Re: [Cerowrt-devel] Current state of ipv6 in openwrt barrier breaker

["Ole Trøan" <otroan@employees.org>]

Steven,

> your feedback is appreciated, thanks.
> Just to clarify a few things here because I think there might be
> misunderstandings.

yes, seems like I did (misunderstand that is. ;-))


>> or create state...
>> NPT should not be on by default though
> I agree and it won't be a default in plain OpenWrt.
> 
> 
>> I think the the ULA prefix should be created as specified in RFC4193.
>> otherwise you'll get into trouble merging networks, or building a
>> mesh with your neighbour.
>> (overlapping ULA space).
> In the current implementation /dev/urandom is used to generate the /48
> on the first boot of the device. fd00:: was just an example here.
> I don't see any particular advantage in using the sha / ntp etc. thing
> especially since there might not be a working RTC.

cool. if you don't want to keep additional state, you could base it on a MAC address in the box, but random is fine too,
as long as it is persistent (across reboots).

>> shouldn't all interface have a /64?
> I won't restrict users doing anything else but /64 is the default, yes.

ack.

>> actually it should not be expected to have global reachability.
>> doing ULA to global translation by default would break one of the
>> ideas we have in the homenet WG,
>> about allowing devices on the network not being prepared to be on the
>> global Internet use ULAs. that way
>> we can avoid firewalls on the network borders, and still protect the
>> unprepared... ;-)
> Yes the problem is that source address selection seems to be a trouble
> on clients. I just had users / tester complain yesterday about devices
> using ULA instead of the 200X: source addresses breaking connectivity
> when both are announced so now I had to implement a hack that sets
> the preferred time of the ULA to 0 when there are prefixes with global
> reachability.

we need to get the hosts fixed for this.
right now, given the state of affairs my recommendation would be not not enable ULAs by default.

> Similarly I see NPT only as a way to work around client issues
> - especially when having multi-homing / redundant uplinks -
> and not as a default way of doing things.

I'd really like us to avoid that. it is going to be so hard to get NPT out of the network again.
it also forces applications to continue with STUN/TURN and all that stuff to discover global addresses
that can be used for referrals. please let us keep the end to end properties of IPv6 intact.

cheers,
Ole