Re: [Cerowrt-devel] Current state of ipv6 in openwrt barrier breaker

[Steven Barth <cyrus@openwrt.org>]

On 10.12.2012 10:15, Dave Taht wrote:
>> * Prefixes are automatically split up and distributed over
>> downstream-interfaces OR by choice mapped to an ULA-address (NPT66).
>
> Hmm. The homenet folk have a prefix assignment and router discovery
> process defined in their PD over ospf (somewhat crazy)
> implementation...
>
> My expectation here is that ISPs are going to be parsimonious in
> handing out anything bigger than a /64, certainly anything bigger than
> a /56 is going to be scarce. So I'd hope that address assignment using
> NPT66 would start with the bottom addresses and work up.

cerowrt would run into problems if the ISPs would only assign a single 
/64. Even NPT would not help here as two distinct ULA /64 could not be 
mapped to the same public /64 without the possibility of collisions. So 
it might be necessary to relay between the downstream interfaces in this 
case so that they share a /64 or did you have something else in mind?

However I guess and from what I have seen most ISP will probably assign 
a /56 or at least a /60. For OpenWrt a /64 would not so problematic as 
there is - by default - only 1 (bridged) lan-interface so a single /64 
is sufficient for most users.



This is how the prefix distribution works either for the ULA or the 
public prefixes. I've implemented this straight forward not looking at 
any specification as the local prefix distribution should not be 
mandated imo by any RFC.

* For ULA fd00::/48, the first /64 would be fd00::/64, the 2nd 
fd00:0:0:1::/64 etc.
* Padding (unused adress-space) is added if the alignment cannot be 
satisfied (e.g. one interface wants a /64, the second a /62, then there 
will be a padding or 1 /64 and 1 /63 in between).
* If a downstream-interface goes down, its assigned prefix is preserved 
in case it later comes up again.
* Assignments for a public prefixes are forgotten once the prefix is 
removed (e.g. wan goes down).


In the current implementation the NPT will map the public prefix to the 
lower part of the ULA, meaning a public /56-prefix will be mapped onto
fd00::/56 if the ULA is fd00::/48 and everything outside this /56 would 
not be mapped so care has to be taken. This is a bit unpredictable - I 
know - but in the end we cannot know what size the public prefix from 
the ISP will be and I guess if there are only a few /64-downstream 
interfaces it is unlikely to clash for a majority of users.


>
> Somewhat related to that, is the concept of actually USING ipv6 for a
> few things that it's good at. For example, a much greater randomized
> port space can be gained if the dns server is the only daemon
> listening on a dedicated ipv6 address (like a ::3)

I'm currently wondering if it would make sense to implement a 
randomization strategy in case we have e.g. a /56 prefix and only want 
to assign one or two /64 so that the /64 would not always be ...1::/64 
and 2::/64 but it would be a bit complicated with the dynamic prefix 
assignment of downstream-interfaces and especially when it comes to ULA 
and us not knowing before-hand what length the public prefix will be.