Re: IPv6 and ND on tap(4)

To: Greg Troxel <gdt%ir.bbn.com@localhost>
Subject: Re: IPv6 and ND on tap(4)
From: Gert Doering <gert%greenie.muc.de@localhost>
Date: Sat, 17 Sep 2011 22:58:18 +0200

Hi,

(we're now moving to philosophical land "how things should be")

On Sat, Sep 17, 2011 at 04:44:53PM -0400, Greg Troxel wrote:
> Gert Doering <gert%greenie.muc.de@localhost> writes:
> 
> >> I think there's a general notion in the specs that an autoconfigured
> >> host is only allowed to have one interface.  
> >
> > Which is fine from the point of view "it shouldn't be acting as a router",
> > but for the generic VPN case, this is too strict.
> 
> Not sure why you say "too strict".  

Well, maybe a terminology issue.  I'm perfectly fine with "only a single
interface at time can be autoconfiguring", but I don't think the specs
demand that "if an interface is autoconfiguring, manual configuration on
other interfaces should not be allowed".

If the latter interpretation is used, I think it's more strict that 
necessary to achieve well-defined behaviour.

> An autoconfigured host sets the
> default route from RAs.  With >=2 interfaces, the right behavior is
> unclear.  

Install two default routes, decide by whichever algorithm which of the
two default routes to use.

How's that different from "one interface, receiving RAs from two different
routers"?

> So you simply configure addresses manually and a default route
> (or run ripng in listen-only mode).

Well, I'm still thinking of the "workstation, autoconfigured for the
LAN network, but has VPN interface" usage case - there would be one
interface autoconfig'ed, and occasionally others, typically statically
configured.  For that case, manual configuration "because I want VPN"
is a bit hard to explain to users.

> It's fine to disagree with this philosophy (and I'm sympathetic in
> part), but if that's what the specs say, it seems proper for NetBSD to
> implement it.  But definitely what you've observed is a bug.

I'm not exactly sure that this is what the specs say... :-)

Linux (these days) has something called "hybrid router" mode where 
RAs are accepted on some interfaces, and *sent* on others, which is what
you *need* if you want to implement a typical DSL router (which would
autoconfigure its WAN interface, and statically configure its LAN ifs,
sending out RAs to clients).  

I'll need to go and read RFCs (starting with 6204 and the references in 
there) to figure out whether this is sanctioned by the RFCs, or just 
implemented as a matter of needed functionality :-)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             
gert%greenie.muc.de@localhost
fax: +49-89-35655025                        
gert%net.informatik.tu-muenchen.de@localhost

References:
- IPv6 and ND on tap(4)
  - From: Gert Doering
- Re: IPv6 and ND on tap(4)
  - From: Greg Troxel
- Re: IPv6 and ND on tap(4)
  - From: Gert Doering
- Re: IPv6 and ND on tap(4)
  - From: Greg Troxel
- Re: IPv6 and ND on tap(4)
  - From: Gert Doering
- Re: IPv6 and ND on tap(4)
  - From: Greg Troxel
- Re: IPv6 and ND on tap(4)
  - From: Gert Doering
- Re: IPv6 and ND on tap(4)
  - From: Greg Troxel

Prev by Date: Re: IPv6 and ND on tap(4)
Next by Date: Non-root tun-over-ssh?
Previous by Thread: Re: IPv6 and ND on tap(4)
Next by Thread: Non-root tun-over-ssh?
Indexes:

Home | Main Index | Thread Index | Old Index