Signed-off-by: Matt Layher [email protected]
I've traveled a bit recently and noticed some ATT DHCPv6-PD setups are advertising:
- prefix /64 for SLAAC
- route information for the covering /60
This makes sense in the event that multiple routers may be present on a network: the router "owns" the covering /60 and anything in that /60 should be sent to that router. An unreachable route for the /60 is set on router's lo and then longer /64 routes are added for each LAN.
Consider a hypothetical /48 DHCPv6-PD setup may configure the following addresses and routes on cradveth0 (a LAN interface) and lo, the loopback:
$ ip -6 a s dev cradveth0
4: cradveth0@cradveth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet6 2001:db8::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fd38:4ad5:6ad6::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::d02b:fdff:fe71:97c9/64 scope link
valid_lft forever preferred_lft forever
$ ip -6 r s dev lo
::1 proto kernel metric 256 pref medium
unreachable 2001:db8::/48 metric 1024 pref medium
unreachable 2001:db8::/32 metric 1024 pref medium
unreachable fd38:4ad5:6ad6::/48 metric 1024 pref medium
For demonstration, I've also added an overlapping /32 for the delegated prefix and a ULA /48.
Given the following configuration:
# CoreRAD development (n/a) configuration file
[[interfaces]]
name = "cradveth0"
advertise = true
[[interfaces.prefix]]
[[interfaces.route]]
CoreRAD will start up as follows:
$ sudo ./corerad
CoreRAD development (n/a) starting with configuration file "corerad.toml"
cradveth0: "prefix": ::/64 [fd38:4ad5:6ad6::/64] [on-link, autonomous], preferred: 4h0m0s, valid: 24h0m0s
cradveth0: "route": ::/0 [2001:db8::/32, fd38:4ad5:6ad6::/48], preference: Medium, lifetime: 24h0m0s
cradveth0: "lla": source link-layer address: d2:2b:fd:71:97:c9
cradveth0: initialized, advertising from fe80::d02b:fdff:fe71:97c9
Producing the following router advertisement:
$ ndp -i cradveth1 rs
ndp> interface: cradveth1, link-layer address: 2e:81:cb:78:01:ad, IPv6 address: fe80::2c81:cbff:fe78:1ad
ndp rs> router solicitation:
- source link-layer address: 2e:81:cb:78:01:ad
ndp rs> router advertisement from: fe80::d02b:fdff:fe71:97c9:
- hop limit: 64
- preference: Medium
- router lifetime: 30m0s
- options:
- prefix information: 2001:db8::/64, flags: [on-link, autonomous], valid: 24h0m0s, preferred: 4h0m0s
- prefix information: fd38:4ad5:6ad6::/64, flags: [on-link, autonomous], valid: 24h0m0s, preferred: 4h0m0s
- route information: 2001:db8::/32, preference: Medium, lifetime: 24h0m0s
- route information: fd38:4ad5:6ad6::/48, preference: Medium, lifetime: 24h0m0s
- source link-layer address: d2:2b:fd:71:97:c9
This seems like a useful behavior to me, but there are some questions here:
- What happens if a user is using multiple routing tables? Right now we only check for automatic routes from "main", table 254. Do we tell the user they're on their own?
- Would it be useful to support
::/48
or similar instead of just ::/0
, meaning "any route /48 or longer?". This would drop the covering /32.
- Should we only support this behavior for routes with type unreachable/blackhole? Right now we ignore the type and assume any route configured on a loopback should be redistributed via NDP RA.
Feedback very welcome! This is something I want to deploy on my own LAN but I am also afraid of implementing something that is subtly incorrect.