ipv6 addresses on vifX.Y interfaces and bridges

ipv6 addresses on vifX.Y interfaces and bridges

[James Harper]

The network scripts appear to set noarp on all the vifX.Y and xen-brX
interfaces, but I also need to remove the IPv6 address and stop the
interfaces participating in autoconfiguration...

Has anyone done this already?

Thanks

James

Re: ipv6 addresses on vifX.Y interfaces and bridges

[Daniel P. Berrange]

On Mon, Jan 07, 2008 at 09:26:43AM +1100, James Harper wrote:
> The network scripts appear to set noarp on all the vifX.Y and xen-brX
> interfaces, but I also need to remove the IPv6 address and stop the
> interfaces participating in autoconfiguration...
> 
> Has anyone done this already?

You don't need to remove the link-local IPv6 addresses, they are harmless.
The key is to stop auto-conf taking place on the bridge. The way todo
this is to set the mtu of the bridge to something tiny (eg 68) before
bringing the interface up, and then once it is up, restore the mtu to
its normal 1500. 

This was previously merged in xen-unstable, in 13364

diff -r c71fe03f086f -r c2fd75d7e2b7 tools/examples/xen-network-common.sh
--- a/tools/examples/xen-network-common.sh      Fri Jan 12 15:19:23 2007 +0000
+++ b/tools/examples/xen-network-common.sh      Fri Jan 12 15:23:07 2007 +0000
@@ -117,7 +117,12 @@ create_bridge () {
         ip link set ${bridge} arp off
         ip link set ${bridge} multicast off
     fi
+
+    # A small MTU disables IPv6 (and therefore IPv6 addrconf).
+    mtu=$(ip link show ${bridge} | sed -n 's/.* mtu \([0-9]\+\).*/\1/p')
+    ip link set ${bridge} mtu 68
     ip link set ${bridge} up
+    ip link set ${bridge} mtu ${mtu:-1500}
 }
 
 # Usage: add_to_bridge bridge dev


But for some reason got chopped out in changeset 15203

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

RE: ipv6 addresses on vifX.Y interfaces and bridges

[James Harper]

> On Mon, Jan 07, 2008 at 09:26:43AM +1100, James Harper wrote:
> > The network scripts appear to set noarp on all the vifX.Y and
xen-brX
> > interfaces, but I also need to remove the IPv6 address and stop the
> > interfaces participating in autoconfiguration...
> >
> > Has anyone done this already?
> 
> You don't need to remove the link-local IPv6 addresses, they are
harmless.
> The key is to stop auto-conf taking place on the bridge. The way todo
> this is to set the mtu of the bridge to something tiny (eg 68) before
> bringing the interface up, and then once it is up, restore the mtu to
> its normal 1500.
> 
> This was previously merged in xen-unstable, in 13364
> 

That sounds a bit kludgy... wouldn't it be better to make use of
/proc/sys/net/ipv6/<interface>/autoconf and/or .../accept_ra?

Wouldn't the bridge just autoconf next time an ra is sent once its mtu
is back up to 1500?

Thanks

James

Re: ipv6 addresses on vifX.Y interfaces and bridges

[Daniel P. Berrange]

On Mon, Jan 07, 2008 at 09:44:09AM +1100, James Harper wrote:
> > On Mon, Jan 07, 2008 at 09:26:43AM +1100, James Harper wrote:
> > > The network scripts appear to set noarp on all the vifX.Y and
> xen-brX
> > > interfaces, but I also need to remove the IPv6 address and stop the
> > > interfaces participating in autoconfiguration...
> > >
> > > Has anyone done this already?
> > 
> > You don't need to remove the link-local IPv6 addresses, they are
> harmless.
> > The key is to stop auto-conf taking place on the bridge. The way todo
> > this is to set the mtu of the bridge to something tiny (eg 68) before
> > bringing the interface up, and then once it is up, restore the mtu to
> > its normal 1500.
> > 
> > This was previously merged in xen-unstable, in 13364
> 
> That sounds a bit kludgy... wouldn't it be better to make use of
> /proc/sys/net/ipv6/<interface>/autoconf and/or .../accept_ra?

Would have to ask Herbert about that - when he wrote the patch this was
the only reliable way of selectively disabling Ipv6 on the bridge, but
not other eth devices.

> Wouldn't the bridge just autoconf next time an ra is sent once its mtu
> is back up to 1500?

No, because the low MTU means it never gets assigned a link-local address
and thus has no way to parcitipate in ipv6 autoconf thereafter.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Re: ipv6 addresses on vifX.Y interfaces and bridges

[Ralph Passgang]

Am Sonntag, 6. Januar 2008 23:48:13 schrieb Daniel P. Berrange:
> On Mon, Jan 07, 2008 at 09:44:09AM +1100, James Harper wrote:
> > > On Mon, Jan 07, 2008 at 09:26:43AM +1100, James Harper wrote:
> > > > The network scripts appear to set noarp on all the vifX.Y and
> >
> > xen-brX
> >
> > > > interfaces, but I also need to remove the IPv6 address and stop the
> > > > interfaces participating in autoconfiguration...
> > > >
> > > > Has anyone done this already?
> > >
> > > You don't need to remove the link-local IPv6 addresses, they are
> >
> > harmless.
> >
> > > The key is to stop auto-conf taking place on the bridge. The way todo
> > > this is to set the mtu of the bridge to something tiny (eg 68) before
> > > bringing the interface up, and then once it is up, restore the mtu to
> > > its normal 1500.
> > >
> > > This was previously merged in xen-unstable, in 13364
> >
> > That sounds a bit kludgy... wouldn't it be better to make use of
> > /proc/sys/net/ipv6/<interface>/autoconf and/or .../accept_ra?
>
> Would have to ask Herbert about that - when he wrote the patch this was
> the only reliable way of selectively disabling Ipv6 on the bridge, but
> not other eth devices.
>
> > Wouldn't the bridge just autoconf next time an ra is sent once its mtu
> > is back up to 1500?
>
> No, because the low MTU means it never gets assigned a link-local address
> and thus has no way to parcitipate in ipv6 autoconf thereafter.

But it's a dirty hack, isn't it?
what about just using the ip tool to get rid of the ipv6 address after the 
interface has been configured?

"ip -6 addr flush dev ethX" (or whatever device) should do the trick... :)

it removes any global or local address on the interface and prevents any 
further autoconfiguration.

> Dan.

RelocationProtocol?

[tgh]

hi
  what does RelocationProtocol do, or what is the function of 
relocationserver?

Thanks in advance