Hey Jorge, It looks like you're missing the "ips" field, so you're currently getting your IPv4 addresses through the default behaviour of the network setup (which is to perform DHCP on NICs which don't have any addresses configured). If you set "ips" to be [ "dhcp", "addrconf" ], you should be all set.
- Cody On Sun, Nov 15, 2015 at 6:31 AM, Jorge Schrauwen <[email protected]> wrote: > Hey Cody, > > Doesn't seem to be working for me: > > SunOS core 5.11 joyent_20151030T184221Z i86pc i386 i86pc > > [root@test ~]# ifconfig > lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 > index 1 > inet 127.0.0.1 netmask ff000000 > net0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 > index 2 > inet 172.16.aa.228 netmask ffffff00 broadcast 172.16.aa.255 > ether 82:1b:8e:xx:xx:12 > net1: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 > index 3 > inet 172.16.cc.250 netmask ffffff00 broadcast 172.16.cc.255 > ether 82:1b:8e:xx:xx:13 > lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 > index 1 > inet6 ::1/128 > > [root@core ~]# vmadm get 5388abbf-c39e-42eb-a311-e06613a0af91 | json nics > [ > { > "interface": "net0", > "mac": "82:1b:8e:xx:xx:12", > "vlan_id": 10, > "nic_tag": "trunk", > "mtu": 1500, > "primary": true > }, > { > "interface": "net1", > "mac": "82:1b:8e:xx:xx:13", > "vlan_id": 30, > "nic_tag": "trunk", > "mtu": 1500 > } > ] > > > I'm using dnsmasq to hand out ra's > > ##### dnsmasq configuration > ### set user/group > user=_dnsmasq > group=_dnsmasq > > ### logging > ## specify syslog facility (- to disable) > log-facility=- > > ### listen on interface > interface=vio1 > interface=vio2 > interface=vio3 > interface=vio4 > > ### dns > ## hosts (import /etc/hosts) > no-hosts > addn-hosts=/etc/dnsmasq.d/hosts > > ## custom resolvers > resolv-file=/etc/dnsmasq.d/resolvers > > ## domain configuration > domain=example.org > domain-needed > expand-hosts > bogus-priv > #strict-order > > ## caching > no-negcache > #cache-size=0 > > ### dhcp > ## options > dhcp-authoritative > dhcp-vendorclass=set:pxe,PXEClient > dhcp-option=option:netbios-nodetype,8 > dhcp-option=tag:vio1,option6:dns-server,[2001:6f8:yyyy:aa::1] > dhcp-option=tag:vio2,option6:dns-server,[2001:6f8:yyyy:bb::1] > dhcp-option=tag:vio3,option6:dns-server,[2001:6f8:yyyy:cc::1] > dhcp-option=tag:vio4,option6:dns-server,[2001:6f8:yyyy:dd::1] > dhcp-option-force=option:ntp-server,172.16.cc.2 > dhcp-option-force=option6:ntp-server,[2001:6f8:yyyy:cc::2] > > ## ignore > dhcp-ignore=tag:pxe > > ## static leases > dhcp-hostsfile=/etc/dnsmasq.d/reservations > > ## ipv4 > dhcp-range=tag:vio1,172.16.aa.226,172.16.aa.250,1h > dhcp-range=tag:vio2,172.16.bb.245,172.16.bb.250,7d > dhcp-range=tag:vio3,172.16.cc.245,172.16.cc.250,7d > dhcp-range=tag:vio4,172.16.dd.245,172.16.dd.250,7d > > ## ipv6 > enable-ra > dhcp-range=tag:vio1,2001:6f8:yyyy:aa::,ra-stateless,ra-names,64,1h > dhcp-range=tag:vio2,2001:6f8:yyyy:bb::,ra-stateless,ra-names,64,7d > dhcp-range=tag:vio3,2001:6f8:yyyy:cc::,ra-stateless,ra-names,64,7d > dhcp-range=tag:vio4,2001:6f8:yyyy:dd::,ra-stateless,ra-names,64,7d > > FYI: the remove_nics bug is also present in this image > > Regards > > Jorge > > > > On 2015-11-14 22:10, Cody Mello wrote: >> >> Hey Jorge, >> >> Yep, that's what it does. Much like IP spoofing detection currently >> detects DHCP(v6) transactions and adds them to a list of allowed >> addresses, this detects the Prefix Information on incoming Router >> Advertisements, calculates the modified EUI-64 address, and adds that >> to a list of allowed addresses. >> >> - Cody >> >> >> On Sat, Nov 14, 2015 at 3:45 AM, Jorge Schrauwen <[email protected]> >> wrote: >>> >>> Hey Cody, >>> >>> I'm a bit confused what this does... does this allow me to add 'addrconf' >>> to >>> the ips's array like I can do with dhcp and it will just work (tm) >>> without >>> adding the address EUI-64 based address to the allowed_ip list? >>> >>> Regards >>> >>> Jorge >>> >>> >>> >>> >>> On 2015-10-31 00:49, Cody Mello wrote: >>>> >>>> >>>> Hello all, >>>> >>>> Several people on IRC were interested in testing out images w/ support >>>> for SLAAC when using IP spoofing protection. I've done a variety of >>>> tests locally without any issues, and it should just work at this >>>> point. If you want to try it out, you can download images from here: >>>> >>>> https://us-east.manta.joyent.com/cody.mello/public/builds/OS-4667/platform-20151030T184221Z.tgz >>>> >>>> https://us-east.manta.joyent.com/cody.mello/public/builds/OS-4667/platform-20151030T184221Z.usb.bz2 >>>> >>>> https://us-east.manta.joyent.com/cody.mello/public/builds/OS-4667/platform-20151030T184221Z.iso >>>> >>>> If you try the images out, please let me know how it goes! If it >>>> doesn't work for you, please include the output of `vmadm get', what's >>>> doing Router Advertisements on your network and its configuration, and >>>> any other details you think are relevant. >>>> >>>> - Cody >>>> ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
