SDB:Native IPv6

Jump to: navigation, search


Tested on openSUSE

Recommended articles

Related articles

Icon-help.png


This article is about configuring a system in a native IP version 6 environment.

Situation

Your system is connected to a network with a router which supports native IP version 6. This means that your system will get a global IPv6 address simply by enabling IPv6 in your system.

No IPv6 router

When you enable IPv6 without such a router you will see that your interface gets a local or link IPv6 address (Scope:Link). Such an address starts with fe80::. With such an address you can communicate with other systems on the same link (Ethernet broadcast domain) which also have IPv6 enabled. Your interface will always have such an address, also in the case that you have an IPv6 router.

IPv6 router

An IPv6 router is always part of a global network and/or a so-called site network. A site network is comparable with a local IPv4 network like the 10.x.x.x network. Addresses in that site network start with fc::/7, also called unique local addresses. A global network is connected to the global Internet. The global addresses currently start with 2. The router is configured by network management to present an IPv6 prefix to all systems connected to the link where your system is connected. This is a prefix for global IPv6 addresses and if so configured a prefix for unique local IPv6 addresses.

Router Advertisement

The router sends on regular intervals a so-called Router Advertisement (RA) packet to all systems on the Ethernet network. In this packet the prefix, the preferred lifetime and valid lifetime are present. A system can also send a packet to ask (solicit) for this packet; this is to speed up the assignment. These lifetime values are the maximum values these parameters can take. So if you give these values a higher value in your system (see below) the actual values will not be larger than in the RA.

Stateless Autoconfiguration

A feature of IPv6 is that with a router present, this router always provides Stateless Autoconfiguration. This means that an interface is always able without user intervention to receive an unique global/local IPv6 address. This feature is controlled by three main parameters in your system, and a fourth parameter may be needed in case of trouble. These parameters are documented by Documentation/networking/ip-sysctl.txt in the kernel source tree, and are as follows:

  • autoconf: This parameter enables or disables Stateless Autoconfiguration. When disabled you need to assign a fixed address to the interface, otherwise it will only be able to communicate on the local link. When enabled you get a global/local IPv6 address of which the lowest 64 bits are derived from the MAC address of your interface. This is a rather stable address, which can be used to connect from other systems, even from systems in the Internet, to your system.
  • use_tempaddr: This parameter enables another IPv6 address, which is regularly changed, and of which the lowest 64 bits are derived from a random generator. This feature is available for security reasons. It makes it difficult to track ones movements in the Internet (only with a traveling device, a device in a static environment will always have the same higher bits in the IPv6 address).
  • forwarding: If forwarding is 1, then the computer itself will act as a router and will ignore router advertisements from other routers.
  • temp_prefered_lft: The preferred lifetime of a temporary address; however it can be overridden by router advertisement messages (e.g. see bug #731730).
openSUSE 11.4

In openSUSE 11.4 the default is autoconf enabled, but use_tempaddr is not (set to 0), temp_prefered_lft is set to 86400 (1 day).

openSUSE 12.1 and higher

In openSUSE 12.1 and higher the default is also autoconfig set to 1, however use_tempaddr is enabled (set to 2). This means that the lower 64 bits are randomly generated and that on outgoing packets, initiated from the system, this IPv6 address will be used in the source address field. The MAC address based IPv6 address is also present. So the system can be reached by that more or less fixed address.

use_tempaddr can also be set to 1, which means that there is a randomly generated lower 64 bits IPv6 address available, however outgoing packets initiated from the system will have the MAC address based IPv6 address in the source address field.

Stateful Autoconfiguration or DHCP6

From the above it is clear that DHCP6 is not necessary. However it makes it possible to control the assignment of IPv6 addresses more precise. Most likely, if you have a DHCP6 service in your network, you will want to disable Stateless Autoconfiguration.

Which IPv6 address will be used

For outgoing connections the one randomly generated will be used as the source address (unless use_tempaddr is set to 1), but if use_tempaddr is disabled, the one derived from the MAC address (autoconf enabled) will be used, and if that one is disabled, the one derived through DHCP6 will be used, otherwise the fixed address will be used.

Warning about temporary addresses

Use of temporary addresses can give problems with long standing connections, like SSH or IRC sessions. In that case it is better to disable temporary addresses or set the lifetime to a high value. At least after booting a new value will be used.

In principle however, obsolete randomly generated addresses may stay around for a while. So long standing connections are not affected immediately when a new address is generated. But this depends on your IPv6 environment and router. There are cases where the IPv6 router sets very short lifetimes in its router advertisements and this overrides local lifetimes - see bug #731730 for details.


Procedure

This article describes several solutions of:

  • Enabling the private extension for setting the host part (randomly generated) of the IPv6 address
  • Enabling IPv6 with a dynamic, without or with DHCP6, or fixed IPv6 address

For openSUSE 12.3 and higher it is recommended to use Network Manager to manage your network interfaces. So in YaST you should get the warning that these interfaces are managed by NetworkManager, otherwise configure it that way.

Using YaST2

Randomly generated host part of IPv6 address

openSUSE 12.1 and higher

This is the default in openSUSE 12.1 and higher, but not in lower versions of openSUSE. It is recommended to leave it this way on a laptop or similar device, which is used while traveling. In other circumstances it is up to you. However if you are using your system in a larger environment, your organization may have a policy that forbids this type of address, because it makes it more difficult to trace the activity of a system in that larger network. See below how to change this default (On the command line).

openSUSE 11.4

To enable this you start YaST2, select System and start the module /etc/sysconfig Editor. Expand Network (press on the + in front of it) and in Network General. Select IPV6_PRIVACY and set it to yes. It is marked DEPRECATED, but it works and is the easiest way to do.

Dynamic IPv6 address without DHCP6

In a network without a DHCP6 server, you should disable DHCP6. Otherwise you may experience a long delay before you get your global IPv6 address. Start YaST2, select Network Devices and start the module Network Settings. In the tab Global Options enable Activate IPv6, which is the default after installation. In the tab Overview choose (one of) the interface(s) and press Edit. Enable Dynamic IP address and choose DHCP version 4 only.

openSUSE 11.4

This is the default and is the recommended setting, your IPv6 address is derived from the MAC address.

openSUSE 12.1 and higher

This is the default, however you will get two global IPv6 addresses. One derived from the MAC address and the other one with a host part generated randomly. The last one will regularly change. It is supposed to change each temp_prefered_lft, however it can change more often if the router advertisements override it (see bug #731730). You can use the first address to connect to your system, the second one will be used in outgoing connections, unless use_tempaddr is set to 1.

Dynamic IPv6 address with DHCP6

This is like the above, however you choose both 4 and 6 or only 6. Use DHCP6 only if you know that you have a DHCP6 server in your network, otherwise there is a large delay (order 10 minutes) before you get your global IPv6 address.

In this case it is recommended to disable Stateless Autoconfiguration (autoconf = 0).

Using a fixed IP address

Start YaST2, select Network Devices and start the module Network Settings. Now you choose Statically assigned IP Address. Previously you assigned an IPv4 address in the text box IP address and a subnet mask for this address and you still should do. This means that you have to use Add at the bottom of the dialog to add a second IP address to the interface. You will see a dialog with three text boxes. The box labeled Alias may be left empty. The other two get the IP address like x:x:x:x:x:x:x:x, where x is 0-ffff and the netmask box most likely gets /64. The first x:x:x:x, the prefix, are provided by your ISP or network management of your organization. If you start with a dynamic address you can copy the first x:x:x:x from the IPv6 address that you get from the router. You can use the /sbin/ifconfig command to show this address. You will also see the netmask in the output of that command. You can choose the host part of the IPv6 address as you like, however the seventh most significant bit of the host part should be 0 to indicate a fixed address, so the mask for this is ::2:0:0:0. With a fixed IP address you need to specify a default gateway. So you have to select the tab Routing also. Here the default gateway for IPv6 has to be the part of the IPv6 address masked with the netmask and all zeros added at the end or you copy the value that you get when you started with a dynamic address.

In this case it is recommended to disable Stateless Autoconfiguration (autoconf = 0).

Setting other parameters with YaST

Setting the parameters autoconf, use_tempaddr and temp_address_lft is not available through YaST.

Using Network Manager

Start the management window by clicking on the icon Icon-NM.png in the system tray, click on Manage Connections button. Click on the tab Wired and you will see a window similar to the one below.

NM initial window.png

When you have an Ethernet port in your system you will have a line in that window indicated by the name Wired connection 1. Select this line and press the button Edit.... Here we will only discuss the IPv6 settings, so click on the IPv6 tab. You will see the following window.

NM wired IPv6.png

We will discuss the options from top to bottom:

  • You can change the name Wired connection 1. You will find this name as a file name in /etc/NetworkManager/system-connections/, if you enable System connection.
  • Connect automatically. Should be enabled.
  • System connection. Should be enabled. You will be asked in a separate window for the root password.
  • Drop down button marked with Basic settings. Here we discuss only these basic settings. The other possibilities are for advanced users.
  • Method. Here we have the following options:
    • Automatic. This is used in a network environment where the network offers a Router Advertisement packet which provides all the necessary information to establish an IPv6 addresses, a default gateway and the address(es) of a DNS.
    • Automatic (addresses only). This means that you have to configure DNS information, router information is derived from Router Advertisement. A router may be configured to not include DNS information in the Router Advertisement, so you may need this option.
    • Automatic (DHCP only). You need to have a DHCPv6 server in your network. Router Advertisement will not be used to establish a configuration.
    • Manual. You have to configure all information of the configuration (see below).
    • Link-Local. You will only get and use a link local address.
    • Shared. Not sure what this means.
    • Disabled. Not sure what the effect is. When setting this there still are global IPv6 addresses available on the interface.
  • IP address: only available with Manual selected.
  • Subnet Mask: only available with Manual selected.
  • Gateway: only available with Manual selected (this is the default gateway, normally this is the unique local address of the router, but the link local address of the router can also be used)
  • Additional DNS Servers, changes in DNS Servers in case Manual is selected. You need to enter IP addresses not names.
  • Additional Search Domains, changes in Search Domains in case Manual is selected. Meaning: in case a given name can not be resolved, the domain(s) entered here are suffixed to that name and search for in the DNS (between the name and the suffix a dot will be inserted).
  • Privacy extensions. The drop down button provides the following options (corresponds with the value of the above mentioned use_tempaddr:
    • Disabled. You will only get an IPv6 address derived from the MAC address.
    • Enabled (prefer temporary addresses). You will also get an IPv6 address where the lower 64 bits are derived randomly and which will be used when making a connection to a system in the Internet.
    • Enabled (prefer public address). You will also get an address where the lower 64 bits are derived randomly, but still the address derived from the MAC address will be used when making a connection to a system in the Internet.
  • IPv6 is required for this connection. The system will wait for this connection to be established before continue booting. Needed when you want to mount remote file systems via this connection.

The same settings are applicable for wireless connections.

Fixed IPv6 addresses

In case your system is a server you may need a fixed IPv6 address other than the one derived from the MAC address. Use Manual to configure such a fixed IPv6 address. When you first use Automatic you can find the values for the Gateway and the DNS. The Network Mask is in most cases /64. Use Additional addresses below Basic Settings if you need more than one fixed address.

Icon-warning.png
Warning: For fixed addresses we assume a stable prefix IPv6 address

On the command line

The best practice is to use YaST to generate the base setting for your network. So here only the parameters that are not changeable by YaST are considered. The parameters mentioned above can be set/changed in the files /etc/sysconfig/network/ifsysctl and /etc/sysconfig/network/ifsysctl-<if>, where <if> is the name of the interface, i.e. eth0, wlan0, etc.

More information on the content of these files and how to use them can be found by giving the command:

$ man ifsysctl

An example of the file /etc/sysconfig/network/ifsysctl is given below. Just remove one # in front of one of these parameters.

# use randomized IPv6 address which has priority in source address of packet
#net.ipv6.conf.$SYSCTL_IF.use_tempaddr = 2
# use randomized IPv6 address, however source address derived from MAC address has priority
#net.ipv6.conf.$SYSCTL_IF.use_tempaddr = 1
# do not use randomized IPv6 address; only address derived from MAC address will be used
#net.ipv6.conf.$SYSCTL_IF.use_tempaddr = 0
# autoconfig is true is the default, must be 1 for the above parameters to have effect
# set autoconf to 0 when a fixed address is used or you get the address from a DHCP6 server
#net.ipv6.conf.$SYSCTL_IF.autoconf = 0

The parameters in ifsysctl changes these parameters for all network devices. If you want to differentiate between interfaces, use ifsysctl-<if>, where <if> is the name of the interface. After changing anything in these parameters, you have to reboot for this to take effect. Obviously you can enter more parameters in this file, but the above are the most important.

See also

Related articles

External links