Package: radvd
Version: 1:1.8.5-1
Severity: important
Tags: ipv6
Hello,
I'm setting up an IPv6-only virtual platform on a debian wheezy, with complex
networking setup and net namespaces.
For doing this, i run a radvd on one of the virtual networks. I experimented on
this platform a use case where the constraint of enforcing ipv6 forwarding when
radvd starts is harmful.
The network where radvd runs is configured with Unique Local Addresses and is
not supposed to be used for sending packets outside of the system.
This looks like the following:
VM1 [ fd00:dead:beef::<EUI64> ] \
VM2 [ fd00:dead:beef::<EUI64> ] --- [ fd00:dead:beef::1 ] Host (forwarding
disabled)
VM3 [ fd00:dead:beef::<EUI64> ] /
This setup is perfectly valid and it is possible to specify in Router
Advertisements that the "router" (in the sense of the node that sends router
advertisements) should not be considered as a default route. In radvd, it is
performed by setting the option "AdvDefaultLifetime" to "0".
The hosts are still able to perform SLAAC on this prefix and knows that it is
not to be used for default route:
root@test:~# ip -6 a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 fd00:dead:beef::5054:ff:fe12:3456/64 scope global dynamic
valid_lft 86341sec preferred_lft 14341sec
inet6 fe80::5054:ff:fe12:3456/64 scope link
valid_lft forever preferred_lft forever
root@test:~# ip -6 r
fd00:dead:beef::/64 dev eth0 proto kernel metric 256 expires 86285sec
fe80::/64 dev eth0 proto kernel metric 256
The RFC is consistent with this behaviour. It states that a node may send
Router Advertisements while having its forwarding capabilities disabled, as
soon as it sets the Router Lifetime field (AdvDefaultLifetime) to zero.
RFC 4861 section 6.2.5:
Note that system management may disable a router's IP forwarding
capability (i.e., changing the system from being a router to being a
host), a step that does not necessarily imply that the router's
interfaces stop being advertising interfaces. In such cases,
subsequent Router Advertisements MUST set the Router Lifetime field
to zero.
As a conclusion, i kindly ask you to consider relaxing the constraint of having
net.ipv6.conf.all.forwarding enabled. It breaks some use cases were disabling
forwarding is intended and legal.
Regards.
Emmanuel Thierry
PS: See below my full radvd configuration
interface virbr1 {
IgnoreIfMissing off;
AdvSendAdvert on;
AdvDefaultLifetime 0;
prefix fd00:dead:beef::1/64 {
AdvOnLink on;
AdvAutonomous on;
};
RDNSS fd00:dead:beef::1 {
};
};
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages radvd depends on:
ii adduser 3.113+nmu3
ii libc6 2.13-38
radvd recommends no packages.
radvd suggests no packages.
-- Configuration Files:
/etc/init.d/radvd changed [not included]
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
