How to configure radvd, dhcpd6, routing and /64 subnet based on delegated prefix by DHCPv6-PD server?

dhcp ipv6 isc-dhcp dhclient radvd

34,019

Solution 1

I don't know the answer to your question, but I just want to warn you about using the DHCP server address as your default router. If that works it is by chance... In IPv6 the default route is communicated by RA's and not by DHCP.

You will need to enable forwarding, accepting RA's and sending out RS's. A problem here is that the kernel included in Centos6 does not allow you to do that. When forwarding is enabled then accepting RA's and sending RS's is disabled. There should be a CentosPlus kernel with the relevant patches though. See the mailing list thread / message at http://lists.centos.org/pipermail/centos/2011-April/thread.html#109756

The relevant sysctl.conf settings are:

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.eth0.accept_ra=2
net.ipv6.conf.eth0.accept_ra_defrtr=1
net.ipv6.conf.eth0.router_solicitations=1

Solution 2

An IPv6 default route should be setup by whatever got your default (upstream) Internet connection, before you use DHCPv6 PD to get the additional subnets. You haven't mentioned how you're actually connecting upstream, so I can't help you there.
I use WIDE DHCPv6 client, rather than ISC, so I don't know how to do it specifically, but I expect that ISC has something equivalent to this WIDE configuration option:
```
id-assoc pd {
    prefix-interface eth0 {
        sla-id 1;
        sla-len 4;
    };
};
```
Basically, you tell the DHCP client how to assign subnets to internal interfaces; the above configuration says "I'm getting 4 bits of prefix delegated to me (sla-len 4), take the first available subnet (sla-id 1) and assign it to eth0 (prefix-interface eth0).
Setup radvd with appropriate interface stanzas (there are good examples in the radvd.conf man page to work from), and it'll Just Work.
I can't help you there; apart from testing, I don't use DHCPv6 service (I get all my DHCP info from my DHCP server).

34,019

Author by

takaomag

Updated on September 18, 2022

Comments

takaomag almost 2 years
My ISP has just started IPv4/IPv6 dual stack service. In order to connect IPv4/IPv6 internet, almost all users usually use a CPE leased by the ISP. But I want to use my Linux router instead of such CPE, because my router has so many roles(a lot of iptables rules and 3 Ethernet interfaces, http reverse proxy, http cache, memcached, smtp/pop server and DNS proxy). I want to let it to be an IPv4/IPv6 dual stack router.

My router
- CentOS6.0 i686
- eth0 for WAN
- eth1,2 for LAN
- ISC dhcp(version 4.1.1) installed by "# yum install dhcp" from CentOS-updates repo
- radvd(version 1.6) installed by "# yum install radvd" from CentOS-base repo
- [EDIT] The reason why I use ISC dhclient is that my router has to send a DHCPv6 option 16 (Vendor class) in its solicit and request messages, in order to get vendor-specific-information option which includes some ISP-specific informations(SIP phone number, firmware server address). I know how to set option 16 in ISC dhclient, but don't know it in WIDE-dhcpv6. And I can not find such settings as "id-assoc" in ISC dhclient.
My goal
- /48 prefix is delegated to DHCPv6-PD(DHCPv6 Prefix Delegation) client(dhclient) on eth0.
- An IPv6 default route is set toward to ISP. I have to consider ISP's DHCPv6 server's link-local address as a default route.
- One /64 subnet and one global address (which are in the delegated prefix) are assigned to each LAN I/F(eth1/eth2).
- radvd on eth1 and eth2 announces RA based on the assigned /64 subnet.
- dhcpd6 on eth1 and eth2 announces additional network information(name-servers, domain-searchlist and sip-servers-addresses) received from ISP's DHCPv6 server.
My current configuration

/etc/sysconfig/network
```
NETWORKING=yes
HOSTNAME=xxx.yyy.zzz

# Enable IPv6 routing and stop accept_ra/autoconf.
IPV6FORWARDING=yes
```
/etc/sysconfig/network-scripts/ifcfg-eth0
```
DEVICE="eth0"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none

# Enable DHCPv6-PD client.
DHCPV6C=yes
DHCPV6C_OPTIONS="-P -cf /etc/dhcp/dhclient6.conf"

# Disable make_resolv_conf function in /sbin/dhclient-script.
PEERDNS=no
```
/etc/dhcp/dhclient6.conf
```
script "/sbin/dhclient-script";
interface "eth0" {
        send dhcp6.reconf-accept;
        also request dhcp6.vendor-opts, dhcp6.sip-servers-names, dhcp6.sip-servers-addresses, dhcp6.sntp-servers;
}
```
Result

After "# service network restart", DHCPv6-PD client seems to finish successfully.
```
lease6 {
  interface "eth0";
  ia-pd xx:xx:xx:xx {
    starts 1312464004;
    renew 7200;
    rebind 10800;
    iaprefix 24xx:xxxx:xxxx::/48 {
      starts 1312464004;
      preferred-life 12600;
      max-life 14400;
    }
  }
  option dhcp6.client-id xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;
  option dhcp6.server-id xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;
  option dhcp6.reconf-accept ;
  option dhcp6.sip-servers-addresses 24xx:xxxx:xxxx:xxxx::1;
  option dhcp6.name-servers 24xx:xxxx:xxxx:xxxx::3,24xx:xxxx:xxxx:b::3;
  option dhcp6.domain-search "xxx.jp.", "yyy.jp.";
  option dhcp6.sntp-servers 24xx:xxxx:xxxx:xxxx::a,24xx:xxxx:xxxx:b::b;
}
```
Question

DHCPv6-PD client is delegated /48 prefix successfully. But after that,
- How to set an IPv6 default route in the router's routing table ?
- How to assign a global IPv6 address and /64 subnet to each LAN I/F(eth1 and eth2) based on the delegated prefix ?
- How to trigger radvd to announce RA on each LAN I/F(eth1 and eth2) ?
- How to trigger DHCPv6 server(dhcpd6) on each LAN I/F to announce additional network information(name-servers, domain-searchlist and sip-servers-addresses) received from ISP's DHCPv6 server ?
My guess

According to "$ man dhclient" and "$ man dhclient-script", dhclient-script seems to be used to configure such settings, and it offers some hooks. But now, it does nothing for DHCPv6-PD client.

Yes, I may have to write some scripts suitable for my DHCPv6-PD environment, though I am not familiar with IPv6 network configurations. Anyone let me know the above settings in dhclient-script ? [EDIT] I want to know the practical dhclient-script.

And I worry, some special consideration should be taken. For example, because each IPv6 address has preferred/valid lifetime, when I assign a global IPv6 address to a LAN interface based on the delegated prefix, I have to assign not only an IPv6 address but also its lifetimes which must be derived from the delegated prefix's preferred/valid lifetimes ?

Also, radvd and DHCPv6 server on LAN interfaces may have to be re-configured when DHCPv6 re-configuration happens ? Which hook should be used ?

[EDIT] When DHCPv6 re-configuration happens, how to announce both new and obsolete information ? radvd automatically announce the previous prefix is obsolete? DHCPv6 server automatically announce the previous name-servers are obsolete ?
takaomag almost 13 years

Thanks for your answer. 1. How to connect upstream is to just connect a Ethernet cable to a FTTH GE-PON. Just now, there is no way to specify default IPv6 route through DHCPv6, I have to consider the DHCPv6 server's link-local address as a default route.
takaomag almost 13 years

2. Although I did not mention, the reason why I use ISC dhclient is that my router has to send a DHCPv6 option 16 (Vendor class) in its solicit and request messages, in order to get vendor-specific-information option which includes some ISP-specific informations(SIP phone number, firmware server address). I know how to set option 16 in ISC dhclient, but don't know it in WIDE-dhcpv6. And I can not find such settings as "id-assoc" in ISC dhclient.
takaomag almost 13 years

3,4. I may be able to write some poor scripts to construct radvd.conf and dhcpd6.conf based on information(Prefix, etc) from DHCPv6 server. But when DHCPv6 re-configuration happens, how to announce both new and obsolete information ? radvd automatically announce the previous prefix is obsolete? DHCPv6 server automatically announce the previous name-servers are obsolete ?
takaomag almost 13 years

Anyway I want to know the practical dhclient-script.
takaomag almost 13 years

Even whether I use DHCPv6 server or radvd, I have to write some scripts to construct dhcpd6.conf or radvd.conf dynamically based on information(Prefix, etc) from DHCPv6 server. But when DHCPv6 re-configuration happens, how to announce both new and obsolete information to LAN side hosts ? If I construct new dhcpd6.conf or radvd.conf dynamically based only on new information from DHCPv6 server, radvd automatically announce the previous prefix is obsolete? DHCPv6 server automatically announce the previous name-servers are obsolete ?
womble almost 13 years

Don't add all this information in comments on an answer; add it to your question.
BillThor almost 13 years

radvd can use the ::/64 prefix to automatically get its addreses from the interface. You don't need to rewrite the configuration. DNS servers and search list should be static data. IPv6 auto-configuration is designed to handle migrating addresses. I don't know how well your ISP supports the transition. I haven't looked at DHCPv6.
takaomag almost 13 years

I'm sorry, I have added it.
Kyle Butt almost 12 years

Actually, you want accept_ra to be 2 (accept even if routing is enabled). Otherwise the kernel ignores it on a router.
LawrenceC about 3 years

So I'm trying to set this up. My Linux-PC-based router has an eth0 facing the ISP, and is getting the prefix delegation there. eth0 has a working publicily accessible IPv6 address. eth1 faces my network. I assume I have to tell radvd.conf to advertise on eth1. How do I tell radvd.conf to use the prefix from eth0? ::/64 just produces error messages about invalid all-zeros prefix in daemon.log.