Re: ipv6 prefix maintenance

Fri, 04 Jul 2025 22:19:19 -0700 


> On 5 Jul 2025, at 06:08, Geoff Steckel <g...@oat.com> wrote:
> 
> Can anyone point me at a reference/discussion for ipv6 server addressing?
> 
> rad(8) & slaacd(8) work well for clients.
> 
> I have OpenBSD servers with IPv4 addresses including local DNS for them.
> I would like to allow naive clients to connect to them using IPv6.
> What addressing scheme might work well given ISP prefix changes?
> 
> thanks
>   Geoff Steckel
> 
> I see three ways to do this. All have problems.
>   1) assign a fd00::/8 subnet for server access
>     or
>   2) use the single (dynamic) global prefix everywhere
>     or
>   3) advertise link-layer addresses for servers
> and
>   4) zeroconf isn't applicable and confuses things
> 

I do option 1 and 2 at the same time, but I am not an expert in this space.

I statically assign fd00::/8 addresses to internal networks and services, but 
also get a dynamic global prefix delegation from my ISP that gets assigned to 
the same networks.

On my router I have this config:

dlg@router ~$ sudo cat /etc/hostname.lo1                                       
inet6 alias fdXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX 128
up
dlg@router ~$ sudo cat /etc/hostname.re1 
inet 192.168.0.1/24
inet6 alias fdXX:XXXX:XXXX:XXXX:1::1 64
group internal
dlg@router ~$ sudo cat /etc/hostname.re2 
group external
inet autoconf
inet6 autoconf
dlg@router ~$ sudo cat /etc/dhcp6leased.conf                                   
request prefix delegation on re2 for { re2/128 re1 }
dlg@router ~$ sudo cat /etc/rad.conf                                           
interface re1 {
  auto prefix
  dns {
    nameserver fdXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
  }
}

I dont know if this is normal, but I only get link local addresses with inet6 
autoconf on the link to my ISP. However, I get a globally routable prefix with 
dhcp6, so I assign one of the IPs out of that range to the external link on my 
router to make it easier to talk to the internet.

unbound listens on the lo1 IP. This let me choose if I wanted to use fd00::/8, 
or delegate a global prefix on the internal network, or both, and have the 
nameserver reachable from any host on those networks because of their default 
route.

I keep meaning to try and hack rad(8) up to see if I can set "router 
preference” on a per prefix basis. If I’m using both fd00 and global addresses 
on a net, I would like to prefer the global addresses. I haven’t actually 
tested if this is actually useful or meaningful though.

Dlg






















					Reply via email to