Subject: Re: How to use properly ipv6 autoconf over a router interface?
To: None <firstname.lastname@example.org>
From: Martijn van Buul <email@example.com>
Date: 05/04/2006 21:52:29
It occurred to me that David Young wrote in gmane.os.netbsd.devel.network:
> On Thu, May 04, 2006 at 10:59:07AM +0000, Martijn van Buul wrote:
>> It occurred to me that David Young wrote in gmane.os.netbsd.devel.network:
>> > I can easily imagine a scenario where my Powerbook auto-configures as
>> > a host on a WiFi LAN, but it is a router for my cell and for my PDA on
>> > a Bluetooth PAN.
>> I'm smelling IPv6 NAT here.
> If people only know/think enough about the topic to speak about "smells"
> and "messiness",
Maybe I *do* know more of the subject, and I'm merely a few steps ahead of
But well then, Mr. Guru, please tell me how to address the following
IPv6 autoconfiguration *only* works for networks with a link prefix of 64
bits or less. That's how it's designed, and that's how it *can* be stateless,
because only then a node can be certain it can pick a unique address. In case
you forgot in all your guruness: An autoconfig'ed host picks the address,
not the router, and the lower 64 (or more) bits are based on the hardware
interface address. You do want your "private" IPv6 network to remain
autoconfigurable, otherwise the point is relatively moot. This requires your
private IPv6 network to have a prefixlen of 64 or less. But here we have the
problem: autoconfiguration doesn't hand out a range, it hands out a single
address. There's no reliable way to go ahead and claim more addresses. You
could proxy the RA/RS packets, but:
1) The autoconfig'ed address of your laptop, your PDA and your cell phone
aren't conveniently located in a small subnet, they're in a /64 net at
the very least. More exactly: They *have* to be in the same subnet as the
public interface of your laptop. You can't even intercept the RA packets
and rewrite them so your laptop will be the default router, as this will
render everyone *outside* your PAN but *inside* the LAN unreachable.
Hardly desireable. The only way to solve this would be manually bridging
over all traffic, but this requires both interfaces on your laptop to
be promiscious (Bad for performance), and it's most definately not the
same role as a gateway. You're making your laptop be a switch, not
2) To address the problems above, you couldn't sneakily invent a /125
(or something) network and claim it to be yours, thus allocating
more addresses on the LAN ipv6 net. While noone will actively stop
you, you're breaching the fundamentals of ipv6 autoconfig - and autoconfig'
ed addresses will no longer be guaranteed to be unique. In a way, you're
MAC spoofing. And before you come along and claim that something like this
will be very unlikely to happen: I have 3 network cards at home (purchased
at the same time) whose MAC addresses only differ in the lowest digits,
which would be *exactly* the digits you'd be abusing for this purpose. And
even so: While this would solve the routing issue on your PAN, the network
interface on the LAN would still have to be assigned all the addresses
in the range - otherwise neighbour discovery would go haywire. Not that it
will help you much; all the devices on your PAN will not autoconfigure
anyway, as a /125 network is way too small for autoconfiguration. You'd
end up having to configure them manually, which kind of defeats the
3) Hey, if any autoconfiged host could be a router to other hosts, they as
well could be routers! Yeah! Endless supply of network addresses.
Really, the only way to make *any* kind of automagic routing possible would
be address rewriting. IPv6 already autoconfigures link local addresses
for you, but they'd have to be rewritten to something global. In other words,
IPv6 NAT. And you may call me names and ridicule me, but really:
It stinks tremendously.
> I don't see any reason to persist with the discussion.