[Cerowrt-users] IPv6 router advertisements on custom interfaces

[Cerowrt-users] IPv6 router advertisements on custom interfaces

[Michael Richardson]

First question, why are there two radvd processes?

3343 root       964 S    /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
3345 root       964 S    /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys

Is this just a thread issue?

second question, none of my custom interfaces are in /var/etc/radvd.conf?

Can I hack /etc/config/firewall directly rather than go through the UI?
I think so....?

Could I attach blinking LEDs to VLANs?
(ps: whatever problems I had with ethernet mii between my cerowrt and
a cisco 200-26 switch in the summer, seems to have gone away)

On an IPv6 interface which is not my uplink, I think that IPv6 gateway
should be blank.  That the router should advertise iself.

I also think that the words "Send router soliciations" is wrong, that it
should say, "Send router advertisements".

I had to put my custom interfaces into /etc/config/radvd.

config interface
        option interface 'trusted'
        option AdvSendAdvert '1'
        option AdvRouterAddr '1'
        option AdvLinkMTU '1480'
        option ignore '0'
        option IgnoreIfMissing '1'
        option AdvSourceLLAddress '1'
        option AdvDefaultPreference 'medium'
        option AdvOtherConfigFlag '1'

config prefix
        option interface 'trusted'
        list prefix ''
        option AdvOnLink '1'
        option AdvAutonomous '1'
        option AdvRouterAddr '0'
        option ignore '0'

I don't see a place in the UI where this is edited, but I could be
missing it.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 

Re: [Cerowrt-users] IPv6 router advertisements on custom interfaces

[Dave Taht]

Radvd is going away in the BB ("barrier breaker" - openwrt head)
version of openwrt, fairly soon. It deserves to die...

There is going to be a merger of the DHCPv6/SLAAC and naming
functionalities in dnsmasq and the dynamicism of the new ipv6-support
package, which also includes a spanking new dhcpv6-pd client..

Also planned is to (once the 3.7 kernel lands) make npt66 the default
(for most users). So in a couple weeks, all the underlying ipv6
infrastructure in openwrt and cerowrt is going to change.

As to whether the 6in4 case is fully handled as of now in that system,
damned if I know. Same goes for 6to4... I put the ipv6-support package
into cerowrt 3.6.9-5, all forms of ipv6 are blocked at the lincs lab,
can't test it, right now.

As for how to fix it in cerowrt 3.3.8, it was always problematic as
hell, and I'm glad the work is being re-architected in BB by two of
the most competent people I know, and I've signed cerowrt (and thus,
y'all) up to test it when it comes out. It would be great to recruit
more help, because *this time* we're going to get it right, come hell
or high water.

I'm very pleased, in particular, with dnsmasq's naming support for
slaac. It "just works".


On Mon, Dec 10, 2012 at 12:04 AM, Michael Richardson <mcr@sandelman.ca> wrote:
>
> First question, why are there two radvd processes?
>
> 3343 root       964 S    /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
> 3345 root       964 S    /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
>
> Is this just a thread issue?
>
> second question, none of my custom interfaces are in /var/etc/radvd.conf?
>
> Can I hack /etc/config/firewall directly rather than go through the UI?
> I think so....?
>
> Could I attach blinking LEDs to VLANs?
> (ps: whatever problems I had with ethernet mii between my cerowrt and
> a cisco 200-26 switch in the summer, seems to have gone away)
>
> On an IPv6 interface which is not my uplink, I think that IPv6 gateway
> should be blank.  That the router should advertise iself.
>
> I also think that the words "Send router soliciations" is wrong, that it
> should say, "Send router advertisements".
>
> I had to put my custom interfaces into /etc/config/radvd.
>
> config interface
>         option interface 'trusted'
>         option AdvSendAdvert '1'
>         option AdvRouterAddr '1'
>         option AdvLinkMTU '1480'
>         option ignore '0'
>         option IgnoreIfMissing '1'
>         option AdvSourceLLAddress '1'
>         option AdvDefaultPreference 'medium'
>         option AdvOtherConfigFlag '1'
>
> config prefix
>         option interface 'trusted'
>         list prefix ''
>         option AdvOnLink '1'
>         option AdvAutonomous '1'
>         option AdvRouterAddr '0'
>         option ignore '0'
>
> I don't see a place in the UI where this is edited, but I could be
> missing it.
>
> --
> ]       He who is tired of Weird Al is tired of life!           |  firewalls  [
> ]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
> ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
>    Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
>                        then sign the petition.
>
>
>
>
>
> _______________________________________________
> Cerowrt-users mailing list
> Cerowrt-users@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-users



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-users] IPv6 router advertisements on custom interfaces

[Steven Barth]

Fyi I've commited a new ipv6-support version to OpenWrt yesterday.

This includes (partly untested) all features I want to see in there for 
OpenWrt except the integration of dnsmasq-dhcpv6 (which will follow 
later once the dynamic configuration features have been added to it) and 
the WebUI which is still on the ToDo.


So far the current IPv6-featureset is:

* Support for native IPv6 with static configuration
* Support for native IPv6 with DHCPv6-Prefix Delegation
* Support for native IPv6 without PD via relaying or masquerading
* Support for 6in4, 6to4 and 6rd
* Prefixes are automatically split up and distributed over 
downstream-interfaces OR by choice mapped to an ULA-address (NPT66).


Help, documentation and configuration examples for yesterdays version 
can be found here (there were a few changes for the new NPT-support):

http://wiki.openwrt.org/doc/uci/network6


Especially the NPT / NAT-related stuff has seen very little testing and 
of course only works with a Kernel >= 3.7 and ip6tables >= 1.4.17.


On 10.12.2012 08:56, Dave Taht wrote:
> Radvd is going away in the BB ("barrier breaker" - openwrt head)
> version of openwrt, fairly soon. It deserves to die...
>
> There is going to be a merger of the DHCPv6/SLAAC and naming
> functionalities in dnsmasq and the dynamicism of the new ipv6-support
> package, which also includes a spanking new dhcpv6-pd client..
>
> Also planned is to (once the 3.7 kernel lands) make npt66 the default
> (for most users). So in a couple weeks, all the underlying ipv6
> infrastructure in openwrt and cerowrt is going to change.
>
> As to whether the 6in4 case is fully handled as of now in that system,
> damned if I know. Same goes for 6to4... I put the ipv6-support package
> into cerowrt 3.6.9-5, all forms of ipv6 are blocked at the lincs lab,
> can't test it, right now.
>
> As for how to fix it in cerowrt 3.3.8, it was always problematic as
> hell, and I'm glad the work is being re-architected in BB by two of
> the most competent people I know, and I've signed cerowrt (and thus,
> y'all) up to test it when it comes out. It would be great to recruit
> more help, because *this time* we're going to get it right, come hell
> or high water.
>
> I'm very pleased, in particular, with dnsmasq's naming support for
> slaac. It "just works".
>
>
> On Mon, Dec 10, 2012 at 12:04 AM, Michael Richardson <mcr@sandelman.ca> wrote:
>>
>> First question, why are there two radvd processes?
>>
>> 3343 root       964 S    /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
>> 3345 root       964 S    /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
>>
>> Is this just a thread issue?
>>
>> second question, none of my custom interfaces are in /var/etc/radvd.conf?
>>
>> Can I hack /etc/config/firewall directly rather than go through the UI?
>> I think so....?
>>
>> Could I attach blinking LEDs to VLANs?
>> (ps: whatever problems I had with ethernet mii between my cerowrt and
>> a cisco 200-26 switch in the summer, seems to have gone away)
>>
>> On an IPv6 interface which is not my uplink, I think that IPv6 gateway
>> should be blank.  That the router should advertise iself.
>>
>> I also think that the words "Send router soliciations" is wrong, that it
>> should say, "Send router advertisements".
>>
>> I had to put my custom interfaces into /etc/config/radvd.
>>
>> config interface
>>          option interface 'trusted'
>>          option AdvSendAdvert '1'
>>          option AdvRouterAddr '1'
>>          option AdvLinkMTU '1480'
>>          option ignore '0'
>>          option IgnoreIfMissing '1'
>>          option AdvSourceLLAddress '1'
>>          option AdvDefaultPreference 'medium'
>>          option AdvOtherConfigFlag '1'
>>
>> config prefix
>>          option interface 'trusted'
>>          list prefix ''
>>          option AdvOnLink '1'
>>          option AdvAutonomous '1'
>>          option AdvRouterAddr '0'
>>          option ignore '0'
>>
>> I don't see a place in the UI where this is edited, but I could be
>> missing it.
>>
>> --
>> ]       He who is tired of Weird Al is tired of life!           |  firewalls  [
>> ]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
>> ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
>>     Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
>>                         then sign the petition.
>>
>>
>>
>>
>>
>> _______________________________________________
>> Cerowrt-users mailing list
>> Cerowrt-users@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-users
>
>
>

Re: [Cerowrt-users] IPv6 router advertisements on custom interfaces

[Dave Taht]

I just noticed that this went to cerowrt-users. There aren't a whole
lot of people on that list and this stuff is in heavy development so,
forwarding the thread here....

On Mon, Dec 10, 2012 at 8:56 AM, Dave Taht <dave.taht@gmail.com> wrote:
> Radvd is going away in the BB ("barrier breaker" - openwrt head)
> version of openwrt, fairly soon. It deserves to die...
>
> There is going to be a merger of the DHCPv6/SLAAC and naming
> functionalities in dnsmasq and the dynamicism of the new ipv6-support
> package, which also includes a spanking new dhcpv6-pd client..
>
> Also planned is to (once the 3.7 kernel lands) make npt66 the default
> (for most users). So in a couple weeks, all the underlying ipv6
> infrastructure in openwrt and cerowrt is going to change.
>
> As to whether the 6in4 case is fully handled as of now in that system,
> damned if I know. Same goes for 6to4... I put the ipv6-support package
> into cerowrt 3.6.9-5, all forms of ipv6 are blocked at the lincs lab,
> can't test it, right now.
>
> As for how to fix it in cerowrt 3.3.8, it was always problematic as
> hell, and I'm glad the work is being re-architected in BB by two of
> the most competent people I know, and I've signed cerowrt (and thus,
> y'all) up to test it when it comes out. It would be great to recruit
> more help, because *this time* we're going to get it right, come hell
> or high water.
>
> I'm very pleased, in particular, with dnsmasq's naming support for
> slaac. It "just works".
>
>
> On Mon, Dec 10, 2012 at 12:04 AM, Michael Richardson <mcr@sandelman.ca> wrote:
>>
>> First question, why are there two radvd processes?
>>
>> 3343 root       964 S    /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
>> 3345 root       964 S    /usr/sbin/radvd -C /var/etc/radvd.conf -m stderr_sys
>>
>> Is this just a thread issue?
>>
>> second question, none of my custom interfaces are in /var/etc/radvd.conf?
>>
>> Can I hack /etc/config/firewall directly rather than go through the UI?
>> I think so....?
>>
>> Could I attach blinking LEDs to VLANs?
>> (ps: whatever problems I had with ethernet mii between my cerowrt and
>> a cisco 200-26 switch in the summer, seems to have gone away)
>>
>> On an IPv6 interface which is not my uplink, I think that IPv6 gateway
>> should be blank.  That the router should advertise iself.
>>
>> I also think that the words "Send router soliciations" is wrong, that it
>> should say, "Send router advertisements".
>>
>> I had to put my custom interfaces into /etc/config/radvd.
>>
>> config interface
>>         option interface 'trusted'
>>         option AdvSendAdvert '1'
>>         option AdvRouterAddr '1'
>>         option AdvLinkMTU '1480'
>>         option ignore '0'
>>         option IgnoreIfMissing '1'
>>         option AdvSourceLLAddress '1'
>>         option AdvDefaultPreference 'medium'
>>         option AdvOtherConfigFlag '1'
>>
>> config prefix
>>         option interface 'trusted'
>>         list prefix ''
>>         option AdvOnLink '1'
>>         option AdvAutonomous '1'
>>         option AdvRouterAddr '0'
>>         option ignore '0'
>>
>> I don't see a place in the UI where this is edited, but I could be
>> missing it.
>>
>> --
>> ]       He who is tired of Weird Al is tired of life!           |  firewalls  [
>> ]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
>> ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
>>    Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
>>                        then sign the petition.
>>
>>
>>
>>
>>
>> _______________________________________________
>> Cerowrt-users mailing list
>> Cerowrt-users@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-users
>
>
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-users] IPv6 router advertisements on custom interfaces

[Robert Bradley]

[-- Attachment #1: Type: text/plain, Size: 639 bytes --]

On 10 December 2012 08:38, Steven Barth <cyrus@openwrt.org> wrote:

>
> So far the current IPv6-featureset is:
>
> * Support for native IPv6 with static configuration
> * Support for native IPv6 with DHCPv6-Prefix Delegation
> * Support for native IPv6 without PD via relaying or masquerading
> * Support for 6in4, 6to4 and 6rd
> * Prefixes are automatically split up and distributed over
> downstream-interfaces OR by choice mapped to an ULA-address (NPT66).
>

Out of interest, what benefit is there to using NPT66?  I understand that
people seem to want it, just not what you gain over advertising multiple
prefixes.
-- 
Robert Bradley

[-- Attachment #2: Type: text/html, Size: 955 bytes --]

Re: [Cerowrt-users] IPv6 router advertisements on custom interfaces

[Michael Richardson]

>>>>> "Dave" == Dave Taht <dave.taht@gmail.com> writes:
    Dave> Also planned is to (once the 3.7 kernel lands) make npt66 the default
    Dave> (for most users). So in a couple weeks, all the underlying ipv6
    Dave> infrastructure in openwrt and cerowrt is going to change.

Pardon?

Re: [Cerowrt-users] IPv6 router advertisements on custom interfaces

[Steven Barth]

For OpenWrt, npt66 won't be the default method - instead the default 
should be to split up the WAN prefix to distribute to downstream 
interfaces and fallback to relaying if there are no prefixes.

I personally think npt66 would not make much sense outside of 
multi-uplink situations at least for plain OpenWrt, I cannot speak for 
CeroWrt.


On 10.12.2012 15:23, Michael Richardson wrote:
>>>>>> "Dave" == Dave Taht <dave.taht@gmail.com> writes:
>      Dave> Also planned is to (once the 3.7 kernel lands) make npt66 the default
>      Dave> (for most users). So in a couple weeks, all the underlying ipv6
>      Dave> infrastructure in openwrt and cerowrt is going to change.
>
> Pardon?
>

Re: [Cerowrt-users] IPv6 router advertisements on custom interfaces

[Dave Taht]

On Mon, Dec 10, 2012 at 3:42 PM, Steven Barth <cyrus@openwrt.org> wrote:
> For OpenWrt, npt66 won't be the default method - instead the default should
> be to split up the WAN prefix to distribute to downstream interfaces and
> fallback to relaying if there are no prefixes.
>
> I personally think npt66 would not make much sense outside of multi-uplink
> situations at least for plain OpenWrt, I cannot speak for CeroWrt.

My concern is explained by example.

I'm a fire department in the path of hurricane sandy. Power goes out.
I have a 7 day public ipv6 lease from a provider like comcast. A team
of volunteers get on bicycles connected to generators to keep the
servers and radios up and connected to the outside world.

Power stays out for 3 weeks. The public lease expires in 1 week.

Power flickers on, briefly. 40,000 users all apply for a new ipv6
lease at the same time. The lease changes. Power goes out.... the
network tries to renumber but has only partial connectivity... power
comes back on... lease changes again... the box in the corner that
controls the satellite uplink doesn't get a message and loses
connectivity entirely... people die.

I am making no long term design decisions vs a vs npt66 at this
point... but I have a strong bias towards only using ipv6 addresses on
an internal net that are as constant as the universe, and as constant
as ipv4 nat. Period.

Lest you think this is not a viable scenario, (although I would hope
hurricane sandy is high in many minds)....

power in nicaragua flickers 6 times a day....

>
>
>
> On 10.12.2012 15:23, Michael Richardson wrote:
>>>>>>>
>>>>>>> "Dave" == Dave Taht <dave.taht@gmail.com> writes:
>>
>>      Dave> Also planned is to (once the 3.7 kernel lands) make npt66 the
>> default
>>      Dave> (for most users). So in a couple weeks, all the underlying ipv6
>>      Dave> infrastructure in openwrt and cerowrt is going to change.
>>
>> Pardon?
>>
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html