Re: [Bloat] ipv6 fe80:: addresses, vlans and bridges... borked?

[Dave Taht <dave.taht@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3236 bytes --]

On Mon, May 9, 2011 at 2:14 AM, Fred Baker <fred@cisco.com> wrote:

>
> On May 8, 2011, at 8:26 PM, Dave Taht wrote:
>
> > Is there a standard for renaming fe80:: addresses to represent they are
> interfacing with different vlans?
>
> well, yes. Link-local addresses (FE80::/10) areas you say interpreted only
> in the LAN in question. The usual approach is to give the LAN a subnet
> prefix. The standard is RFC 4291.
>
> http://www.ietf.org/rfc/rfc4291.txt
>

So, there isn't a standard for using vlans and ipv6.

aformentioned RFC:

2.5.1.  Interface Identifiers

   Interface identifiers in IPv6 unicast addresses are used to identify
   interfaces on a link.  They are required to be unique within a subnet
   prefix.  It is recommended that the same interface identifier not be
   assigned to different nodes on a link.  They may also be unique over
   a broader scope.  In some cases, an interface's identifier will be
   derived directly from that interface's link-layer address.  The same
   interface identifier may be used on multiple interfaces on a single
   node, as long as they are attached to different subnets.

"It is recomended that the same interface identifier not be assigned to
different nodes on a link"

vs

"The same interface identifier may be used on multiple interfaces on a single
   node, as long as they are attached to different subnets."


Linux - or at least the defaults inside of openwrt - take the latter
approach. This strikes me as error prone - and further does not discuss the
effects of what a bridge should look like.

For error prone-ness - it is possible in my case, the vlans are not vlans!
although their naming scheme (ethX.Y) suggests they are. And a typical user
might plug two different lans together on one cable anyway.

Also:

Should the bridge itself have a unique link local over the underlying
interfaces?

Given that we have a profusion of numbers available for link-local
addresses, I can see no harm and much gain in *always* constructing a
verify-ably unique fe80::XX:VLAN:EUI-64/64 prefix on a per-interface and
per-virtual-interface basis on a given router.

ensuring unique FE80s from a given host would be enormously less confusing
when looking at and comparing wireshark traces of the babel protocol, for
example.  ( *http://tools.ietf.org/html/rfc6126 )*

What's not clear to me after reading RFC4291 twice this morning is that
although a fe80:: is a /10, is if the bits above the interface id (as per
the above "XX:VLAN:") truly are legit to be used, or a modified unique
EUI-64 should be used.

A VLAN identifier is 12 bits in length, so the "V" portion of the above
proposal could be dropped. (Not that I know how to extract the vlan
identifier from the interface anyway) XX would be used to distinguish
between interfaces that had no corresponding info but conflicted with
addresses already on the router.

I realize this is somewhat off topic for the bloat list, but I was trying to
get where I could actually test the IPv6 ECN patches I'd folded in across
the routers(s) and running into trouble.

-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://the-edge.blogspot.com

[-- Attachment #2: Type: text/html, Size: 3870 bytes --]