How to setup ipv6 network from Hurricane Electric with fixed address delegation?












1















Please help with setting up ipv6 network on linux gate. I want to give clients a static ipv6 address from the HE routed 2001:471:70c8::/48 pool. I took the first /64 subnet (2001:471:70c8:1::/64) from there and I want to distribute addresses from there to clients.



ipv6 forwarding is on, ip6tables accept FORWARD. From gate i can ping6 clients and internet, from clients i can ping gate, but cannot ping6 internet.
Tell me please, what am I doing wrong?



radvd:



gate ~ # cat /etc/dhcp/radvd.conf          

interface internal_0
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;

prefix 2001:471:70c8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

RDNSS 2001:471:70c8:1::1
{
};

DNSSL domain-home.local
{
};
};


dhcpv6



ddns-update-style none;
authoritative;
option dhcp6.name-servers 2001:471:70c8:1::1;
option dhcp6.domain-search "domain-home.local";
default-lease-time 3600;
max-lease-time 14400;
option client-class-information code 97 = string;
deny duplicates;
ping-check true;
update-optimization false;

shared-network "domain-home"
{
interface internal_0;
subnet6 2001:471:70c8:1::/64
{
pool6
{
# Range for clients
range6 2001:471:70c8:1::1 2001:471:70c8:1::fe;

# Range for clients requesting a temporary address
range6 2001:471:70c8:1::/64 temporary;

# Prefix range for delegation to sub-routers
prefix6 2001:471:70c8:1:: 2001:471:70c8:1:: /64;
}
}
}

host spc_94_de_80_7c_8b_ee
{
hardware ethernet 94:de:80:7c:8b:ee;
host-identifier option dhcp6.client-id 00:02:00:00:ab:11:7a:1c:61:eb:ac:c3:f0:f3;
fixed-address6 2001:471:70c8:1::a;
} # Interface name: internal_0 (Internal)


gate:



gate ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: external_kis_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::523e:aaff:fe04:8fb0/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1:96de:80ff:fe6c:66b0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86225sec preferred_lft 14225sec
inet6 2001:471:70c8:1::1/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::96de:80ff:fe6c:66b0/64 scope link
valid_lft forever preferred_lft forever
7: external_he_0@external_kis_0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
inet6 2001:471:1f0a:1880::2/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5bd2:623e/64 scope link
valid_lft forever preferred_lft forever
gate ~ # ip -6 r l
anycast 2001:471:70c8:1:: dev internal_0 proto kernel metric 0 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
2001:471:70c8::/48 dev internal_0 proto ra metric 1024 pref medium
anycast fe80:: dev external_he_0 proto kernel metric 0 pref medium
anycast fe80:: dev external_kis_0 proto kernel metric 0 pref medium
anycast fe80:: dev internal_0 proto kernel metric 0 pref medium
fe80::/64 dev external_he_0 proto kernel metric 256 pref medium
fe80::/64 dev external_kis_0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev external_he_0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default dev external_he_0 proto kernel metric 256 pref medium
default dev internal_0 proto kernel metric 256 pref medium
default via 2001:471:1f0a:1880::1 dev external_he_0 proto static metric 1024 pref medium


client:



spc ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::24df:7f80:e175:c322/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1::a/128 scope global dynamic noprefixroute
valid_lft 3592sec preferred_lft 2242sec
inet6 2001:471:70c8:1:96de:80ff:fe7c:8bee/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 2001:471:70c8:1:7aed:e36d:f089:ad33/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::b492:58c4:b12d:b2e0/64 scope link
valid_lft forever preferred_lft forever
spc ~ # ip -6 r l
2001:471:70c8:1::/64 dev internal_0 proto ra metric 203 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
fe80::/64 dev dummy0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev dummy0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 203 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 1024 pref medium


And here it is also interesting. I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?



upd: tunnel and gate interfaces configuration



gate ~ # cat /etc/systemd/network/external_he_0.network 
[Match]
Name=external_he_0

[Network]
Address=2001:471:1f0a:1880::2
Gateway=2001:471:1f0a:1880::1

gate ~ # cat /etc/systemd/network/external_he_0.netdev
[Match]

[NetDev]
Name=external_he_0
Kind=sit
MTUBytes=1480

[Tunnel]
Local=91.200.98.62
Remote=216.66.80.30
TTL=255

gate ~ # cat /etc/systemd/network/internal_0.network
[Match]
Name=internal_0
MACAddress=94:de:80:6c:66:b0

[Network]
Description=Internal
DHCP=no
Address=10.100.100.1
Address=2001:471:70c8:1::1
Domains=domain-home.local

gate ~ # cat /etc/systemd/network/external_kis_0.network
[Match]
Name=external_kis_0
MACAddress=50:3e:aa:04:8f:b0

[Network]
Description=External KIS
DHCP=no
Address=91.200.98.62
Gateway=91.200.98.61
Tunnel=external_he_0









share|improve this question




















  • 1





    Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?

    – grawity
    Dec 31 '18 at 20:27













  • It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)

    – Sheridan
    Dec 31 '18 at 20:43
















1















Please help with setting up ipv6 network on linux gate. I want to give clients a static ipv6 address from the HE routed 2001:471:70c8::/48 pool. I took the first /64 subnet (2001:471:70c8:1::/64) from there and I want to distribute addresses from there to clients.



ipv6 forwarding is on, ip6tables accept FORWARD. From gate i can ping6 clients and internet, from clients i can ping gate, but cannot ping6 internet.
Tell me please, what am I doing wrong?



radvd:



gate ~ # cat /etc/dhcp/radvd.conf          

interface internal_0
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;

prefix 2001:471:70c8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

RDNSS 2001:471:70c8:1::1
{
};

DNSSL domain-home.local
{
};
};


dhcpv6



ddns-update-style none;
authoritative;
option dhcp6.name-servers 2001:471:70c8:1::1;
option dhcp6.domain-search "domain-home.local";
default-lease-time 3600;
max-lease-time 14400;
option client-class-information code 97 = string;
deny duplicates;
ping-check true;
update-optimization false;

shared-network "domain-home"
{
interface internal_0;
subnet6 2001:471:70c8:1::/64
{
pool6
{
# Range for clients
range6 2001:471:70c8:1::1 2001:471:70c8:1::fe;

# Range for clients requesting a temporary address
range6 2001:471:70c8:1::/64 temporary;

# Prefix range for delegation to sub-routers
prefix6 2001:471:70c8:1:: 2001:471:70c8:1:: /64;
}
}
}

host spc_94_de_80_7c_8b_ee
{
hardware ethernet 94:de:80:7c:8b:ee;
host-identifier option dhcp6.client-id 00:02:00:00:ab:11:7a:1c:61:eb:ac:c3:f0:f3;
fixed-address6 2001:471:70c8:1::a;
} # Interface name: internal_0 (Internal)


gate:



gate ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: external_kis_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::523e:aaff:fe04:8fb0/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1:96de:80ff:fe6c:66b0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86225sec preferred_lft 14225sec
inet6 2001:471:70c8:1::1/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::96de:80ff:fe6c:66b0/64 scope link
valid_lft forever preferred_lft forever
7: external_he_0@external_kis_0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
inet6 2001:471:1f0a:1880::2/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5bd2:623e/64 scope link
valid_lft forever preferred_lft forever
gate ~ # ip -6 r l
anycast 2001:471:70c8:1:: dev internal_0 proto kernel metric 0 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
2001:471:70c8::/48 dev internal_0 proto ra metric 1024 pref medium
anycast fe80:: dev external_he_0 proto kernel metric 0 pref medium
anycast fe80:: dev external_kis_0 proto kernel metric 0 pref medium
anycast fe80:: dev internal_0 proto kernel metric 0 pref medium
fe80::/64 dev external_he_0 proto kernel metric 256 pref medium
fe80::/64 dev external_kis_0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev external_he_0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default dev external_he_0 proto kernel metric 256 pref medium
default dev internal_0 proto kernel metric 256 pref medium
default via 2001:471:1f0a:1880::1 dev external_he_0 proto static metric 1024 pref medium


client:



spc ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::24df:7f80:e175:c322/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1::a/128 scope global dynamic noprefixroute
valid_lft 3592sec preferred_lft 2242sec
inet6 2001:471:70c8:1:96de:80ff:fe7c:8bee/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 2001:471:70c8:1:7aed:e36d:f089:ad33/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::b492:58c4:b12d:b2e0/64 scope link
valid_lft forever preferred_lft forever
spc ~ # ip -6 r l
2001:471:70c8:1::/64 dev internal_0 proto ra metric 203 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
fe80::/64 dev dummy0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev dummy0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 203 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 1024 pref medium


And here it is also interesting. I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?



upd: tunnel and gate interfaces configuration



gate ~ # cat /etc/systemd/network/external_he_0.network 
[Match]
Name=external_he_0

[Network]
Address=2001:471:1f0a:1880::2
Gateway=2001:471:1f0a:1880::1

gate ~ # cat /etc/systemd/network/external_he_0.netdev
[Match]

[NetDev]
Name=external_he_0
Kind=sit
MTUBytes=1480

[Tunnel]
Local=91.200.98.62
Remote=216.66.80.30
TTL=255

gate ~ # cat /etc/systemd/network/internal_0.network
[Match]
Name=internal_0
MACAddress=94:de:80:6c:66:b0

[Network]
Description=Internal
DHCP=no
Address=10.100.100.1
Address=2001:471:70c8:1::1
Domains=domain-home.local

gate ~ # cat /etc/systemd/network/external_kis_0.network
[Match]
Name=external_kis_0
MACAddress=50:3e:aa:04:8f:b0

[Network]
Description=External KIS
DHCP=no
Address=91.200.98.62
Gateway=91.200.98.61
Tunnel=external_he_0









share|improve this question




















  • 1





    Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?

    – grawity
    Dec 31 '18 at 20:27













  • It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)

    – Sheridan
    Dec 31 '18 at 20:43














1












1








1








Please help with setting up ipv6 network on linux gate. I want to give clients a static ipv6 address from the HE routed 2001:471:70c8::/48 pool. I took the first /64 subnet (2001:471:70c8:1::/64) from there and I want to distribute addresses from there to clients.



ipv6 forwarding is on, ip6tables accept FORWARD. From gate i can ping6 clients and internet, from clients i can ping gate, but cannot ping6 internet.
Tell me please, what am I doing wrong?



radvd:



gate ~ # cat /etc/dhcp/radvd.conf          

interface internal_0
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;

prefix 2001:471:70c8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

RDNSS 2001:471:70c8:1::1
{
};

DNSSL domain-home.local
{
};
};


dhcpv6



ddns-update-style none;
authoritative;
option dhcp6.name-servers 2001:471:70c8:1::1;
option dhcp6.domain-search "domain-home.local";
default-lease-time 3600;
max-lease-time 14400;
option client-class-information code 97 = string;
deny duplicates;
ping-check true;
update-optimization false;

shared-network "domain-home"
{
interface internal_0;
subnet6 2001:471:70c8:1::/64
{
pool6
{
# Range for clients
range6 2001:471:70c8:1::1 2001:471:70c8:1::fe;

# Range for clients requesting a temporary address
range6 2001:471:70c8:1::/64 temporary;

# Prefix range for delegation to sub-routers
prefix6 2001:471:70c8:1:: 2001:471:70c8:1:: /64;
}
}
}

host spc_94_de_80_7c_8b_ee
{
hardware ethernet 94:de:80:7c:8b:ee;
host-identifier option dhcp6.client-id 00:02:00:00:ab:11:7a:1c:61:eb:ac:c3:f0:f3;
fixed-address6 2001:471:70c8:1::a;
} # Interface name: internal_0 (Internal)


gate:



gate ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: external_kis_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::523e:aaff:fe04:8fb0/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1:96de:80ff:fe6c:66b0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86225sec preferred_lft 14225sec
inet6 2001:471:70c8:1::1/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::96de:80ff:fe6c:66b0/64 scope link
valid_lft forever preferred_lft forever
7: external_he_0@external_kis_0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
inet6 2001:471:1f0a:1880::2/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5bd2:623e/64 scope link
valid_lft forever preferred_lft forever
gate ~ # ip -6 r l
anycast 2001:471:70c8:1:: dev internal_0 proto kernel metric 0 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
2001:471:70c8::/48 dev internal_0 proto ra metric 1024 pref medium
anycast fe80:: dev external_he_0 proto kernel metric 0 pref medium
anycast fe80:: dev external_kis_0 proto kernel metric 0 pref medium
anycast fe80:: dev internal_0 proto kernel metric 0 pref medium
fe80::/64 dev external_he_0 proto kernel metric 256 pref medium
fe80::/64 dev external_kis_0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev external_he_0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default dev external_he_0 proto kernel metric 256 pref medium
default dev internal_0 proto kernel metric 256 pref medium
default via 2001:471:1f0a:1880::1 dev external_he_0 proto static metric 1024 pref medium


client:



spc ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::24df:7f80:e175:c322/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1::a/128 scope global dynamic noprefixroute
valid_lft 3592sec preferred_lft 2242sec
inet6 2001:471:70c8:1:96de:80ff:fe7c:8bee/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 2001:471:70c8:1:7aed:e36d:f089:ad33/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::b492:58c4:b12d:b2e0/64 scope link
valid_lft forever preferred_lft forever
spc ~ # ip -6 r l
2001:471:70c8:1::/64 dev internal_0 proto ra metric 203 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
fe80::/64 dev dummy0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev dummy0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 203 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 1024 pref medium


And here it is also interesting. I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?



upd: tunnel and gate interfaces configuration



gate ~ # cat /etc/systemd/network/external_he_0.network 
[Match]
Name=external_he_0

[Network]
Address=2001:471:1f0a:1880::2
Gateway=2001:471:1f0a:1880::1

gate ~ # cat /etc/systemd/network/external_he_0.netdev
[Match]

[NetDev]
Name=external_he_0
Kind=sit
MTUBytes=1480

[Tunnel]
Local=91.200.98.62
Remote=216.66.80.30
TTL=255

gate ~ # cat /etc/systemd/network/internal_0.network
[Match]
Name=internal_0
MACAddress=94:de:80:6c:66:b0

[Network]
Description=Internal
DHCP=no
Address=10.100.100.1
Address=2001:471:70c8:1::1
Domains=domain-home.local

gate ~ # cat /etc/systemd/network/external_kis_0.network
[Match]
Name=external_kis_0
MACAddress=50:3e:aa:04:8f:b0

[Network]
Description=External KIS
DHCP=no
Address=91.200.98.62
Gateway=91.200.98.61
Tunnel=external_he_0









share|improve this question
















Please help with setting up ipv6 network on linux gate. I want to give clients a static ipv6 address from the HE routed 2001:471:70c8::/48 pool. I took the first /64 subnet (2001:471:70c8:1::/64) from there and I want to distribute addresses from there to clients.



ipv6 forwarding is on, ip6tables accept FORWARD. From gate i can ping6 clients and internet, from clients i can ping gate, but cannot ping6 internet.
Tell me please, what am I doing wrong?



radvd:



gate ~ # cat /etc/dhcp/radvd.conf          

interface internal_0
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;

prefix 2001:471:70c8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

RDNSS 2001:471:70c8:1::1
{
};

DNSSL domain-home.local
{
};
};


dhcpv6



ddns-update-style none;
authoritative;
option dhcp6.name-servers 2001:471:70c8:1::1;
option dhcp6.domain-search "domain-home.local";
default-lease-time 3600;
max-lease-time 14400;
option client-class-information code 97 = string;
deny duplicates;
ping-check true;
update-optimization false;

shared-network "domain-home"
{
interface internal_0;
subnet6 2001:471:70c8:1::/64
{
pool6
{
# Range for clients
range6 2001:471:70c8:1::1 2001:471:70c8:1::fe;

# Range for clients requesting a temporary address
range6 2001:471:70c8:1::/64 temporary;

# Prefix range for delegation to sub-routers
prefix6 2001:471:70c8:1:: 2001:471:70c8:1:: /64;
}
}
}

host spc_94_de_80_7c_8b_ee
{
hardware ethernet 94:de:80:7c:8b:ee;
host-identifier option dhcp6.client-id 00:02:00:00:ab:11:7a:1c:61:eb:ac:c3:f0:f3;
fixed-address6 2001:471:70c8:1::a;
} # Interface name: internal_0 (Internal)


gate:



gate ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: external_kis_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::523e:aaff:fe04:8fb0/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1:96de:80ff:fe6c:66b0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86225sec preferred_lft 14225sec
inet6 2001:471:70c8:1::1/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::96de:80ff:fe6c:66b0/64 scope link
valid_lft forever preferred_lft forever
7: external_he_0@external_kis_0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
inet6 2001:471:1f0a:1880::2/0 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5bd2:623e/64 scope link
valid_lft forever preferred_lft forever
gate ~ # ip -6 r l
anycast 2001:471:70c8:1:: dev internal_0 proto kernel metric 0 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
2001:471:70c8::/48 dev internal_0 proto ra metric 1024 pref medium
anycast fe80:: dev external_he_0 proto kernel metric 0 pref medium
anycast fe80:: dev external_kis_0 proto kernel metric 0 pref medium
anycast fe80:: dev internal_0 proto kernel metric 0 pref medium
fe80::/64 dev external_he_0 proto kernel metric 256 pref medium
fe80::/64 dev external_kis_0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev external_he_0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default dev external_he_0 proto kernel metric 256 pref medium
default dev internal_0 proto kernel metric 256 pref medium
default via 2001:471:1f0a:1880::1 dev external_he_0 proto static metric 1024 pref medium


client:



spc ~ # ip -6 a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fe80::24df:7f80:e175:c322/64 scope link
valid_lft forever preferred_lft forever
3: internal_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2001:471:70c8:1::a/128 scope global dynamic noprefixroute
valid_lft 3592sec preferred_lft 2242sec
inet6 2001:471:70c8:1:96de:80ff:fe7c:8bee/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 2001:471:70c8:1:7aed:e36d:f089:ad33/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fe80::b492:58c4:b12d:b2e0/64 scope link
valid_lft forever preferred_lft forever
spc ~ # ip -6 r l
2001:471:70c8:1::/64 dev internal_0 proto ra metric 203 pref medium
2001:471:70c8:1::/64 dev internal_0 proto ra metric 1024 pref medium
fe80::/64 dev dummy0 proto kernel metric 256 pref medium
fe80::/64 dev internal_0 proto kernel metric 256 pref medium
ff00::/8 dev dummy0 metric 256 pref medium
ff00::/8 dev internal_0 metric 256 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 203 pref medium
default via fe80::96de:80ff:fe6c:66b0 dev internal_0 proto ra metric 1024 pref medium


And here it is also interesting. I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?



upd: tunnel and gate interfaces configuration



gate ~ # cat /etc/systemd/network/external_he_0.network 
[Match]
Name=external_he_0

[Network]
Address=2001:471:1f0a:1880::2
Gateway=2001:471:1f0a:1880::1

gate ~ # cat /etc/systemd/network/external_he_0.netdev
[Match]

[NetDev]
Name=external_he_0
Kind=sit
MTUBytes=1480

[Tunnel]
Local=91.200.98.62
Remote=216.66.80.30
TTL=255

gate ~ # cat /etc/systemd/network/internal_0.network
[Match]
Name=internal_0
MACAddress=94:de:80:6c:66:b0

[Network]
Description=Internal
DHCP=no
Address=10.100.100.1
Address=2001:471:70c8:1::1
Domains=domain-home.local

gate ~ # cat /etc/systemd/network/external_kis_0.network
[Match]
Name=external_kis_0
MACAddress=50:3e:aa:04:8f:b0

[Network]
Description=External KIS
DHCP=no
Address=91.200.98.62
Gateway=91.200.98.61
Tunnel=external_he_0






linux networking ipv6 dhcp-server radvd






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 31 '18 at 20:41







Sheridan

















asked Dec 31 '18 at 20:23









SheridanSheridan

1084




1084








  • 1





    Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?

    – grawity
    Dec 31 '18 at 20:27













  • It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)

    – Sheridan
    Dec 31 '18 at 20:43














  • 1





    Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?

    – grawity
    Dec 31 '18 at 20:27













  • It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)

    – Sheridan
    Dec 31 '18 at 20:43








1




1





Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?

– grawity
Dec 31 '18 at 20:27







Um, why are you configuring the subnet and tunnel addresses with /0 prefixlen?

– grawity
Dec 31 '18 at 20:27















It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)

– Sheridan
Dec 31 '18 at 20:43





It configured by systemd. Or I incorrectly specified the addresses in the systemd files? (I added a configuration to the post)

– Sheridan
Dec 31 '18 at 20:43










1 Answer
1






active

oldest

votes


















1















3: internal_0:

inet6 2001:471:70c8:1::1/0 scope global




Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.



Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)



Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).



Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.




I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?




DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.



(The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389374%2fhow-to-setup-ipv6-network-from-hurricane-electric-with-fixed-address-delegation%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1















    3: internal_0:

    inet6 2001:471:70c8:1::1/0 scope global




    Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.



    Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)



    Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).



    Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.




    I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?




    DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.



    (The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)






    share|improve this answer




























      1















      3: internal_0:

      inet6 2001:471:70c8:1::1/0 scope global




      Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.



      Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)



      Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).



      Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.




      I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?




      DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.



      (The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)






      share|improve this answer


























        1












        1








        1








        3: internal_0:

        inet6 2001:471:70c8:1::1/0 scope global




        Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.



        Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)



        Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).



        Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.




        I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?




        DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.



        (The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)






        share|improve this answer














        3: internal_0:

        inet6 2001:471:70c8:1::1/0 scope global




        Even though your tunnel and subnet addresses belong to /64 prefixes, you've configured them as /0's for some reason. Using the wrong subnet mask can already cause various strange problems, but /0 is twice as bad because it is interpreted as "The whole world is my subnet". Notice how you ended up with two extra default routes, such as the nonsensical ::/0 dev internal_0.



        Because you have two routes for same destination (::/0 aka 'default') and same metric, you essentially end up with a single load-balanced route. It's up to chance whether each packet chooses the "dev internal_0" nexthop or the "dev external_he_0" one. (Completely by accident, the latter is actually valid and works, due to pointing at a tunnel device. I'm guessing that is why some of your packets go through, while others don't.)



        Fix your configuration to specify the correct prefix length for addresses on both interfaces (it's /64).



        Send a bug report about your network configuration tool: a missing /prefixlen should either abort or default to maximum length (/128 for v6), instead of zero.




        I give only one address to the client (2001:471:70c8:1::a). Where did the second two (2001:471:70c8:1:96de:80ff:fe7c:8bee, 2001:471:70c8:1:7aed:e36d:f089:ad33) come from?




        DHCPv6 is not the only address auto-configuration mechanism (indeed not even supported by some systems). Alongside it, you have Router Advertisements with the AdvAutonomous prefix flag set – this enables SLAAC and indicates to clients receiving these Advertisements that they can self-assign an address from the prefix.



        (The first address is based on the EUI64 or MAC address; the second appears to be RFC7217 hash-based. It seems that this client actually has two programs processing Router Advertisements – probably the kernel + dhcpcd, or kernel + systemd-networkd. That's why it has two default routes too.)







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 31 '18 at 20:43









        grawitygrawity

        237k37503557




        237k37503557






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389374%2fhow-to-setup-ipv6-network-from-hurricane-electric-with-fixed-address-delegation%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Сан-Квентин

            8-я гвардейская общевойсковая армия

            Алькесар