subject:"\[systemd\-devel\] Prefix delegation and IPv6 subnetting"

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-08-07 Thread Bent Bagger


Hi

Some time back I promised to publish my write-up on how I did get about 
it. It is here now:


https://www.oz6bl.dk/ipv6-prefix-delegation-and-subnetting/

Feel free to read and comment.

BTW Routing is easily handled by OSPF but that's OT here.

Thanks for answering my questions.

Bent

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-13 Thread Bent Bagger




On 11/07/2022 21.54, Kenneth Porter wrote:
This issue for ISC's Kea DHCPv6 server has some useful insights into 
what's required of a program that manages prefix delegation. See the 
long comment from Tomek Mrugalski 2 years ago.


https://gitlab.isc.org/isc-projects/kea/-/issues/856


Thank you for this and the previous pointers. They look interesting and 
appropriate. I have taken a brief view and when/if I fail with my OSPF 
things I'll take a much closer look.

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-11 Thread Kenneth Porter

This issue for ISC's Kea DHCPv6 server has some useful insights into 
what's required of a program that manages prefix delegation. See the 
long comment from Tomek Mrugalski 2 years ago.


https://gitlab.isc.org/isc-projects/kea/-/issues/856

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-10 Thread Bent Bagger

On 09/07/2022 23.11, Andrei Borzenkov wrote:

Mailing list is not web forum where you can scroll up to read previous
posts. On mailing list you are expected to include enough context from
the previous message. Without going to archives and searching for your
previous mail how should one know what Net0 etc means?
Point taken. I'll have your advice in mind in the future. I'm working on
putting a post on my web page on what I did to get where I got. I'll
post a notice here when I get it published.

Having in one line and full prefix in another line does not help in
understanding configuration. Is equal 2a06:4000:8073?
Yes. I had intended to anonymise the addresses but obviously failed
miserably . Now you know everything about me 

So you had to use external tool to implement prefix sub-delegation.
Which just confirms that it is not possible with systemd-networkd.
I had hoped it was possible to do it using systemd-networkd only but
having to realise that it can't be done is now part of 'lessons learned'
from this exercise.

Now on to routing. Upstream routing is easy thanks to the default
routes, but how do I get the downstream routes established? The delegating
router should add a route for the chosen prefix to the
requesting router, but can networkd do it or should I start looking at
routing protocols?

It is amazing how hard this is. See as example

https://unix.stackexchange.com/questions/28106/dhcpv6-prefix-delegation-server-for-linux

The suggested patch to ISC-DHCPD sounds good, but unfortunately it is
not upstream.

https://github.com/mpalmer/isc-dhcp/blob/mpalmer/client-address-data-expression/contrib/prefix-delegation-routing.rb
I discussed this with a routing knowable friend of mine earlier today
and he suggested that OSPF6 might do the job. He sounded rather
convincing so I'll give it a try. I might fail there too...

Bent

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-09 Thread Andrei Borzenkov

On 09.07.2022 18:48, Bent Bagger wrote:
> Thank you for the comments. They are most helpful.
> 
> Contrary to somebody’s belief sub-netting is indeed possible using 
> systemd in version 251.1.
> 

If you mean me, I never said that subnetting is not possible. I said
that sub-delegating is not possible.

> Here is what I have achieved so far:
> 
> My allocation from my ISP is a generous /48 (as recommended by Ripe) - 
> annotated as  in the following. I have configured my main router to 
> delegate /56 prefixes to requesting routers so Net0 is delegated this: 

Mailing list is not web forum where you can scroll up to read previous
posts. On mailing list you are expected to include enough context from
the previous message. Without going to archives and searching for your
previous mail how should one know what Net0 etc means?

> :e00::/56 as evidenced by the routing tables:
> 
> |::1 dev lo proto kernel metric 256 pref medium
> :19::/64 dev enp0s3 proto ra metric 1024 expires 3090sec pref medium
> :e00::/64 dev enp0s8 proto kernel metric 256 expires 874sec pref medium
> :e01::/64 dev enp0s9 proto kernel metric 256 expires 874sec pref medium
> unreachable 2a06:4000:8073:e00::/56 dev lo proto dhcp metric 1024 pref 
> medium

Having  in one line and full prefix in another line does not help in
understanding configuration. Is  equal 2a06:4000:8073?

> fe80::/64 dev enp0s8 proto kernel metric 256 pref medium
> fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
> fe80::/64 dev enp0s9 proto kernel metric 256 pref medium
> default via fe80::19 dev enp0s3 proto ra metric 1024 expires 874sec pref 
> medium|
> 
> Since networkd doesn’t (not yet?) include a DHCP6 server I installed an 
> ISC DHCP server on Net0 and configured it to delegate /60 prefixes to 
> requesting routers.

So you had to use external tool to implement prefix sub-delegation.
Which just confirms that it is not possible with systemd-networkd.

> Also I added this segment to the network file for 
> the downstream interface (enp0s8):
> 
> |[IPv6SendRA]
> Managed=yes
> RouterLifetimeSec=1500|
> 
> The line ‘Managed=yes’ is crucial in this context. Net2 gets this 
> routing table:
> 
> |::1 dev lo proto kernel metric 256 pref medium
> :e00::/64 dev enp0s3 proto ra metric 1024 expires 757sec pref medium
> :e80::/64 dev enp0s8 proto kernel metric 256 expires 2519453sec pref 
> medium
> unreachable :e80::/60 dev lo proto dhcp metric 1024 pref medium
> fe80::/64 dev enp0s8 proto kernel metric 256 pref medium
> fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
> default via fe80::a00:27ff:fe3a:902b dev enp0s3 proto ra metric 1024 
> expires 1440sec pref medium|
> 
> Likewise Net3 ends up with this routing table:
> 
> |::1 dev lo proto kernel metric 256 pref medium
> :e80::/64 dev enp0s3 proto ra metric 1024 expires 3483sec pref medium
> fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
> default via fe80::a00:27ff:fed7:6b82 dev enp0s3 proto ra metric 1024 
> expires 1083sec pref medium|
> 
> Now on to routing. Upstream routing is easy thanks to the default 
> routes, but how do I get the downstream routes established? The > delegating 
> router should add a route for the chosen prefix to the
> requesting router, but can networkd do it or should I start looking at 
> routing protocols?
> 

It is amazing how hard this is. See as example

https://unix.stackexchange.com/questions/28106/dhcpv6-prefix-delegation-server-for-linux

The suggested patch to ISC-DHCPD sounds good, but unfortunately it is
not upstream.

https://github.com/mpalmer/isc-dhcp/blob/mpalmer/client-address-data-expression/contrib/prefix-delegation-routing.rb

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-09 Thread Bent Bagger


Thank you for the comments. They are most helpful.

Contrary to somebody’s belief sub-netting is indeed possible using 
systemd in version 251.1.


Here is what I have achieved so far:

My allocation from my ISP is a generous /48 (as recommended by Ripe) - 
annotated as  in the following. I have configured my main router to 
delegate /56 prefixes to requesting routers so Net0 is delegated this: 
:e00::/56 as evidenced by the routing tables:


|::1 dev lo proto kernel metric 256 pref medium
:19::/64 dev enp0s3 proto ra metric 1024 expires 3090sec pref medium
:e00::/64 dev enp0s8 proto kernel metric 256 expires 874sec pref medium
:e01::/64 dev enp0s9 proto kernel metric 256 expires 874sec pref medium
unreachable 2a06:4000:8073:e00::/56 dev lo proto dhcp metric 1024 pref 
medium

fe80::/64 dev enp0s8 proto kernel metric 256 pref medium
fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
fe80::/64 dev enp0s9 proto kernel metric 256 pref medium
default via fe80::19 dev enp0s3 proto ra metric 1024 expires 874sec pref 
medium|


Since networkd doesn’t (not yet?) include a DHCP6 server I installed an 
ISC DHCP server on Net0 and configured it to delegate /60 prefixes to 
requesting routers. Also I added this segment to the network file for 
the downstream interface (enp0s8):


|[IPv6SendRA]
Managed=yes
RouterLifetimeSec=1500|

The line ‘Managed=yes’ is crucial in this context. Net2 gets this 
routing table:


|::1 dev lo proto kernel metric 256 pref medium
:e00::/64 dev enp0s3 proto ra metric 1024 expires 757sec pref medium
:e80::/64 dev enp0s8 proto kernel metric 256 expires 2519453sec pref 
medium

unreachable :e80::/60 dev lo proto dhcp metric 1024 pref medium
fe80::/64 dev enp0s8 proto kernel metric 256 pref medium
fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
default via fe80::a00:27ff:fe3a:902b dev enp0s3 proto ra metric 1024 
expires 1440sec pref medium|


Likewise Net3 ends up with this routing table:

|::1 dev lo proto kernel metric 256 pref medium
:e80::/64 dev enp0s3 proto ra metric 1024 expires 3483sec pref medium
fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
default via fe80::a00:27ff:fed7:6b82 dev enp0s3 proto ra metric 1024 
expires 1083sec pref medium|


Now on to routing. Upstream routing is easy thanks to the default 
routes, but how do I get the downstream routes established? The 
delegating router should add a route for the chosen prefix to the 
requesting router, but can networkd do it or should I start looking at 
routing protocols?


Bent

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-08 Thread Peter Mattern

If you're on a distribution running recent version of software, note 
that prefix delegation is completely dysfunctional as of 251 [1].


[1] https://github.com/systemd/systemd/issues/23546

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-08 Thread Mantas Mikulėnas

On Fri, Jul 8, 2022, 09:22 Andrei Borzenkov  wrote:

> On 07.07.2022 18:25, Bent Bagger wrote:
> >
> > The prefix delegation problem starts with the interactions between net0
> > and net2. Net0 is delegated a /56 prefix from the main router (which
> > runs radvd and dhcpd6, not networkd, for historical reasons). I want
> > net2 to delegate a /60 subnet to net3, but it doesn't happen.
>
>
> networkd does not support prefix subdelegation. It supports querying
> upstream for delegated prefixes and allocating one /64 received prefix
> to downstream interface announcing it via RA. The same functionality as
> NetworkManager. Nor does networkd support DHCPv6 server functionality.
>
> For all practical purposes IPv6 on-link prefix can only be /64. So
> "delegated a /56 prefix" is misleading. You get delegated block of
> prefixes that are aggregated into /56 mask.
>

IME, "prefix" is a *very* common term for routed prefixes, not only on-link
ones – probably much more common than "/56 mask" (given that nothing uses
actual mask notation in IPv6). The upstream router doesn't care about
whether you're going to use it as on-link prefixes or not, anyway.

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-07 Thread Andrei Borzenkov

On 07.07.2022 18:25, Bent Bagger wrote:
> 
> The prefix delegation problem starts with the interactions between net0 
> and net2. Net0 is delegated a /56 prefix from the main router (which 
> runs radvd and dhcpd6, not networkd, for historical reasons). I want 
> net2 to delegate a /60 subnet to net3, but it doesn't happen.

networkd does not support prefix subdelegation. It supports querying
upstream for delegated prefixes and allocating one /64 received prefix
to downstream interface announcing it via RA. The same functionality as
NetworkManager. Nor does networkd support DHCPv6 server functionality.

For all practical purposes IPv6 on-link prefix can only be /64. So
"delegated a /56 prefix" is misleading. You get delegated block of
prefixes that are aggregated into /56 mask.

I am not aware of any single program that would implement both client
and server side w.r.t. to prefix delegation. You can use one program to
query prefixes (client side) and use this information to update
configuration of another program (server side).

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

2022-07-07 Thread Kenneth Porter

--On Thursday, July 07, 2022 6:25 PM +0200 Bent Bagger 
 wrote:



I have become fascinated by prefix delegation and ipv6 subnetting - to
the extent that I have decided to learn more about it.


I'm learning the same stuff. FWIW, I'm on a RHEL-based system with 
systemd+NetworkManager and am working on configuring this NM plugin script 
package:

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

Re: [systemd-devel] Prefix delegation and IPv6 subnetting

10 matches

Site Navigation

Mail list logo

Footer information