Alter.Org.UA  
 << Back Home RU ru   Donate Donate www/www1/www2

Setting up IPv6 ISP

We deploy IPv6 in our Alfa-inet ISP. IPv6 addresses are available for all users almost since very beginning. Looks simple, but appears not. It is ttill work in progress. :)

FreeBSD RTADVD

Firstable we configured native FreBSD 7.2 rtadvd. Seems ok. Several clients get some IPv6 addresses. Everybody is happy. At some moment appeared that some clients need v6 DNS (RDNSS). Appeared, that rtadvd has no such option. So, the following patch appeared:

Patch for rtadvd RDNSS.

FreeBSD 7.2 upgrade

When clients begin using IPv6 actively we get kernel panic. Again and again. Appeared that 7.2-release has a bug in IPv6 routing engine. It crashed in some minutes after enabling ipv6 gateway. We had to cvsup to 7.2-curent. This helps.

RTADVD -> RADVD

Later appeared, that there are some clients who do not obtain IPv6 addresses, however they are configured correctly. The same time, these computers successfully het IPv6 addresses from Linux server. The only difference is route advertising daemon. Linux uses radvd. tcpdump shows, that there is a difference in advertisement algorithm. rtadvd operates like dhcp: cliens prompts for Route Solicitation - server replies with Route Advertise. The sabe time radvd periodically broadcasts Route Advertise, clients listen. When Route Advertise is catched, cleint sends Route Solicitation. So, we had to mugrate to radvd from FreeBSD ports.

Multicast filtering

A little later we found still some clients, who cannot get IPv6 address. The problem was in multicast filtering on several switches. For D-Link proper config looks like this:

config multicast vlan_filtering_mode all forward_unregistered_groups

DHCPv6

Ok, we decided to deploy MAC-based address assignment since we need accounting, enabling and disabling clients. Old isc-dhcpd doesn't support IPv6. We tried dhcp6s, but without success. Firstable because it doesn't support DHCP-PD - it cannot advertise subnets for clients. New isc-dhcpd v4.2.4 is ok. But doesn't work :) None of client sent DHCPv6 query to server. Appeared that we missed Managed option (flag M) in radvd.conf. Along with Managed we decided to enable OtherConfig (flag O), in order to send network, DNS and other options to client.

    AdvManagedFlag on;
    AdvOtherConfigFlag on;

DHCPv6 default gateway

There is no standard option for advertising default gateway over DHCPv6. Only via custom option configured on both client and server sides.

# RTPREFIX option layout definition
option dhcp6.rtprefix code 243 = {unsigned integer 32, unsigned integer 8, unsigned integer 8, ip6-address };


# This statement defines an option layout, not the values.
# NEXT_HOP option with RTPREFIX option included
#option dhcp6.next-hop-rt-prefix code 242 = { ip6-address, unsigned integer 16,
#   unsigned integer 16, unsigned integer 32, unsigned integer 8, unsigned integer 8, ip6-address };


# Simplified mode (NEXT_HOP only, without RTPREFIX) for
# bandwidth constrained networks.
# Make sure that only simplified or full mode are uncommented, not both.
# Uncomment this if you want to send simplified default-route information
option dhcp6.next-hop code 242 = ip6-address;

References

http://community.roxen.com/developers/idocs/drafts/draft-ietf-mif-dhcpv6-route-option-05.html
http://tracker.tools.ietf.org/doc/draft-ietf-mif-dhcpv6-route-option/?include_text=1
http://www.isc.org/community/blog/201111/routing-configuration-over-dhcpv6

MAC-based DHCPv6

Ok, clients ask DHCPv6 server and get addresses from guest subnet. Next step is DHCPv4-like MAC-based IPv6 address assignment. Appeared hardware ethernet option is available in dhcpd6.conf too.

    host demo6-host {
      hardware ethernet 00:13:14:14:46:96;
      fixed-address6 2a01:d0:9:8::a1fa:f001;
      option dhcp6.fqdn "demo6-host.my-isp.com";
      fixed-prefix6 2a01:d0:3ff0:9700::/56;
    }

Ok. Some clients do not use DHCPv6 yet (they have no support for it). Some get nice IPv6 fro DHCP as configured. But some registered users still get guest addresses. DHCP is processed by server, but client MAC is not recognised. So, guest IP is assigned. Source analisys of isc-dhcpd shows the following. However DHCPv6 option is named like in DHCPv4, it operates in different way. Server extracts HW ID from the DUID of client request - unique client identifier. Lower part of DUID may, but not must be constructed from MAC-address. Sometimes MAC of local interface is taken. Sometimes something other. There are two options:

  • prompt vendor to fix firmware :)
  • prompt client to replace router or configure software
  • learn server to take into account real MAC-address of the client.

Patch for strict MAC-based DHCPv6 address assignment with ISC DHCPD v4.2.4.

DHCPv6-PD

There is a small problem here. We advertise subnet to the client. But dhcpd itself doesn't update routing table. Is is acceptable for static assignments. We can make static routes. But for dynamic allocation we have to invent something. I think, it is bad idea to accept route advertises from clients.

Appeared, there is another problem. Some home routers doesn't use IPv6 address assigned by DHCP. However, they successfully accept client prefix and assign addresses from it to clients. And, of course, IPv6 doesn't work for them. These routers may use RADVD-assigned or even Link-local address as external. We were to add automatic routing table update for each prefix lease. There is some test version of automatic route adjustment for DHCPv6 PD for ISC DHCPD v4.2.5. Hard-coded (via #define) script is called from dhcpd.

Configs

radvd.conf
interface vlan777
{
        AdvSendAdvert on;

# This may be needed on some interfaces which are not active when
# radvd starts, but become available later on; see man page for details.
        IgnoreIfMissing on;

# These settings cause advertisements to be sent every 3-10 seconds.  This
# range is good for 6to4 with a dynamic IPv4 address, but can be greatly
# increased when not using 6to4 prefixes.
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;

# You can use AdvDefaultPreference setting to advertise the preference of
# the router for the purposes of default router determination.
# NOTE: This feature is still being specified and is not widely supported!
        AdvDefaultPreference high;

# Disable Mobile IPv6 support
        AdvHomeAgentFlag off;

# Hosts  use  the administered (stateful) protocol for
# address autoconfiguration in addition to any addresses  autocon-
# figured  using  stateless address autoconfiguration.
# This enables DHCPv6
        AdvManagedFlag on;
        AdvOtherConfigFlag on;

# Client network for auto-config
        prefix 2a01:d0:9:0::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };

# IPv6 DNS servers
        RDNSS 2a01:d0:9:0::1 2a01:d0:0:10::1 2a01:d0::1
        {
                AdvRDNSSPreference 8;
                AdvRDNSSOpen off;
                AdvRDNSSLifetime 30;
        };


};
dhcpd6.conf
# Some global defaults

ddns-update-style none;
ignore client-updates;
default-lease-time 2592000;
preferred-lifetime 604800;
option dhcp-renewal-time 3600;
option dhcp-rebinding-time 7200;
option dhcp6.info-refresh-time 21600;

shared-network MyClientNetwork {
  interface vlan777;

  subnet6 2a01:d0:9::/64 {
    # guest addresses for unknown MAC's
    range6 2a01:d0:9::bad:1000 2a01:d0:9::bad:2000;

    option dhcp6.name-servers 2a01:d0:9::1,2a01:d0:0:10::1,2a01:d0::1;
    option dhcp6.domain-search "my-isp.com";
    option dhcp6.fqdn "my-isp.com";
    option dhcp6.next-hop 2a01:d0:9::1;
    allow unknown-clients;
    # will not work without special routing tool, see above DHCPv6-PD
    #prefix6 2a01:d0:9:1000:: 2a01:d0:9:11ff:: /64;
  }

}

group {
  option dhcp6.name-servers 2a01:d0:9::1,2a01:d0:0:10::1,2a01:d0::1;
  option dhcp6.domain-search "my-isp.com";
  option dhcp6.next-hop 2a01:d0:9::1;
# NTP server
  option dhcp6.sntp-servers 2a01:d0:9::1;
# select * , inet_ntoa( inet_aton(def_ip) & inet_aton(netmask)),  inet_ntoa((inet_aton(def_ip) & in
#select user_id, user_mac, user_name, user_ip, user_real_ip, uses_ipv6   from user_list where  del_

    host user-1 {
#route add -inet6 2a01:d0:4002:8200:: -prefixlen 56 2a01:d0:9::a1fa:0024
#route change -inet6 2a01:d0:4002:8200:: -prefixlen 56 2a01:d0:9::a1fa:0024

      hardware ethernet 16:38:03:ba:bb:ab;
      fixed-address6 2a01:d0:9::a1fa:0024;
      option dhcp6.fqdn "user-1.my-isp.com";
      fixed-prefix6 2a01:d0:4002:8200::/56;
    }
     
# ........
}

Note: replace 2a01:d0:xxx with your real addresses ;)

Note 2: don't forget to set static routes to your fixed-prefix6

IPv6-capable Routers

ModelFirmwareStaticRoute Adv.DHCPv6 NADHCPv6 PDDHCPv6 DNS/etc.
Asus RT-N65U2014.02.xx++++
Asus RT-N56U3.0.0.4.374_979+++
Asus RT-N12D1 ++-
Asus RT-N66U ---
TP-Link TL-WR 1043OpenWrt+++/-
need manual changes in config files
TP-Link TL-WR 4300OpenWrt++
TP-Link TL-WR 36003.14.1 Build 140916 Rel.65058n++++/- (No WiFi)
Cisco RV100W ++-
Buffalo WZR-HP-A300h ++-

See also:

  • 6assist.net - IPv6-oriented MPtP tunnel over IPv4 network.
  • DHCPv6 - strict MAC-based address assignment + PD routing patch.
<< Back designed by Alter aka Alexander A. Telyatnikov powered by Apache+PHP under FBSD © 2002-2017