11

My ISP has just started IPv4/IPv6 dual stack service. In order to connect IPv4/IPv6 internet, almost all users usually use a CPE leased by the ISP. But I want to use my Linux router instead of such CPE, because my router has so many roles(a lot of iptables rules and 3 Ethernet interfaces, http reverse proxy, http cache, memcached, smtp/pop server and DNS proxy). I want to let it to be an IPv4/IPv6 dual stack router.

My router

  • CentOS6.0 i686
  • eth0 for WAN
  • eth1,2 for LAN
  • ISC dhcp(version 4.1.1) installed by "# yum install dhcp" from CentOS-updates repo
  • radvd(version 1.6) installed by "# yum install radvd" from CentOS-base repo
  • [EDIT] The reason why I use ISC dhclient is that my router has to send a DHCPv6 option 16 (Vendor class) in its solicit and request messages, in order to get vendor-specific-information option which includes some ISP-specific informations(SIP phone number, firmware server address). I know how to set option 16 in ISC dhclient, but don't know it in WIDE-dhcpv6. And I can not find such settings as "id-assoc" in ISC dhclient.

My goal

  • /48 prefix is delegated to DHCPv6-PD(DHCPv6 Prefix Delegation) client(dhclient) on eth0.
  • An IPv6 default route is set toward to ISP. I have to consider ISP's DHCPv6 server's link-local address as a default route.
  • One /64 subnet and one global address (which are in the delegated prefix) are assigned to each LAN I/F(eth1/eth2).
  • radvd on eth1 and eth2 announces RA based on the assigned /64 subnet.
  • dhcpd6 on eth1 and eth2 announces additional network information(name-servers, domain-searchlist and sip-servers-addresses) received from ISP's DHCPv6 server.

My current configuration

/etc/sysconfig/network

NETWORKING=yes
HOSTNAME=xxx.yyy.zzz

# Enable IPv6 routing and stop accept_ra/autoconf.
IPV6FORWARDING=yes

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none

# Enable DHCPv6-PD client.
DHCPV6C=yes
DHCPV6C_OPTIONS="-P -cf /etc/dhcp/dhclient6.conf"

# Disable make_resolv_conf function in /sbin/dhclient-script.
PEERDNS=no

/etc/dhcp/dhclient6.conf

script "/sbin/dhclient-script";
interface "eth0" {
        send dhcp6.reconf-accept;
        also request dhcp6.vendor-opts, dhcp6.sip-servers-names, dhcp6.sip-servers-addresses, dhcp6.sntp-servers;
}

Result

After "# service network restart", DHCPv6-PD client seems to finish successfully.

lease6 {
  interface "eth0";
  ia-pd xx:xx:xx:xx {
    starts 1312464004;
    renew 7200;
    rebind 10800;
    iaprefix 24xx:xxxx:xxxx::/48 {
      starts 1312464004;
      preferred-life 12600;
      max-life 14400;
    }
  }
  option dhcp6.client-id xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;
  option dhcp6.server-id xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;
  option dhcp6.reconf-accept ;
  option dhcp6.sip-servers-addresses 24xx:xxxx:xxxx:xxxx::1;
  option dhcp6.name-servers 24xx:xxxx:xxxx:xxxx::3,24xx:xxxx:xxxx:b::3;
  option dhcp6.domain-search "xxx.jp.", "yyy.jp.";
  option dhcp6.sntp-servers 24xx:xxxx:xxxx:xxxx::a,24xx:xxxx:xxxx:b::b;
}

Question

DHCPv6-PD client is delegated /48 prefix successfully. But after that,

  • How to set an IPv6 default route in the router's routing table ?
  • How to assign a global IPv6 address and /64 subnet to each LAN I/F(eth1 and eth2) based on the delegated prefix ?
  • How to trigger radvd to announce RA on each LAN I/F(eth1 and eth2) ?
  • How to trigger DHCPv6 server(dhcpd6) on each LAN I/F to announce additional network information(name-servers, domain-searchlist and sip-servers-addresses) received from ISP's DHCPv6 server ?

My guess

According to "$ man dhclient" and "$ man dhclient-script", dhclient-script seems to be used to configure such settings, and it offers some hooks. But now, it does nothing for DHCPv6-PD client.

Yes, I may have to write some scripts suitable for my DHCPv6-PD environment, though I am not familiar with IPv6 network configurations. Anyone let me know the above settings in dhclient-script ? [EDIT] I want to know the practical dhclient-script.

And I worry, some special consideration should be taken. For example, because each IPv6 address has preferred/valid lifetime, when I assign a global IPv6 address to a LAN interface based on the delegated prefix, I have to assign not only an IPv6 address but also its lifetimes which must be derived from the delegated prefix's preferred/valid lifetimes ?

Also, radvd and DHCPv6 server on LAN interfaces may have to be re-configured when DHCPv6 re-configuration happens ? Which hook should be used ?

[EDIT] When DHCPv6 re-configuration happens, how to announce both new and obsolete information ? radvd automatically announce the previous prefix is obsolete? DHCPv6 server automatically announce the previous name-servers are obsolete ?

takaomag
  • 241
  • 1
  • 3
  • 6

3 Answers3

5

I don't know the answer to your question, but I just want to warn you about using the DHCP server address as your default router. If that works it is by chance... In IPv6 the default route is communicated by RA's and not by DHCP.

You will need to enable forwarding, accepting RA's and sending out RS's. A problem here is that the kernel included in Centos6 does not allow you to do that. When forwarding is enabled then accepting RA's and sending RS's is disabled. There should be a CentosPlus kernel with the relevant patches though. See the mailing list thread / message at http://lists.centos.org/pipermail/centos/2011-April/thread.html#109756

The relevant sysctl.conf settings are:

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.eth0.accept_ra=2
net.ipv6.conf.eth0.accept_ra_defrtr=1
net.ipv6.conf.eth0.router_solicitations=1
Sander Steffann
  • 7,572
  • 18
  • 29
  • 2
    Actually, you want accept_ra to be 2 (accept even if routing is enabled). Otherwise the kernel ignores it on a router. – Kyle Butt Aug 09 '12 at 21:11
2
  • An IPv6 default route should be setup by whatever got your default (upstream) Internet connection, before you use DHCPv6 PD to get the additional subnets. You haven't mentioned how you're actually connecting upstream, so I can't help you there.
  • I use WIDE DHCPv6 client, rather than ISC, so I don't know how to do it specifically, but I expect that ISC has something equivalent to this WIDE configuration option:

    id-assoc pd {
        prefix-interface eth0 {
            sla-id 1;
            sla-len 4;
        };
    };
    

    Basically, you tell the DHCP client how to assign subnets to internal interfaces; the above configuration says "I'm getting 4 bits of prefix delegated to me (sla-len 4), take the first available subnet (sla-id 1) and assign it to eth0 (prefix-interface eth0).

  • Setup radvd with appropriate interface stanzas (there are good examples in the radvd.conf man page to work from), and it'll Just Work.
  • I can't help you there; apart from testing, I don't use DHCPv6 service (I get all my DHCP info from my DHCP server).
womble
  • 95,029
  • 29
  • 173
  • 228
  • Thanks for your answer. 1. How to connect upstream is to just connect a Ethernet cable to a FTTH GE-PON. Just now, there is no way to specify default IPv6 route through DHCPv6, I have to consider the DHCPv6 server's link-local address as a default route. – takaomag Aug 05 '11 at 02:18
  • 2. Although I did not mention, the reason why I use ISC dhclient is that my router has to send a DHCPv6 option 16 (Vendor class) in its solicit and request messages, in order to get vendor-specific-information option which includes some ISP-specific informations(SIP phone number, firmware server address). I know how to set option 16 in ISC dhclient, but don't know it in WIDE-dhcpv6. And I can not find such settings as "id-assoc" in ISC dhclient. – takaomag Aug 05 '11 at 02:18
  • 2
    3,4. I may be able to write some poor scripts to construct radvd.conf and dhcpd6.conf based on information(Prefix, etc) from DHCPv6 server. But when DHCPv6 re-configuration happens, how to announce both new and obsolete information ? radvd automatically announce the previous prefix is obsolete? DHCPv6 server automatically announce the previous name-servers are obsolete ? – takaomag Aug 05 '11 at 02:34
  • Anyway I want to know the practical dhclient-script. – takaomag Aug 05 '11 at 02:35
  • Don't add all this information in comments on an answer; **add it to your question**. – womble Aug 05 '11 at 03:40
  • I'm sorry, I have added it. – takaomag Aug 05 '11 at 08:50
-1

Wombie has given the same answer I would use for setting up radv and routing. Inet6 is designed to do self configuration without the need for a DHCP server.

I don't use DHCPv6 as it can be handled by radvd and zeroconf. radvd can be configured to supply name servers, and can advertise servers from /etc/resolv.conf. New versions of radvd have also implemented distributing search lists.

I configured avahi-daemon to distribute name services and servers to clients. You will need clients are able to do service discovery. I haven't done much testing of service discovery as I run a dual stack network across the board.

BillThor
  • 27,354
  • 3
  • 35
  • 69
  • Even whether I use DHCPv6 server or radvd, I have to write some scripts to construct dhcpd6.conf or radvd.conf dynamically based on information(Prefix, etc) from DHCPv6 server. But when DHCPv6 re-configuration happens, how to announce both new and obsolete information to LAN side hosts ? If I construct new dhcpd6.conf or radvd.conf dynamically based only on new information from DHCPv6 server, radvd automatically announce the previous prefix is obsolete? DHCPv6 server automatically announce the previous name-servers are obsolete ? – takaomag Aug 05 '11 at 03:06
  • radvd can use the ::/64 prefix to automatically get its addreses from the interface. You don't need to rewrite the configuration. DNS servers and search list should be static data. IPv6 auto-configuration is designed to handle migrating addresses. I don't know how well your ISP supports the transition. I haven't looked at DHCPv6. – BillThor Aug 05 '11 at 03:44
  • So I'm trying to set this up. My Linux-PC-based router has an eth0 facing the ISP, and is getting the prefix delegation there. eth0 has a working publicily accessible IPv6 address. eth1 faces my network. I assume I have to tell radvd.conf to advertise on eth1. How do I tell radvd.conf to use the prefix from eth0? ::/64 just produces error messages about invalid all-zeros prefix in daemon.log. – LawrenceC Apr 11 '21 at 15:24