From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from chi.subsignal.org (cxd-2-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:ed::2]) by huchra.bufferbloat.net (Postfix) with ESMTP id 2C44121F176 for ; Tue, 11 Dec 2012 12:46:39 -0800 (PST) Received: from midlink.org (chi.subsignal.org [188.40.166.11]) by chi.subsignal.org (Postfix) with ESMTPA id 2FF0F1260DF; Tue, 11 Dec 2012 21:47:00 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 11 Dec 2012 21:46:59 +0100 From: Steven Barth To: =?UTF-8?Q?Ole_Tr=C3=B8an?= In-Reply-To: <8F973FF7-B39D-4E21-B889-14F6105A29F4@employees.org> References: <8F973FF7-B39D-4E21-B889-14F6105A29F4@employees.org> Message-ID: X-Sender: cyrus@openwrt.org User-Agent: Roundcube Webmail/0.7.1 Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] Current state of ipv6 in openwrt barrier breaker X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2012 20:46:39 -0000 Hi Ole, your feedback is appreciated, thanks. Just to clarify a few things here because I think there might be misunderstandings. > or create state... > NPT should not be on by default though I agree and it won't be a default in plain OpenWrt. > I think the the ULA prefix should be created as specified in RFC4193. > otherwise you'll get into trouble merging networks, or building a > mesh with your neighbour. > (overlapping ULA space). In the current implementation /dev/urandom is used to generate the /48 on the first boot of the device. fd00:: was just an example here. I don't see any particular advantage in using the sha / ntp etc. thing especially since there might not be a working RTC. > shouldn't all interface have a /64? I won't restrict users doing anything else but /64 is the default, yes. > actually it should not be expected to have global reachability. > doing ULA to global translation by default would break one of the > ideas we have in the homenet WG, > about allowing devices on the network not being prepared to be on the > global Internet use ULAs. that way > we can avoid firewalls on the network borders, and still protect the > unprepared... ;-) Yes the problem is that source address selection seems to be a trouble on clients. I just had users / tester complain yesterday about devices using ULA instead of the 200X: source addresses breaking connectivity when both are announced so now I had to implement a hack that sets the preferred time of the ULA to 0 when there are prefixes with global reachability. Similarly I see NPT only as a way to work around client issues - especially when having multi-homing / redundant uplinks - and not as a default way of doing things. Cheers, Steven