6
1
I think this question concerns the interaction between the configurable Default Address Selection algorithm defined by RFC-3484 and the temporary addresses defined by RFC-4941, though the solution may require some third kind of functionality. My environment is Linux (kernel version 3.2.0 on Ubuntu 12.04) with the iproute2 utility (version ss111117).
How can I configure my computer to use a regular, non-privacy enhanced address to connect to other nodes under the same prefix, but use a temporary address for connections to nodes outside that prefix?
For example, let's say that my computer is fuzzy
, and my file server is bunny
. Somewhere out on the IPv6 Internet is a website I want to visit, nosey.example.com
. Here are the addresses assigned on fuzzy
:
neirbowj@fuzzy:~$ ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:db8:d00d:babe:6d3b:96d0:f584:beb3/64 scope global temporary dynamic
valid_lft 599342sec preferred_lft 80342sec
inet6 2001:db8:d00d:babe:22fc:11ff:fe53:b2e7/64 scope global dynamic
valid_lft 2591986sec preferred_lft 604786sec
inet6 fe80::22fc:11ff:fe53:b2e7/64 scope link
valid_lft forever preferred_lft forever
bunny
has a statically configured address on the same prefix.
neirbowj@fuzzy:~$ grep bunny /etc/hosts
2001:db8:d00d:babe::1 bunny
nosey.example.com
is not on this prefix.
neirbowj@fuzzy:~$ host -t aaaa nosey.example.com
nosey.example.com has IPv6 address 2001:db8:b00b:1e5::1
The address labels on fuzzy
are set to their defaults.
neirbowj@fuzzy:~$ ip addrlabel
prefix ::1/128 label 0
prefix ::/96 label 3
prefix ::ffff:0.0.0.0/96 label 4
prefix 2001::/32 label 6
prefix 2001:10::/28 label 7
prefix 2002::/16 label 2
prefix fc00::/7 label 5
prefix ::/0 label 1
When I connect to bunny
, I want to use 2001:db8:d00d:babe:22fc:11ff:fe53:b2e7
, because it is not flagged "temporary
". When I connect to nosey.example.com
, I want to use 2001:db8:d00d:babe:6d3b:96d0:f584:beb3
because it is flagged "temporary
". Is this possible, and if so, how?
I have already read How does IPv6 source address selection work in Linux, but I don't see how any of the rules would affect this choice, nor even how the temporary
flag informs address selection at all.
The reason I think I should be able to do this is because of this excerpt.
RFC-4941
Section 3.1 Assumptions
[...]
Finally, this document assumes that when a node initiates outgoing
communication, temporary addresses can be given preference over
public addresses when the device is configured to do so.
[ADDR_SELECT] mandates implementations to provide a mechanism, which
allows an application to configure its preference for temporary
addresses over public addresses. It also allows for an
implementation to prefer temporary addresses by default, so that the
connections initiated by the node can use temporary addresses without
requiring application-specific enablement. This document also
assumes that an API will exist that allows individual applications to
indicate whether they prefer to use temporary or public addresses and
override the system defaults.
This is a great answer to a slightly different question, because this approach is agnostic to the address type (static, DHCPv6, SLAAC, SLAAC+privacy, etc). While it may be the best I can do, I want to wait a little longer before accepting your answer. – neirbowj – 2013-08-29T19:46:41.870
@neirbowj The method by which you obtain your addresses isn't really relevant. This is how you would do it. BTW, you can also throw this into
/etc/network/interfaces
to make it permanent. – Michael Hampton – 2013-08-30T00:48:04.073I didn't say I couldn't do it this way, but if you read my question, I hope you will see why the nature and source of the addresses is very relevant. – neirbowj – 2013-08-30T02:21:11.080
1@neirbowj Your question doesn't say anything about that. Perhaps you forgot to add it? – Michael Hampton – 2013-08-30T22:45:41.673
@MichaelHampton: I state it in three places: the title ("Use temporary addresses..."), the first sentence that ends with '?' (regular, non-privacy enhanced vs. temporary), and the sentence just before "Is this possible, and if so, how?" ("because it is not flagged ... because it is flagged ..."). – neirbowj – 2013-08-31T17:19:11.363
@neirbowj And this answer covers it perfectly. What's the problem? – Michael Hampton – 2013-08-31T17:53:10.200
Addresses flagged as temporary are used by default. So you only need to set routing table entries to override that default. Fits your question I would think. – Sander Steffann – 2013-09-01T16:09:12.207