Subject: Re: How to use properly ipv6 autoconf over a router interface?
To: None <>
From: Martijn van Buul <>
List: tech-net
Date: 05/04/2006 21:52:29
It occurred to me that David Young wrote in
> On Thu, May 04, 2006 at 10:59:07AM +0000, Martijn van Buul wrote:
>> It occurred to me that David Young wrote in
>> > I can easily imagine a scenario where my Powerbook auto-configures as
>> > a host on a WiFi LAN, but it is a router for my cell and for my PDA on
>> > a Bluetooth PAN.
>> I'm smelling IPv6 NAT here.
> If people only know/think enough about the topic to speak about "smells"
> and "messiness", 

Maybe I *do* know more of the subject, and I'm merely a few steps ahead of

But well then, Mr. Guru, please tell me how to address the following

IPv6 autoconfiguration *only* works for networks with a link prefix of 64
bits or less. That's how it's designed, and that's how it *can* be stateless,
because only then a node can be certain it can pick a unique address. In case
you forgot in all your guruness: An autoconfig'ed host picks the address,
not the router, and the lower 64 (or more) bits are based on the hardware
interface address. You do want your "private" IPv6 network to remain
autoconfigurable, otherwise the point is relatively moot. This requires your
private IPv6 network to have a prefixlen of 64 or less. But here we have the
problem: autoconfiguration doesn't hand out a range, it hands out a single
address. There's no reliable way to go ahead and claim more addresses. You
could proxy the RA/RS packets, but:

1) The autoconfig'ed address of your laptop, your PDA and your cell phone
   aren't conveniently located in a small subnet, they're in a /64 net at
   the very least. More exactly: They *have* to be in the same subnet as the
   public interface of your laptop. You can't even intercept the RA packets
   and rewrite them so your laptop will be the default router, as this will
   render everyone *outside* your PAN but *inside* the LAN unreachable. 
   Hardly desireable. The only way to solve this would be manually bridging
   over all traffic, but this requires both interfaces on your laptop to
   be promiscious (Bad for performance), and it's most definately not the
   same role as a gateway. You're making your laptop be a switch, not
   a router.

2) To address the problems above, you couldn't sneakily invent a /125 
   (or something) network and claim it to be yours, thus allocating
   more addresses on the LAN ipv6 net. While noone will actively stop
   you, you're breaching the fundamentals of ipv6 autoconfig - and autoconfig'
   ed addresses will no longer be guaranteed to be unique. In a way, you're
   MAC spoofing. And before you come along and claim that something like this
   will be very unlikely to happen: I have 3 network cards at home (purchased
   at the same time) whose MAC addresses only differ in the lowest digits,
   which would be *exactly* the digits you'd be abusing for this purpose. And
   even so: While this would solve the routing issue on your PAN, the network
   interface on the LAN would still have to be assigned all the addresses
   in the range - otherwise neighbour discovery would go haywire. Not that it
   will help you much; all the devices on your PAN will not autoconfigure
   anyway, as a /125 network is way too small for autoconfiguration. You'd
   end up having to configure them manually, which kind of defeats the

3) Hey, if any autoconfiged host could be a router to other hosts, they as
   well could be routers! Yeah! Endless supply of network addresses. 
Really, the only way to make *any* kind of automagic routing possible would
be address rewriting. IPv6 already autoconfigures link local addresses 
for you, but they'd have to be rewritten to something global. In other words,
IPv6 NAT. And you may call me names and ridicule me, but really:

that stinks.

It stinks tremendously. 

> I don't see any reason to persist with the discussion.