How to setup ipv6 network from Hurricane Electric with fixed address delegation?
Please help with setting up ipv6 network on linux gate. I want to give clients a static ipv6 address from the HE routed 2001:471:70c8::/48 pool. I took the first /64 subnet (2001:471:70c8:1::/64) from there and I want to distribute addresses from there to clients.
ipv6 forwarding is on, ip6tables accept FORWARD. From gate i can ping6 clients and internet, from clients i can ping gate, but cannot ping6 internet.
Tell me please, what am I doing wrong?
radvd:
gate ~ # cat /etc/dhcp/radvd.conf
interface internal_0
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix 2001:471:70c8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
RDNSS 2001:471:70c8:1::1
{
};
DNSSL domain-home.local
{
};
};
dhcpv6
ddns-update-style none;
authoritative;
option dhcp6.name-servers 2001:471:70c8:1::1;
option dhcp6.domain-search "domain-home.local";
default-lease-time 3600;
max-lease-time 14400;
option client-class-information code 97 = string;
deny duplicates;
ping-check true;
update-optimization false;
shared-network "domain-home"
{
interface internal_0;
subnet6 2001:471:70c8:1::/64
{
pool6
{
# Range for clients
range6 2001:471:70c8:1::1 2001:471:70c8:1::fe;
# Range for clients requesting a temporary address
range6 2001:471:70c8:1::/64 temporary;
# Prefix range for delegation to sub-routers
prefix6 2001:471:70c8:1:: 2001:471:70c8:1:: /64;
}
}
}
host spc_94_de_80_7c_8b_ee
{
hardware ethernet 94:de:80:7c:8b:ee;
host-identifier option dhcp6.client-id 00:02:00:00:ab:11:7a:1c:61:eb:ac:c3:f0:f3;
fixed-address6 2001:471:70c8:1::a;
} # Interface name: internal_0 (Internal)
gate:
gate ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: external_kis_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::523e:aaff:fe04:8fb0/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1:96de:80ff:fe6c:66b0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86225sec preferred_lft 14225sec
inet6 2001:471:70c8:1::1/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::96de:80ff:fe6c:66b0/64 scope link
valid_lft forever preferred_lft forever
7: external_he_0@external_kis_0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
inet6 2001:471:1f0a:1880::2/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5bd2:623e/64 scope link
valid_lft forever preferred_lft forever
gate ~ # ip -6 r l
anycast 2001:471:70c8:1:: dev internal_0 proto kernel metric 0 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
2001:471:70c8::/48 dev internal_0 proto ra metric 1024 pref medium
anycast fe80:: dev external_he_0 proto kernel metric 0 pref medium
anycast fe80:: dev external_kis_0 proto kernel metric 0 pref medium
anycast fe80:: dev internal_0 proto kernel metric 0 pref medium
fe80::/64 dev external_he_0 proto kernel metric 256 pref medium
fe80::/64 dev external_kis_0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev external_he_0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default dev external_he_0 proto kernel metric 256 pref medium
default dev internal_0 proto kernel metric 256 pref medium
default via 2001:471:1f0a:1880::1 dev external_he_0 proto static metric 1024 pref medium
client:
spc ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::24df:7f80:e175:c322/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1::a/128 scope global dynamic noprefixroute
valid_lft 3592sec preferred_lft 2242sec
inet6 2001:471:70c8:1:96de:80ff:fe7c:8bee/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 2001:471:70c8:1:7aed:e36d:f089:ad33/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::b492:58c4:b12d:b2e0/64 scope link
valid_lft forever preferred_lft forever
spc ~ # ip -6 r l
2001:471:70c8:1::/64 dev internal_0 proto ra metric 203 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
fe80::/64 dev dummy0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev dummy0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 203 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 1024 pref medium
And here it is also interesting. I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
upd: tunnel and gate interfaces configuration
gate ~ # cat /etc/systemd/network/external_he_0.network
[Match]
Name=external_he_0
[Network]
Address=2001:471:1f0a:1880::2
Gateway=2001:471:1f0a:1880::1
gate ~ # cat /etc/systemd/network/external_he_0.netdev
[Match]
[NetDev]
Name=external_he_0
Kind=sit
MTUBytes=1480
[Tunnel]
Local=91.200.98.62
Remote=216.66.80.30
TTL=255
gate ~ # cat /etc/systemd/network/internal_0.network
[Match]
Name=internal_0
MACAddress=94:de:80:6c:66:b0
[Network]
Description=Internal
DHCP=no
Address=10.100.100.1
Address=2001:471:70c8:1::1
Domains=domain-home.local
gate ~ # cat /etc/systemd/network/external_kis_0.network
[Match]
Name=external_kis_0
MACAddress=50:3e:aa:04:8f:b0
[Network]
Description=External KIS
DHCP=no
Address=91.200.98.62
Gateway=91.200.98.61
Tunnel=external_he_0
linux networking ipv6 dhcp-server radvd
asked Dec 31 '18 at 20:23
SheridanSheridan
1084
add a comment |
Please help with setting up ipv6 network on linux gate. I want to give clients a static ipv6 address from the HE routed 2001:471:70c8::/48 pool. I took the first /64 subnet (2001:471:70c8:1::/64) from there and I want to distribute addresses from there to clients.
ipv6 forwarding is on, ip6tables accept FORWARD. From gate i can ping6 clients and internet, from clients i can ping gate, but cannot ping6 internet.
Tell me please, what am I doing wrong?
radvd:
gate ~ # cat /etc/dhcp/radvd.conf
interface internal_0
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix 2001:471:70c8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
RDNSS 2001:471:70c8:1::1
{
};
DNSSL domain-home.local
{
};
};
dhcpv6
ddns-update-style none;
authoritative;
option dhcp6.name-servers 2001:471:70c8:1::1;
option dhcp6.domain-search "domain-home.local";
default-lease-time 3600;
max-lease-time 14400;
option client-class-information code 97 = string;
deny duplicates;
ping-check true;
update-optimization false;
shared-network "domain-home"
{
interface internal_0;
subnet6 2001:471:70c8:1::/64
{
pool6
{
# Range for clients
range6 2001:471:70c8:1::1 2001:471:70c8:1::fe;
# Range for clients requesting a temporary address
range6 2001:471:70c8:1::/64 temporary;
# Prefix range for delegation to sub-routers
prefix6 2001:471:70c8:1:: 2001:471:70c8:1:: /64;
}
}
}
host spc_94_de_80_7c_8b_ee
{
hardware ethernet 94:de:80:7c:8b:ee;
host-identifier option dhcp6.client-id 00:02:00:00:ab:11:7a:1c:61:eb:ac:c3:f0:f3;
fixed-address6 2001:471:70c8:1::a;
} # Interface name: internal_0 (Internal)
gate:
gate ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: external_kis_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::523e:aaff:fe04:8fb0/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1:96de:80ff:fe6c:66b0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86225sec preferred_lft 14225sec
inet6 2001:471:70c8:1::1/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::96de:80ff:fe6c:66b0/64 scope link
valid_lft forever preferred_lft forever
7: external_he_0@external_kis_0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
inet6 2001:471:1f0a:1880::2/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5bd2:623e/64 scope link
valid_lft forever preferred_lft forever
gate ~ # ip -6 r l
anycast 2001:471:70c8:1:: dev internal_0 proto kernel metric 0 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
2001:471:70c8::/48 dev internal_0 proto ra metric 1024 pref medium
anycast fe80:: dev external_he_0 proto kernel metric 0 pref medium
anycast fe80:: dev external_kis_0 proto kernel metric 0 pref medium
anycast fe80:: dev internal_0 proto kernel metric 0 pref medium
fe80::/64 dev external_he_0 proto kernel metric 256 pref medium
fe80::/64 dev external_kis_0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev external_he_0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default dev external_he_0 proto kernel metric 256 pref medium
default dev internal_0 proto kernel metric 256 pref medium
default via 2001:471:1f0a:1880::1 dev external_he_0 proto static metric 1024 pref medium
client:
spc ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::24df:7f80:e175:c322/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1::a/128 scope global dynamic noprefixroute
valid_lft 3592sec preferred_lft 2242sec
inet6 2001:471:70c8:1:96de:80ff:fe7c:8bee/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 2001:471:70c8:1:7aed:e36d:f089:ad33/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::b492:58c4:b12d:b2e0/64 scope link
valid_lft forever preferred_lft forever
spc ~ # ip -6 r l
2001:471:70c8:1::/64 dev internal_0 proto ra metric 203 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
fe80::/64 dev dummy0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev dummy0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 203 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 1024 pref medium
And here it is also interesting. I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
upd: tunnel and gate interfaces configuration
gate ~ # cat /etc/systemd/network/external_he_0.network
[Match]
Name=external_he_0
[Network]
Address=2001:471:1f0a:1880::2
Gateway=2001:471:1f0a:1880::1
gate ~ # cat /etc/systemd/network/external_he_0.netdev
[Match]
[NetDev]
Name=external_he_0
Kind=sit
MTUBytes=1480
[Tunnel]
Local=91.200.98.62
Remote=216.66.80.30
TTL=255
gate ~ # cat /etc/systemd/network/internal_0.network
[Match]
Name=internal_0
MACAddress=94:de:80:6c:66:b0
[Network]
Description=Internal
DHCP=no
Address=10.100.100.1
Address=2001:471:70c8:1::1
Domains=domain-home.local
gate ~ # cat /etc/systemd/network/external_kis_0.network
[Match]
Name=external_kis_0
MACAddress=50:3e:aa:04:8f:b0
[Network]
Description=External KIS
DHCP=no
Address=91.200.98.62
Gateway=91.200.98.61
Tunnel=external_he_0
linux networking ipv6 dhcp-server radvd
asked Dec 31 '18 at 20:23
SheridanSheridan
1084
1
Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?
– grawity
Dec 31 '18 at 20:27
It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)
– Sheridan
Dec 31 '18 at 20:43
add a comment |
Please help with setting up ipv6 network on linux gate. I want to give clients a static ipv6 address from the HE routed 2001:471:70c8::/48 pool. I took the first /64 subnet (2001:471:70c8:1::/64) from there and I want to distribute addresses from there to clients.
ipv6 forwarding is on, ip6tables accept FORWARD. From gate i can ping6 clients and internet, from clients i can ping gate, but cannot ping6 internet.
Tell me please, what am I doing wrong?
radvd:
gate ~ # cat /etc/dhcp/radvd.conf
interface internal_0
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix 2001:471:70c8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
RDNSS 2001:471:70c8:1::1
{
};
DNSSL domain-home.local
{
};
};
dhcpv6
ddns-update-style none;
authoritative;
option dhcp6.name-servers 2001:471:70c8:1::1;
option dhcp6.domain-search "domain-home.local";
default-lease-time 3600;
max-lease-time 14400;
option client-class-information code 97 = string;
deny duplicates;
ping-check true;
update-optimization false;
shared-network "domain-home"
{
interface internal_0;
subnet6 2001:471:70c8:1::/64
{
pool6
{
# Range for clients
range6 2001:471:70c8:1::1 2001:471:70c8:1::fe;
# Range for clients requesting a temporary address
range6 2001:471:70c8:1::/64 temporary;
# Prefix range for delegation to sub-routers
prefix6 2001:471:70c8:1:: 2001:471:70c8:1:: /64;
}
}
}
host spc_94_de_80_7c_8b_ee
{
hardware ethernet 94:de:80:7c:8b:ee;
host-identifier option dhcp6.client-id 00:02:00:00:ab:11:7a:1c:61:eb:ac:c3:f0:f3;
fixed-address6 2001:471:70c8:1::a;
} # Interface name: internal_0 (Internal)
gate:
gate ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: external_kis_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::523e:aaff:fe04:8fb0/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1:96de:80ff:fe6c:66b0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86225sec preferred_lft 14225sec
inet6 2001:471:70c8:1::1/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::96de:80ff:fe6c:66b0/64 scope link
valid_lft forever preferred_lft forever
7: external_he_0@external_kis_0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
inet6 2001:471:1f0a:1880::2/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5bd2:623e/64 scope link
valid_lft forever preferred_lft forever
gate ~ # ip -6 r l
anycast 2001:471:70c8:1:: dev internal_0 proto kernel metric 0 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
2001:471:70c8::/48 dev internal_0 proto ra metric 1024 pref medium
anycast fe80:: dev external_he_0 proto kernel metric 0 pref medium
anycast fe80:: dev external_kis_0 proto kernel metric 0 pref medium
anycast fe80:: dev internal_0 proto kernel metric 0 pref medium
fe80::/64 dev external_he_0 proto kernel metric 256 pref medium
fe80::/64 dev external_kis_0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev external_he_0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default dev external_he_0 proto kernel metric 256 pref medium
default dev internal_0 proto kernel metric 256 pref medium
default via 2001:471:1f0a:1880::1 dev external_he_0 proto static metric 1024 pref medium
client:
spc ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::24df:7f80:e175:c322/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1::a/128 scope global dynamic noprefixroute
valid_lft 3592sec preferred_lft 2242sec
inet6 2001:471:70c8:1:96de:80ff:fe7c:8bee/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 2001:471:70c8:1:7aed:e36d:f089:ad33/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::b492:58c4:b12d:b2e0/64 scope link
valid_lft forever preferred_lft forever
spc ~ # ip -6 r l
2001:471:70c8:1::/64 dev internal_0 proto ra metric 203 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
fe80::/64 dev dummy0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev dummy0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 203 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 1024 pref medium
And here it is also interesting. I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
upd: tunnel and gate interfaces configuration
gate ~ # cat /etc/systemd/network/external_he_0.network
[Match]
Name=external_he_0
[Network]
Address=2001:471:1f0a:1880::2
Gateway=2001:471:1f0a:1880::1
gate ~ # cat /etc/systemd/network/external_he_0.netdev
[Match]
[NetDev]
Name=external_he_0
Kind=sit
MTUBytes=1480
[Tunnel]
Local=91.200.98.62
Remote=216.66.80.30
TTL=255
gate ~ # cat /etc/systemd/network/internal_0.network
[Match]
Name=internal_0
MACAddress=94:de:80:6c:66:b0
[Network]
Description=Internal
DHCP=no
Address=10.100.100.1
Address=2001:471:70c8:1::1
Domains=domain-home.local
gate ~ # cat /etc/systemd/network/external_kis_0.network
[Match]
Name=external_kis_0
MACAddress=50:3e:aa:04:8f:b0
[Network]
Description=External KIS
DHCP=no
Address=91.200.98.62
Gateway=91.200.98.61
Tunnel=external_he_0
linux networking ipv6 dhcp-server radvd
asked Dec 31 '18 at 20:23
SheridanSheridan
1084
Please help with setting up ipv6 network on linux gate. I want to give clients a static ipv6 address from the HE routed 2001:471:70c8::/48 pool. I took the first /64 subnet (2001:471:70c8:1::/64) from there and I want to distribute addresses from there to clients.
ipv6 forwarding is on, ip6tables accept FORWARD. From gate i can ping6 clients and internet, from clients i can ping gate, but cannot ping6 internet.
Tell me please, what am I doing wrong?
radvd:
gate ~ # cat /etc/dhcp/radvd.conf
interface internal_0
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix 2001:471:70c8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
RDNSS 2001:471:70c8:1::1
{
};
DNSSL domain-home.local
{
};
};
dhcpv6
ddns-update-style none;
authoritative;
option dhcp6.name-servers 2001:471:70c8:1::1;
option dhcp6.domain-search "domain-home.local";
default-lease-time 3600;
max-lease-time 14400;
option client-class-information code 97 = string;
deny duplicates;
ping-check true;
update-optimization false;
shared-network "domain-home"
{
interface internal_0;
subnet6 2001:471:70c8:1::/64
{
pool6
{
# Range for clients
range6 2001:471:70c8:1::1 2001:471:70c8:1::fe;
# Range for clients requesting a temporary address
range6 2001:471:70c8:1::/64 temporary;
# Prefix range for delegation to sub-routers
prefix6 2001:471:70c8:1:: 2001:471:70c8:1:: /64;
}
}
}
host spc_94_de_80_7c_8b_ee
{
hardware ethernet 94:de:80:7c:8b:ee;
host-identifier option dhcp6.client-id 00:02:00:00:ab:11:7a:1c:61:eb:ac:c3:f0:f3;
fixed-address6 2001:471:70c8:1::a;
} # Interface name: internal_0 (Internal)
gate:
gate ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: external_kis_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::523e:aaff:fe04:8fb0/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1:96de:80ff:fe6c:66b0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86225sec preferred_lft 14225sec
inet6 2001:471:70c8:1::1/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::96de:80ff:fe6c:66b0/64 scope link
valid_lft forever preferred_lft forever
7: external_he_0@external_kis_0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
inet6 2001:471:1f0a:1880::2/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5bd2:623e/64 scope link
valid_lft forever preferred_lft forever
gate ~ # ip -6 r l
anycast 2001:471:70c8:1:: dev internal_0 proto kernel metric 0 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
2001:471:70c8::/48 dev internal_0 proto ra metric 1024 pref medium
anycast fe80:: dev external_he_0 proto kernel metric 0 pref medium
anycast fe80:: dev external_kis_0 proto kernel metric 0 pref medium
anycast fe80:: dev internal_0 proto kernel metric 0 pref medium
fe80::/64 dev external_he_0 proto kernel metric 256 pref medium
fe80::/64 dev external_kis_0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev external_he_0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default dev external_he_0 proto kernel metric 256 pref medium
default dev internal_0 proto kernel metric 256 pref medium
default via 2001:471:1f0a:1880::1 dev external_he_0 proto static metric 1024 pref medium
client:
spc ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::24df:7f80:e175:c322/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1::a/128 scope global dynamic noprefixroute
valid_lft 3592sec preferred_lft 2242sec
inet6 2001:471:70c8:1:96de:80ff:fe7c:8bee/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 2001:471:70c8:1:7aed:e36d:f089:ad33/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::b492:58c4:b12d:b2e0/64 scope link
valid_lft forever preferred_lft forever
spc ~ # ip -6 r l
2001:471:70c8:1::/64 dev internal_0 proto ra metric 203 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
fe80::/64 dev dummy0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev dummy0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 203 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 1024 pref medium
And here it is also interesting. I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
upd: tunnel and gate interfaces configuration
gate ~ # cat /etc/systemd/network/external_he_0.network
[Match]
Name=external_he_0
[Network]
Address=2001:471:1f0a:1880::2
Gateway=2001:471:1f0a:1880::1
gate ~ # cat /etc/systemd/network/external_he_0.netdev
[Match]
[NetDev]
Name=external_he_0
Kind=sit
MTUBytes=1480
[Tunnel]
Local=91.200.98.62
Remote=216.66.80.30
TTL=255
gate ~ # cat /etc/systemd/network/internal_0.network
[Match]
Name=internal_0
MACAddress=94:de:80:6c:66:b0
[Network]
Description=Internal
DHCP=no
Address=10.100.100.1
Address=2001:471:70c8:1::1
Domains=domain-home.local
gate ~ # cat /etc/systemd/network/external_kis_0.network
[Match]
Name=external_kis_0
MACAddress=50:3e:aa:04:8f:b0
[Network]
Description=External KIS
DHCP=no
Address=91.200.98.62
Gateway=91.200.98.61
Tunnel=external_he_0
linux networking ipv6 dhcp-server radvd
linux networking ipv6 dhcp-server radvd
asked Dec 31 '18 at 20:23
SheridanSheridan
1084
asked Dec 31 '18 at 20:23
SheridanSheridan
1084
edited Dec 31 '18 at 20:41
Sheridan
asked Dec 31 '18 at 20:23
SheridanSheridan
1084
asked Dec 31 '18 at 20:23
SheridanSheridan
1084
asked Dec 31 '18 at 20:23
SheridanSheridan
1084
1084
1
Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?
– grawity
Dec 31 '18 at 20:27
It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)
– Sheridan
Dec 31 '18 at 20:43
add a comment |
1
Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?
– grawity
Dec 31 '18 at 20:27
It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)
– Sheridan
Dec 31 '18 at 20:43
1
1
Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?
– grawity
Dec 31 '18 at 20:27
Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?
– grawity
Dec 31 '18 at 20:27
It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)
– Sheridan
Dec 31 '18 at 20:43
It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)
– Sheridan
Dec 31 '18 at 20:43
add a comment |
1 Answer
1
active
oldest
votes
3: internal_0:
inet6 2001:471:70c8:1::1/0 scope global
Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.
Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)
Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).
Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.
I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.
(The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)
answered Dec 31 '18 at 20:43
grawitygrawity
237k37503557
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389374%2fhow-to-setup-ipv6-network-from-hurricane-electric-with-fixed-address-delegation%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
3: internal_0:
inet6 2001:471:70c8:1::1/0 scope global
Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.
Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)
Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).
Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.
I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.
(The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)
answered Dec 31 '18 at 20:43
grawitygrawity
237k37503557
add a comment |
3: internal_0:
inet6 2001:471:70c8:1::1/0 scope global
Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.
Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)
Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).
Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.
I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.
(The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)
answered Dec 31 '18 at 20:43
grawitygrawity
237k37503557
add a comment |
3: internal_0:
inet6 2001:471:70c8:1::1/0 scope global
Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.
Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)
Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).
Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.
I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.
(The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)
answered Dec 31 '18 at 20:43
grawitygrawity
237k37503557
3: internal_0:
inet6 2001:471:70c8:1::1/0 scope global
Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.
Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)
Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).
Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.
I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?
DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.
(The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)
answered Dec 31 '18 at 20:43
grawitygrawity
237k37503557
answered Dec 31 '18 at 20:43
grawitygrawity
237k37503557
answered Dec 31 '18 at 20:43
grawitygrawity
237k37503557
answered Dec 31 '18 at 20:43
grawitygrawity
237k37503557
237k37503557
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389374%2fhow-to-setup-ipv6-network-from-hurricane-electric-with-fixed-address-delegation%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?
– grawity
Dec 31 '18 at 20:27
It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)
– Sheridan
Dec 31 '18 at 20:43