1

A Debian Server having eth0, eth1. eth2, ppp0 devices:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether xx:yy:zz:yy:xx:yy brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether xx:yy:zz:yy:xx:yy brd ff:ff:ff:ff:ff:ff
4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether xx:yy:zz:yy:xx:yy brd ff:ff:ff:ff:ff:ff
63: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp

forwarding is enabled everywhere:

/proc/sys/net/ipv6/conf ~
  all/forwarding=1  default/forwarding=1
 eth0/forwarding=1     eth1/forwarding=1
 eth2/forwarding=1     ppp0/forwarding=1

and autoconf is activated too:

/proc/sys/net/ipv6/conf ~
  all/autoconf=1     default/autoconf=1
 eth0/autoconf=0        eth1/autoconf=1
 eth2/autoconf=1        ppp0/autoconf=1

further RA (=Router Advertisement) is accepted on any device but setting accept_ra=2 for at leat ppp0 and eth1:

/proc/sys/net/ipv6/conf ~
  all/accept_ra=1                              default/accept_ra=1           
 eth0/accept_ra=1                                 eth1/accept_ra=2           
 eth2/accept_ra=0                                   lo/accept_ra=1           
 ppp0/accept_ra=2

PPP connection is established successfully, having ipv6 ::dead:beef option set in /etc/ppp/peer/myProvider config file:

63: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qlen 3
    inet6 2003:42:e67f:d3ca:6105:155:f2b3:71f0/64 scope global temporary dynamic 
       valid_lft 14266sec preferred_lft 1666sec
    inet6 2003:42:e67f:d3ca::dead:beef/64 scope global dynamic 
       valid_lft 14266sec preferred_lft 1666sec
    inet6 fe80::dead:beef/10 scope link 
       valid_lft forever preferred_lft forever

and a default route to a link-local address of the provider is set:

2003:42:e67f:d3ca::/64 dev ppp0  proto kernel  metric 256  expires 13559sec
fe80::/64 dev ppp0  proto kernel  metric 256 
fe80::/10 dev ppp0  metric 1 
fe80::/10 dev eth1  proto kernel  metric 256 
fe80::/10 dev ppp0  proto kernel  metric 256 
fe80::/10 dev eth0  metric 1024
default via fe80::90:1a10:1b2:b780 dev ppp0  proto kernel  metric 1024  expires 1789sec

The public 2003:42:e67f:d3ca::/64 prefix has a route to the ppp0 device. radvd installed and running, radvdump shows the ppp0 IPv6 link sending RAs

interface ppp0
{
    AdvSendAdvert on;
    # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
    AdvManagedFlag off;
    AdvOtherConfigFlag on;
    AdvReachableTime 0;
    AdvRetransTimer 0;
    AdvCurHopLimit 0;
    AdvDefaultLifetime 1800;
    AdvHomeAgentFlag off;
    AdvDefaultPreference medium;
    AdvLinkMTU 1492;

    prefix 2003:42:e67f:d3ca::/64
    {
        AdvValidLifetime 14400;
        AdvPreferredLifetime 1800;
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
    }; # End of prefix definition

}; # End of interface definition

From the server host i can ping6 a host from the internet successfully. Now when i try forcing a RA by soliciting a router for ppp0 i get:

Soliciting ff02::2 (ff02::2) on ppp0...
Hop limit                 :    undefined (      0x00)
Stateful address conf.    :           No
Stateful other conf.      :          Yes
Router preference         :       medium
Router lifetime           :         1800 (0x00000708) seconds
Reachable time            :  unspecified (0x00000000)
Retransmit time           :  unspecified (0x00000000)
 MTU                      :         1492 bytes (valid)
 Prefix                   : 2003:42:e67f:d3ca::/64
  Valid time              :        14400 (0x00003840) seconds
  Pref. time              :         1800 (0x00000708) seconds

What i would expect is that all nodes on eth1 get SLAAC configured but when i try soliciting on eth1 i get:

Soliciting ff02::2 (ff02::2) on eth1...
Timed out.
Timed out.
Timed out.
No response.
  • I don't want to use DHCPv6 but SLAAC via radvd
  • I'd like to avoid bash kung fu cutting the actual prefix from the provider (eg: from rdisc6 output) to tweak the radvd.conf file on my own (eg: in an if-up event)
  • Bridging devices isn't a solution. PPP device is virtual and can't be bridged.

Somehow forwarding RA packets from ppp0 to eth1 (and to any other device) doesn't seem work at all. Why? As far as i understand any router with a DSL modem has to forward in some way RAs from it's internal modem device to the physical LAN ports attached otherwise any host connected there wouldn't get an IPv6 address, right? Now where is the difference between a router and my debian box? I would be grateful for any hint you may have.

3ronco
  • 143
  • 7
  • Is this what your ISP advised you to do? Typically you would route from ppp to eth and vice versa, instead of this...whatever it is. – Michael Hampton Nov 17 '14 at 23:06
  • No, i didn't create the routes myself but pppd did it for me. The server can connect via IPv6 to the internet. Whatever this is... it can't be that wrong. – 3ronco Nov 17 '14 at 23:32

2 Answers2

5

Router advertisements are not supposed to be forwarded. So when you find that they are not being forwarded, then at least that part is working as intended.

You are supposed to be running your own router advertisement daemon in your router, such that it advertises itself to the LANs.

You should have three separate /64 prefixes for your three LANs. So you need a routed /62 or shorter from your ISP. This is no problem because your ISP is supposed to give you a shorter prefix for this purpose (how short depends on who you ask, originally it was /48 but some would only hand out a /56).

If there is a DHCPv6 server available over the ppp link, then you can send a DHCPv6 request asking for a prefix to be delegated to you. Otherwise you may have to actually talk to a person.

kasperd
  • 29,894
  • 16
  • 72
  • 122
  • Aha! Besides the optional prefix/address assigned to *ppp0* by *RA* packets from the provider, it's not intended to be used by me to configure my own LAN with that prefix?! Instead i need a DHCPv6 client request through that ppp link of my provider to obtain another /56 prefix for my desired LAN. In my example that would be one of `2003:42:e67f:d3{XX}::/64` for any LAN i want to configure on a different ethX device of my debian box? – 3ronco Nov 18 '14 at 10:56
  • So using DHCP here isn't optional but mandatory, then i put this new obtained subnet prefix into the config of my *radvd* instance to hand out new IPv6 addresses on that LAN to get my hosts there with a full routable IPv6 address into the internet? PS: Also thanks to @Sander Steffman for your explanation. – 3ronco Nov 18 '14 at 10:57
  • @3ronco You could do without DHCPv6 if the ISP assigned a static prefix to your router. For example an ISP could say that you get `2001:db8:1234::/48` routed to your router, you just have to configure the router with static IP address `2001:db8:1234::2` on the WAN interface. But if you want the router to be autoconfigured, then I think prefix delegation through DHCPv6 is the only option. You only need DHCPv6 on the WAN side of your router, the LAN side does not need any DHCPv6. – kasperd Nov 18 '14 at 11:32
  • 1
    But unfortunately not with the ISP in germany, they hand out a dynamically created prefix on any new PPP link for privacy reasons. Somehow dull! Neverhteless i got it finally working. I installed wide-dhcpv6-client which triggers the prefix delegation on the ppp device, changed the radvd conf to hand out anything but link-local addresses on my desired LAN and voilà: `3: eth1: mtu 1500 qlen 1000 inet6 2003:40:e914:a400::1/56 scope global` – 3ronco Nov 19 '14 at 21:41
  • 1
    @3ronco Yes, most German ISPs seem to do this, every time you reconnect, and it's a nightmare if your network has anything more than a PC and a couple of phones. They _should_ give you the option to opt out and keep a static prefix. – Michael Hampton Nov 20 '14 at 04:37
2

The structure for this kind IP setup is usually:

  • You receive an RA over ppp0 so your system gets a default route and optionally a prefix
  • You run a DHCPv6-PD client on the system to request a routable prefix from the ISP
  • You use /64s from that prefix to number your other interface
  • You use radvd to send RAs to your local interfaces to let other systems know how your ipv6 network is configured
  • You don't send RAs to ppp0 because you're not a router for your ISP, their side is a router for you
Sander Steffann
  • 7,572
  • 18
  • 29