Re: [CentOS] IPv6 token with /60 and prefix delegation
On 5/8/22 05:00, Kenneth Porter wrote: I'm trying to figure out how to assign a "static" address that automatically sets the prefix to what the ISP delegates. It seemed like the token system would accomplish that, but reading the kernel source code, I've discovered that tokens only work with a /64 delegation. My ISP offers a /60, so the token is ignored and I get a random address, instead. Is there some way to use prefix delegation to pick a /64 from the /60 and loop it back onto the same interface to make it use the token? Or is this /64 restriction actually a kernel bug? So right now, you're assigning a /60 address to your LAN interface? If so, you almost certainly shouldn't do that. Instead, you should (as you say) pick a /64 from within the delegated /60 and use that subnet. (The other /64 subnets within the /60 can be used for other VLANs.) The details of doing this are going to be dependent on what software you're using to manage the network - NetworkManager, ISC DHCP client, etc. -- Google Where SkyNet meets Idiocracy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPv6 token with /60 and prefix delegation
--On Monday, May 09, 2022 12:16 PM -0500 Ian Pilcher wrote: So right now, you're assigning a /60 address to your LAN interface? If so, you almost certainly shouldn't do that. Instead, you should (as you say) pick a /64 from within the delegated /60 and use that subnet. (The other /64 subnets within the /60 can be used for other VLANs.) Agreed. So should I just hard-code all 128 bits of the public address? That's not a terrible thing, since I have to update the DNS anyway if the prefix changes. It sounds like the real problem is simply that this /64 requirement isn't documented anywhere in using "ip token" or the other automatic address modes. I had to find it in the source code to find out why it wasn't working. There's a line to log when the prefix isn't 64, but it's only printed when that line is explicitly enabled to log for debugging, so nobody would see it in normal operation and realize what was wrong. The details of doing this are going to be dependent on what software you're using to manage the network - NetworkManager, ISC DHCP client, etc. Right now it's a CentOS 8 system running NetworkManager. The LAN side is going to run the Kea DHCP server but for now I'm just trying to get the WAN side going. It seems there's not much machinery for automatically delegating and I'll have to hard-code it all in NetworkManager and Kea. Did I miss any magic for making a gateway work without lots of manual configuration? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPv6 token with /60 and prefix delegation
Once upon a time, Kenneth Porter said: > Right now it's a CentOS 8 system running NetworkManager. The LAN > side is going to run the Kea DHCP server but for now I'm just trying > to get the WAN side going. The typical IPv6 CPU router setup is: - WAN receives Router Advertisement that says there is stateful config - WAN does DHCPv6 to get WAN IP (typically either a /64 or a /128) - WAN does sepearate DHCPv6 to get a prefix delegation (e.g. /64, /60, /56) - router assigns /64 prefixes from PD to LAN interface(s) as needed So when you get a /60 via PD, that doesn't go on the WAN interface at all, that's for use on LAN interfaces. NM can get an apply a WAN IP in that setup just by setting ipv6.method=auto. There's some support in NM for also running PD and assigning prefixes to LAN interfaces (although not sure it is in CentOS 8), but I think it's incomplete. Instead, you can use something like: https://github.com/sshambar/nmutils to add event scripts to NM to handle it (although IIRC I had a couple of issues with those scripts too, but didn't get back to working it all out). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
