14:10, Brian E Carpenter wrote: >>> On 13/10/2016 13:47, Lorenzo Colitti wrote: On Wed, Oct 12, 2016 at 5:39 PM, Brian E Carpenter < brian.e.carpen...@gmail.com> wrote: > But what it says (before I install the correct default route) is > > fd00::/64 via fe80::be05:43ff:fe8e:ce39 dev wlp2s0 proto ra metric >> 600 > pref medium > fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium > > No default, as you can see. > Do you have a tcpdump of the RA? >>> >>> No. Any suggestions how I can catch one? Would a Wireshark capture be >> useful? >>> >>> Brian >>> >> >
Re: Linux and ULA support and default route
The linux host is correctly not adding a default route because the RA specifies a router lifetime of 0, likely due to RFC 7084 requirement G-4. On Wed, Oct 12, 2016 at 8:25 PM, Brian E Carpenter < brian.e.carpen...@gmail.com> wrote: > I'll send you the RA packet off-list. > > Brian > > On 13/10/2016 14:10, Brian E Carpenter wrote: > > On 13/10/2016 13:47, Lorenzo Colitti wrote: > >> On Wed, Oct 12, 2016 at 5:39 PM, Brian E Carpenter < > >> brian.e.carpen...@gmail.com> wrote: > >> > >>> But what it says (before I install the correct default route) is > >>> > >>> fd00::/64 via fe80::be05:43ff:fe8e:ce39 dev wlp2s0 proto ra metric > 600 > >>> pref medium > >>> fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium > >>> > >>> No default, as you can see. > >>> > >> > >> Do you have a tcpdump of the RA? > > > > No. Any suggestions how I can catch one? Would a Wireshark capture be > useful? > > > > Brian > > >
Re: Linux and ULA support and default route
I'll send you the RA packet off-list. Brian On 13/10/2016 14:10, Brian E Carpenter wrote: > On 13/10/2016 13:47, Lorenzo Colitti wrote: >> On Wed, Oct 12, 2016 at 5:39 PM, Brian E Carpenter < >> brian.e.carpen...@gmail.com> wrote: >> >>> But what it says (before I install the correct default route) is >>> >>> fd00::/64 via fe80::be05:43ff:fe8e:ce39 dev wlp2s0 proto ra metric 600 >>> pref medium >>> fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium >>> >>> No default, as you can see. >>> >> >> Do you have a tcpdump of the RA? > > No. Any suggestions how I can catch one? Would a Wireshark capture be useful? > > Brian >
Re: Linux and ULA support and default route
On 13/10/2016 13:47, Lorenzo Colitti wrote: > On Wed, Oct 12, 2016 at 5:39 PM, Brian E Carpenter < > brian.e.carpen...@gmail.com> wrote: > >> But what it says (before I install the correct default route) is >> >> fd00::/64 via fe80::be05:43ff:fe8e:ce39 dev wlp2s0 proto ra metric 600 >> pref medium >> fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium >> >> No default, as you can see. >> > > Do you have a tcpdump of the RA? No. Any suggestions how I can catch one? Would a Wireshark capture be useful? Brian
Re: Linux and ULA support and default route
On 13/10/2016 13:05, Lorenzo Colitti wrote: > On Wed, Oct 12, 2016 at 3:51 PM, Brian E Carpenter < > brian.e.carpen...@gmail.com> wrote: > >> ::/0 :: !n -1 1 137 >> lo >> > > I think !n means network unreachable. Sure. But that's the Ethernet interface which isn't connected, so that's correct. The problem is the complete absence of a default route for the working (WiFi) interface. >Please provide the output of "ip -6 > route". It's very unenlightening. The full table from "route" is more use. But what it says (before I install the correct default route) is fd00::/64 via fe80::be05:43ff:fe8e:ce39 dev wlp2s0 proto ra metric 600 pref medium fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium No default, as you can see. Brian
Re: Linux and ULA support and default route
On Wed, Oct 12, 2016 at 5:30 PM, Brian E Carpenter < brian.e.carpen...@gmail.com> wrote: > It's broken, is all. > "ip -6 route show" or it didn't happen.
Re: Linux and ULA support and default route
Hi Jeroen, On 13/10/2016 12:16, Jeroen Massar wrote: > On 2016-10-13 00:51, Brian E Carpenter wrote: > [..] >> Kernel IPv6 routing table >> DestinationNext Hop Flag Met Ref Use If >> fd00::/64 fe80::be05:43ff:fe8e:ce39 UG 600 112 >> wlp2s0 >> fe80::/64 :: U256 0 0 >> wlp2s0 >> ::/0 :: !n -1 1 137 lo >> ::1/128:: Un 0 3 7 lo >> fd00::c5bb:40f2:f3d5:94e4/128 :: Un 0 319 lo >> fe80::9051:543a:4c9e:e93e/128 :: Un 0 211 lo >> ff00::/8 :: U256 2 1763 >> wlp2s0 >> ::/0 :: !n -1 1 137 lo > > Do you receive those prefixes over RA or manual config? RA of course > Is forwarding enabled? No > What does the ra_accept sysctl say? accept_ra = 1 > > Also 'ip -6 ro get ' can be very useful to check where the > routing table thinks packets are supposed to go. Well, once I create the default route it tells me exactly what it should, for any global-scope address. But after reboot it says "unreachable" for any address outside the ULA /64 (i.e. even the rest of the ULA /48 is unreachable). It's broken, is all. Brian > > In general on a Linux install from the last decade or so, avoid > 'netstat' and 'ifconfig' and use iproute: 'ip ro sho' or 'ip -6 ro sho', > 'ip -6 addr show' > > Greets, > Jeroen > >
Re: Linux and ULA support and default route
On 2016-10-13 02:05, Lorenzo Colitti wrote: > On Wed, Oct 12, 2016 at 3:51 PM, Brian E Carpenter >> wrote: > > ::/0 :: !n -1 > 1 137 lo > > > I think !n means network unreachable. Please provide the output of "ip > -6 route". That is indeed the default unreachable route, basically the root node of the prefix tree ;) Hence indeed why one should be using 'ip -6 ro sho' to check for the actual routes, netstat output is just odd. If only the system was using DHCPv6 eh ;) Greets, Jeroen
Re: Linux and ULA support and default route
On Wed, Oct 12, 2016 at 3:51 PM, Brian E Carpenter < brian.e.carpen...@gmail.com> wrote: > ::/0 :: !n -1 1 137 > lo > I think !n means network unreachable. Please provide the output of "ip -6 route".
Re: Linux and ULA support and default route
On 2016-10-13 00:51, Brian E Carpenter wrote: [..] > Kernel IPv6 routing table > DestinationNext Hop Flag Met Ref Use If > fd00::/64 fe80::be05:43ff:fe8e:ce39 UG 600 112 > wlp2s0 > fe80::/64 :: U256 0 0 > wlp2s0 > ::/0 :: !n -1 1 137 lo > ::1/128:: Un 0 3 7 lo > fd00::c5bb:40f2:f3d5:94e4/128 :: Un 0 319 lo > fe80::9051:543a:4c9e:e93e/128 :: Un 0 211 lo > ff00::/8 :: U256 2 1763 > wlp2s0 > ::/0 :: !n -1 1 137 lo Do you receive those prefixes over RA or manual config? Is forwarding enabled? What does the ra_accept sysctl say? Also 'ip -6 ro get ' can be very useful to check where the routing table thinks packets are supposed to go. In general on a Linux install from the last decade or so, avoid 'netstat' and 'ifconfig' and use iproute: 'ip ro sho' or 'ip -6 ro sho', 'ip -6 addr show' Greets, Jeroen