Date: Wed, 27 Aug 2014 00:22:01 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: Jonathan Price <freebsd@jonathanprice.org> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Peter Wemm <peter@wemm.org> Subject: Re: Should I be using ipv6_activate_all_interfaces or ip6addrctl_policy="ipv6_prefer" Message-ID: <CAN6yY1uxft_3cTkWV8NTnOai-928DnS3uW-XyD3BwcCvjBKeQw@mail.gmail.com> In-Reply-To: <53FD7B34.1050408@jonathanprice.org> References: <88a42e1006e3fac7508a9419e342f1b2@mail.jonathanprice.org> <2173103.SJdXL7NPLT@overcee.wemm.org> <53FD7B34.1050408@jonathanprice.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 26, 2014 at 11:31 PM, Jonathan Price <freebsd@jonathanprice.org>
wrote:
> On 2014-08-27 01:40, Peter Wemm wrote:
>
>> On Tuesday 26 August 2014 10:40:27 freebsd@jonathanprice.org wrote:
>>
>>> Hello,
>>>
>>> I am configuring a server with IPv4 and IPv6 addresses and have noticed
>>> that
>>> FreeBSD seems to be preferring IPv4, such as when establishing SSH
>>> connections.
>>>
>>> After reading through /etc/defaults/rc.conf, and later
>>> /etc/rc.d/ip6addrctl
>>> I have come to the conclusion that I have two ways to tell FreeBSD to
>>> prefer IPv6:
>>>
>>> 1) Add ipv6_activate_all_interfaces to /etc/rc.conf
>>> 2) Add ip6addrctl_policy="ipv6_prefer" to /etc/rc.conf
>>>
>>> Could anybody with a little more knowledge on the matter explain to me
>>> which
>>> of the two options is more preferential?
>>>
>>
>> They both do different things.
>>
>> The activate knob is to enable ipv6 on an interface. To oversimplify it,
>> if
>> you configure an address on an interface, it is "enabled". However, this
>> switch enables this on all the rest of the interfaces, even the ones you
>> didn't configure.
>>
>> ip6addrctl* affects things like hostname lookups to sort the addresses
>> returned
>> to the caller.
>>
>> They are different things entirely. I think you are expecting the
>> behavior
>> that ip6_prefer policy gives you. That's what we use in the freebsd.org
>> cluster to have it use ipv6 where possible.
>>
>>
> Hi, and thanks for the response.
>
> Would it be possible to go into a little detail as to what
> ipv6_activate_all_interfaces="YES" does to interfaces which don't
> explicitly have an address configured? I can't appear to find much
> information on this option.
>
> However, it does sound like for my purposes it would make more sense to
> use ip6addrctl_policy="ipv6_prefer" as that is more explicitly the
> feature I want, rather than getting it inadvertently through the other knob.
>
> As to Kevin's question, I have working IPv6 connectivity both with and
> without the knobs in mention, it's just that certain applications which can
> use both IPv4 and IPv6 (such as SSH), won't use IPv6 unless explicitly told
> to (with -6 in this example), or one of the above tunables is used
While doubting Peter's networking answers is usually foolish, I think this
one is at least a bit misleading. As he says,
ipv6_activate_all_interfaces="YES" will set all interfaces on the system to
-ifdisable which, since it is an IPv6 option, will enable IPv6 on all
interfaces. NO will disable IPv6 on all interfaces.
But it is related to ipaddrctl_policy as it will set ipaddrctl_policy to
"ipv6_prefer" if no explicit setting overrides it.
So IPv6 is working, and "ssh -6" does use IPv6. I'd still like to see the
output of ip6addrctl. It should look like:
::1/128 50 0
::/0 40 1
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
For more explanation, look at /etc/rc.d/ip6addrctl and /etc/network.subr.
The list of prefixes set by it should match what I list above. If
'ipv6_activate_all_interfaces="NO"', or ipaddrctl_policy="ipv4_prefer",
you should get:
::1/128 50 0
::/0 40 1
::ffff:0:0/96 100 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
Any other output indicates manual setting of the policy. the "magic" is the
precedence of ::ffff:0:0/96 which is an odd way of saying IPv4.
I generally recommend ipv6_activate_all.
Now I fear Peter will explain how I have misread the code.
--
R. Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1uxft_3cTkWV8NTnOai-928DnS3uW-XyD3BwcCvjBKeQw>