From owner-freebsd-net@FreeBSD.ORG Wed Jan 13 00:42:07 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B7481065672 for ; Wed, 13 Jan 2010 00:42:07 +0000 (UTC) (envelope-from dhorn2000@gmail.com) Received: from mail-fx0-f227.google.com (mail-fx0-f227.google.com [209.85.220.227]) by mx1.freebsd.org (Postfix) with ESMTP id 60CE38FC1E for ; Wed, 13 Jan 2010 00:42:06 +0000 (UTC) Received: by fxm27 with SMTP id 27so72699fxm.3 for ; Tue, 12 Jan 2010 16:42:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=+bHO/CoObBUnSvyvCnejgzUO3r2rR+/VnRTo5U2LHXU=; b=meNlB3UO2hBrLPoZuCcGHkHC/IQvk9WqHeKpThrUh7m+7cQSoZZURvKblTff3Tw0o/ AFCsO6BV2vxsVfeoNE9hrLA6dPHeqvsIkAc1I9453uRb4VxQhvcvaBs7cNMGmQxN5aHd 0vJH6QGEoSzYue2yEjzI74hEINQD0G2gn1UGk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Tj5/kAV6zU0gZ8OLeYyEVOabZIF1kUiJYznVuH3d0hZAii95XHcDlo+1p3VJKn48T5 6O892AgORNjApOea7O199WHKfkeED7cupXcCkbzbfJJLqiUnY3sjxFwJUDTcFZEu60H5 chFKDqomNFdxqSzHFX5dWRxILPLdXMTbUILOw= MIME-Version: 1.0 Received: by 10.239.160.7 with SMTP id a7mr2495836hbd.98.1263343320610; Tue, 12 Jan 2010 16:42:00 -0800 (PST) In-Reply-To: <4B4CEB41.3000805@Sun.COM> References: <4B4CEB41.3000805@Sun.COM> Date: Tue, 12 Jan 2010 19:42:00 -0500 Message-ID: <25ff90d61001121642l7ac1de26ma7033ca997d90183@mail.gmail.com> From: David Horn To: Brett Lee Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: How to enable IPv6 on a subset of interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2010 00:42:07 -0000 On Tue, Jan 12, 2010 at 4:36 PM, Brett Lee wrote: > Hello, > > Using FreeBSD 8.0-RELEASE, and am trying variations in /etc/rc.conf in an > attempt to enable IPv6 on ONLY one of the systems two interfaces. > > Specifically, em0 should be enabled IPv4 DHCP, and bge0 should be enabled > IPv6 only. > > From the KAME link below, and the files /etc/network.subr and > /etc/defaults/rc.conf, am reading that "ipv6_network_interface" should wo= rk; > however the following still results in em0 obtaining IPv6 addresses: > > http://www.kame.net/~suz/freebsd-ipv6-config-guide.txt > > ifconfig_em0=3D"DHCP" > ipv6_enable=3D"YES" > ipv6_network_interface=3D"bge0" > ipv6_network_interfaces=3D"bge0" > > In another attempt (see link below), it looks like "ifconfig_em0" may > support a "NOIPV6" param, but in practice it doesn't seem to work for me: > > http://lists.freebsd.org/pipermail/freebsd-rc/2007-May/001106.html > > ifconfig_em0=3D"DHCP NOIPV6" > ipv6_enable=3D"YES" > #ipv6_network_interface=3D"bge0" > #ipv6_network_interfaces=3D"bge0" > > Am hopeful that someone might point out how I could enable this > configuration. > > Thanks in advance! =A0-Brett NOIPV6 is not a valid rc.conf configuration token at this time. I am assuming that you are using SLAAC for IPv6 prefix/address distribution (via rtadvd/radvd), and not DHCPv6. ipv6_network_interfaces is the correct rc.conf(5) variable to use to specifically control which interface gets configured using SLAAC via rtsol(8), but will not stop other interfaces from getting the RA (Router Advertisement) packet which starts IPv6 SLAAC (Stateless Autoconfiguration). In -current/9.0 there are nice new ifconfig parameters (inet6 ifdisabled -nud -accept_rtadv) and rc.conf variables that do just what you are looking for, but they are not in 8.0 at this time. In 8.0 you can use the ndp(8) utility to set the -accept_rtadv (and/or ifdisabled/nud,etc.) flags on a per-interface basis. The "-accept_rtadv" flag will disable SLAAC for the specified interface, but must be called before the interface gets the "RA" packet to be effective. You can do an ugly *unsupported hack* in 8.0 to call ndp from within rc.conf/rc.d startup scripts until the new code makes it into a release: ipv6_enable=3D"YES" ipv6_network_interfaces=3D"bge0" ifconfig_em0=3D"DHCP `ndp -i em0 ifdisabled -nud -accept_rtadv >/dev/null 2= >&1`" ifconfig_bge0=3D"UP" This will cause some boot-time error messages about not finding ndp (before /usr is mounted), but these can be ignored, as the backticked ndp line will be run EVERY time that rc.conf is sourced. This is just a work-around for 8.0 that happened to work for me at the time. If someone else has a better solution that fits properly within the confines of rc.conf, please speak up. While on the subject, I have been thinking about putting together a patchset to experiment with adding some improved logic surrounding using DHCPv6 vs DHPCPv4 vs SLAAC/RTSOL in the rc.conf scripts and adding M+0 flag support +rdnss (RFC 5006) support to the kernel and userland and devd. If I can ever get a working prototype, I will share to get some feedback. Good Luck. ---Dave Horn