Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Andrew Morton]

(switched to email.  Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Sat, 5 Feb 2011 18:06:31 GMT
bugzilla-daemon@bugzilla.kernel.org wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=28282
> 
>            Summary: forwarding turns autoconfiguration off
>            Product: Networking
>            Version: 2.5
>     Kernel Version: 2.6.35
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: IPV6
>         AssignedTo: yoshfuji@linux-ipv6.org
>         ReportedBy: hadmut@danisch.de
>         Regression: No
> 
> 
> Hi,
> 
> Linux ethernet interfaces do not use autoconfiguration and do ignore router
> advertisings if the packet forwarding is turned on in the configuration (i.e. 
> /proc/sys/net/ipv6/conf/eth0/forwarding set to 1)
> 
> 
> This might be wrong.
> 
> IPv6 network devices can have multiple IPv6 addresses and server several
> purposes at the same time. A machine can have a statically assigned local IPv6
> address and act as a router (e.g. to a virtual machine or a VPN tunnel) and
> thus needs to turn forwarding on, while at the same time it needs to listen to
> router advertisements and autoconfigure, e.g. because a network is connected to
> the internet through a DSL router with dynamically assigned network adresses,
> either through direct IPv6 assignment or a 6to4 tunnel. 
> 
> So there are cases where you need to have autoconfiguration of an IP address
> and forwarding on the same interface at the same time. Therefore, it might be
> technically wrong to have this mutually exclusive. 
> 

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[David Miller]

From: Andrew Morton <akpm@linux-foundation.org>
Date: Tue, 8 Feb 2011 13:34:08 -0800

>> Linux ethernet interfaces do not use autoconfiguration and do ignore router
>> advertisings if the packet forwarding is turned on in the configuration (i.e. 
>> /proc/sys/net/ipv6/conf/eth0/forwarding set to 1)
>> 
>> 
>> This might be wrong.
>> 
>> IPv6 network devices can have multiple IPv6 addresses and server several
>> purposes at the same time. A machine can have a statically assigned local IPv6
>> address and act as a router (e.g. to a virtual machine or a VPN tunnel) and
>> thus needs to turn forwarding on, while at the same time it needs to listen to
>> router advertisements and autoconfigure, e.g. because a network is connected to
>> the internet through a DSL router with dynamically assigned network adresses,
>> either through direct IPv6 assignment or a 6to4 tunnel. 
>> 
>> So there are cases where you need to have autoconfiguration of an IP address
>> and forwarding on the same interface at the same time. Therefore, it might be
>> technically wrong to have this mutually exclusive. 

This is a case where we're probably just following what the RFC documents
state we should do, which means unless you can provide clear reference to
a specification that states we should behave otherwise this isn't changing.

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Hadmut Danisch]

On 08.02.2011 22:44, David Miller wrote:
>
> This is a case where we're probably just following what the RFC documents
> state we should do, which means unless you can provide clear reference to
> a specification that states we should behave otherwise this isn't changing.

Could you cite where exactly this is stated in the RFC documents? (Would
save me the time to dig through all the RFCs to find that particular
statement and help avoid misunderstanding.)


It appears to me to be a contradiction in terms. IPv6 interfaces must be
able to have several IP addresses, and IPv6 does not have a default
route (or 0::0/0). IPv6 interfaces are designed to participate in
multiple independend logical networks (and several address ranges have
been reserved for future extensions and uses). It therefore does not
make sense if autoconfiguration for one network and routing for another
are mutually exclusive. I'd like to check this (and maybe file a bug in
the RFC).

regards
Hadmut

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[David Miller]

From: Hadmut Danisch <hadmut@danisch.de>
Date: Tue, 08 Feb 2011 23:12:30 +0100

> On 08.02.2011 22:44, David Miller wrote:
>>
>> This is a case where we're probably just following what the RFC documents
>> state we should do, which means unless you can provide clear reference to
>> a specification that states we should behave otherwise this isn't changing.
> 
> Could you cite where exactly this is stated in the RFC documents?

I'm working on other bugs at the moment, so I am personally unable to
help you with this at this time.  Perhaps someone else can.

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Francois Romieu]

David Miller <davem@davemloft.net> :
> From: Hadmut Danisch <hadmut@danisch.de>
> Date: Tue, 08 Feb 2011 23:12:30 +0100
> 
> > On 08.02.2011 22:44, David Miller wrote:
> >>
> >> This is a case where we're probably just following what the RFC documents
> >> state we should do, which means unless you can provide clear reference to
> >> a specification that states we should behave otherwise this isn't changing.
> > 
> > Could you cite where exactly this is stated in the RFC documents?
> 
> I'm working on other bugs at the moment, so I am personally unable to
> help you with this at this time.  Perhaps someone else can.

This one MAY^W may be relevant (see http://www.ietf.org/rfc/rfc4862.txt) :

Thomson, et al.             Standards Track                     [Page 3]

RFC 4862        IPv6 Stateless Address Autoconfiguration  September 2007
[...]
   The autoconfiguration process specified in this document applies only
   to hosts and not routers.  Since host autoconfiguration uses
   information advertised by routers, routers will need to be configured
   by some other means.  However, it is expected that routers will
   generate link-local addresses using the mechanism described in this
   document.  In addition, routers are expected to successfully pass the
   Duplicate Address Detection procedure described in this document on
   all addresses prior to assigning them to an interface.

--
Ueimor

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Hadmut Danisch]

On 08.02.2011 23:44, Francois Romieu wrote:
>
> RFC 4862        IPv6 Stateless Address Autoconfiguration  September 2007
> [...]
>    The autoconfiguration process specified in this document applies only
>    to hosts and not routers.  Since host autoconfiguration uses
>    information advertised by routers, routers will need to be configured
>    by some other means.  However, it is expected that routers will
>    generate link-local addresses using the mechanism described in this
>    document.  In addition, routers are expected to successfully pass the
>    Duplicate Address Detection procedure described in this document on
>    all addresses prior to assigning them to an interface.

Thanks for the citation.


Since Linux machines can - in contrast to Windows desktops and cisco
routers - can be a host and a router at the same time, even on the same
interface (i.e. use a autoconf IPv6 address as a host and an fe80::
address as a router address).

So I'd consider this in a different way. From my point of view the
decision between host and router must be done per assigned IPv6 address
(or address range) and not per IPv6 interface.

(Maybe it would be a more correct implementation to assign a special IP
address pattern like  xxxx::.../64 to tell the interface to accept
autoconfiguration for a particular network range, probably  for 2::/3 in
most cases.)

regards
Hadmut

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Francois Romieu]

Hadmut Danisch <hadmut@danisch.de> :
[...]
> Since Linux machines can - in contrast to Windows desktops and cisco
> routers - can be a host and a router at the same time, even on the same
> interface (i.e. use a autoconf IPv6 address as a host and an fe80::
> address as a router address).
> 
> So I'd consider this in a different way. From my point of view the
> decision between host and router must be done per assigned IPv6 address
> (or address range) and not per IPv6 interface.

o^O

Afaik networking does not operate this way in the kernel. Really.

May I suggest you to have some sleep and see how your (dhcpv6 enabled ?)
DSL router can be convinced to collaborate with the existing tools under
Linux _without_ modifications ?

-- 
Ueimor

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Bill Fink]

On Tue, 8 Feb 2011, Francois Romieu wrote:

> David Miller <davem@davemloft.net> :
> > From: Hadmut Danisch <hadmut@danisch.de>
> > Date: Tue, 08 Feb 2011 23:12:30 +0100
> > 
> > > On 08.02.2011 22:44, David Miller wrote:
> > >>
> > >> This is a case where we're probably just following what the RFC documents
> > >> state we should do, which means unless you can provide clear reference to
> > >> a specification that states we should behave otherwise this isn't changing.
> > > 
> > > Could you cite where exactly this is stated in the RFC documents?
> > 
> > I'm working on other bugs at the moment, so I am personally unable to
> > help you with this at this time.  Perhaps someone else can.
> 
> This one MAY^W may be relevant (see http://www.ietf.org/rfc/rfc4862.txt) :
> 
> Thomson, et al.             Standards Track                     [Page 3]
> 
> RFC 4862        IPv6 Stateless Address Autoconfiguration  September 2007
> [...]
>    The autoconfiguration process specified in this document applies only
>    to hosts and not routers.  Since host autoconfiguration uses
>    information advertised by routers, routers will need to be configured
>    by some other means.  However, it is expected that routers will
>    generate link-local addresses using the mechanism described in this
>    document.  In addition, routers are expected to successfully pass the
>    Duplicate Address Detection procedure described in this document on
>    all addresses prior to assigning them to an interface.

I believe there is a difference between being a router and merely
being capable of forwarding IP packets.  To me, a router participates
in a routing protocol and/or advertises routes/prefixes.  So perhaps
Hadmut has a valid point that autoconfiguration should not depend
on ip_forward being off, although I'm not sure what the appropriate
alternate test for not being a router should be.

						-Bill

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Francois Romieu]

Bill Fink <billfink@mindspring.com> :
[...]
> I believe there is a difference between being a router and merely
> being capable of forwarding IP packets.  To me, a router participates
> in a routing protocol and/or advertises routes/prefixes.  So perhaps
> Hadmut has a valid point that autoconfiguration should not depend
> on ip_forward being off, although I'm not sure what the appropriate
> alternate test for not being a router should be.

It is here (same document, same page):
[...]
2.  Terminology

   IP -  Internet Protocol Version 6.  The terms IPv4 and IPv6 are used
      only in contexts where necessary to avoid ambiguity.

   node -  a device that implements IP.

   router -  a node that forwards IP packets not explicitly addressed to
      itself.

Why should we put our brains at pain ? Is there really a problem ?

-- 
Ueimor

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Hadmut Danisch]

Am 09.02.2011 08:42, schrieb Francois Romieu:
>
> Why should we put our brains at pain ? Is there really a problem ?
>

Yep. It does not work.


I have a regular internet connection at home, as usual with dynamically
assigned IPv4 addresses. My router automatically creates an IPv6 tunnel,
so the IPv6 addresses are dynamic as well. German Internet providers
will offer IPv6 soon, and due to the german privacy requirements, they
will most probably offer dynamic IPv6 assignments as well. So a Linux
machine at home must accept autoconfiguration, if you do not want to
change your address manually at least once a day.

On the other hand, a regular Linux machine can have routing tasks. E.g.
when using a VPN, when dealing with virtual machines, for testing, for
TUN/TAP devices, and so on.

Although there is no good technical reason for not having both at the
same time, Linux does not allow this.

The machine's admin should at least have the choice to turn routing and
autoconf on and off independently.


regards
Hadmut

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[Hadmut Danisch]

Hi all,

since the discussion seems to have completely died, just allow me a
simple question:


How would I configure a Linux machine to accept ipv6 prefix ads (because
they are dynamically assigned and advertised by my router) and to work
as a VPN tunnel end?


Remember: Linux does not allow autoconfiguration and routing at the same
time, without any good reason. The only reason I've seen so far is that
the Terminology in an RFC vaguely distinguishes between router machines
and nodes.


If you believe that Linux is correct here the way it is, just tell me
how to solve that problem with Linux.


best regards
Hadmut

Re: [Bugme-new] [Bug 28282] New: forwarding turns autoconfiguration off

[David Lamparter]

On Thu, Mar 24, 2011 at 04:07:10PM +0100, Hadmut Danisch wrote:
> How would I configure a Linux machine to accept ipv6 prefix ads (because
> they are dynamically assigned and advertised by my router) and to work
> as a VPN tunnel end?
> 
> 
> Remember: Linux does not allow autoconfiguration and routing at the same
> time, without any good reason.

You seem to have arrived at a bit of a misunderstanding here. Linux does
not forbid autoconfiguration when you enable routing. It just disables
the in-kernel code, for reasons that usually are well-founded.

> If you believe that Linux is correct here the way it is, just tell me
> how to solve that problem with Linux.

You grab rdisc6 from the ndisc6 package (http://www.remlab.net/ndisc6/,
probably packaged by your distro) and do the autoconfiguration in user
space.

The userspace application will also give you an amount of control over
the autoconfiguration that is IMHO neccessary if you use it this way and
which the kernel cannot provide.


-David