Re: Enabling SLAAC for IPv6 by default

To: Greg Troxel <gdt%lexort.com@localhost>, tech-net%netbsd.org@localhost
Subject: Re: Enabling SLAAC for IPv6 by default
From: Roy Marples <roy%marples.name@localhost>
Date: Tue, 25 Sep 2018 17:45:51 +0100

On 25/09/2018 16:40, Greg Troxel wrote:

Roy Marples <roy%marples.name@localhost> writes:

He's specifically talking about temporary addresses.
dhcpcd enables stable private addresses by default instead.


I am not quite following, and will assume I'm not the only one - so a
few questions trying to be precise.

I am unable to find any documentation of use_tempaddr and
prefer_tempaddr under /usr/share/man.

Is the "temp_addr" sysctl about "SLAAC privacy extensions", changing
behavior of the in-kernel stateless autoconfiguration client, such that
if not set, the MAC address is used to form the host part, and if set,
forming the host part randomly?


No.
The MAC address forming the host part is still created.
A temporary address where the host part is random is *also* created.

What is the lifetime of the addresses formed by the kernel when enabled?
Are we following the recommendation of 1 day as preferred and 7 days as
valid?

sysctls net.inet6.ip6.temppltime and net.inet6.ip6.tempvltime are usedto calculate the lifetimes based on the lifetime of the actual address.


Is there a mechanism to keep such addresses (marked deprecrated) until
they are no longer in use (well, bound)?  I checked a few Mac machines,
and they seem to keep "deprecated" addresses around for varying
intervals.  Or simply the expiration at the end of the valid lifetime?


They will vanish when the lifetime expires.
This is my real issue, they are useless for persistent connections.

I checked one each netbsd-7 and netbsd-8, configured for dhcpcd, and
they have both link-local (fe80::) and global v6 addresses that do not
appear to have been formed from the MAC address.


dhcpcd generates stable private addresses - not temporary addresses.
These are a different beast and a better solution than temporary addresses.
See RFC 7217.

Do we know if there are mechanisms to keep temporary addresses in
deprecated state while ?in use"?


Even if in use, they vanish when expired.
See my above issue.

Roy

Follow-Ups:
- Re: Enabling SLAAC for IPv6 by default
  - From: Greg Troxel
- Re: Enabling SLAAC for IPv6 by default
  - From: Andy Ruhl

References:
- Enabling SLAAC for IPv6 by default
  - From: Pierre Pronchery
- Re: Enabling SLAAC for IPv6 by default
  - From: Joerg Sonnenberger
- Re: Enabling SLAAC for IPv6 by default
  - From: Roy Marples
- Re: Enabling SLAAC for IPv6 by default
  - From: Greg Troxel

Prev by Date: Re: Enabling SLAAC for IPv6 by default
Next by Date: Re: Enabling SLAAC for IPv6 by default
Previous by Thread: Re: Enabling SLAAC for IPv6 by default
Next by Thread: Re: Enabling SLAAC for IPv6 by default
Indexes:

Home | Main Index | Thread Index | Old Index