Is net.ipv6.conf.all.forwarding=1 equivalent to enabling forwarding for all individual interfaces?
23,166
Looks like indeed it is designed to work differently compared to IPv4's */forwarding and all/forwarding:
From https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt:
conf/all/forwarding - BOOLEAN
Enable global IPv6 forwarding between all interfaces.
IPv4 and IPv6 work differently here; e.g. netfilter must be used
to control which interfaces may forward packets and which not.
This also sets all interfaces' Host/Router setting
'forwarding' to the specified value. See below for details.
This referred to as global forwarding.
forwarding - INTEGER
Configure interface-specific Host/Router behaviour.
Note: It is recommended to have the same setting on all
interfaces; mixed router/host scenarios are rather uncommon.
Possible values are:
0 Forwarding disabled
1 Forwarding enabled
FALSE (0):
By default, Host behaviour is assumed. This means:
1. IsRouter flag is not set in Neighbour Advertisements.
2. If accept_ra is TRUE (default), transmit Router
Solicitations.
3. If accept_ra is TRUE (default), accept Router
Advertisements (and do autoconfiguration).
4. If accept_redirects is TRUE (default), accept Redirects.
TRUE (1):
If local forwarding is enabled, Router behaviour is assumed.
This means exactly the reverse from the above:
1. IsRouter flag is set in Neighbour Advertisements.
2. Router Solicitations are not sent unless accept_ra is 2.
3. Router Advertisements are ignored unless accept_ra is 2.
4. Redirects are ignored.
Default: 0 (disabled) if global forwarding is disabled (default),
otherwise 1 (enabled).
So per-interface forwarding is only used for auxilary things like various flags and special packets behaviour, not for deciding whether to re-transmit packets or not.
Related videos on Youtube
13 : 06
1.1.3.5 Packet Tracer - Configuring IPv4 and IPv6 Interfaces
01 : 21
DevOps & SysAdmins: net.ipv6.conf.all.forwarding = 1 is an unknown key
03 : 19
Is net.ipv6.conf.all.forwarding=1 equivalent to enabling forwarding for all individual interfaces?
31 : 47
CCNA1-ITNv7 - Module 12 - IPv6 Addressing
06 : 20
Enabling and configuring IPv6 on a Cisco router
Author by
Vi.
Updated on September 18, 2022Comments
-
Vi. over 1 year
or it is the only way to enable forwarding for IPv6?
/proc/sys/net/ipv6/conf# grep '' */forwarding all/forwarding:0 default/forwarding:1 eth0/forwarding:1 lo/forwarding:1 nat64/forwarding:1 tunl0/forwarding:1 veth_cm/forwarding:1 wifi0/forwarding:1 wlan0/forwarding:1Does not route. I see packets in Wireshark, but they don't reach ip6tables.
/proc/sys/net/ipv6/conf# grep '' */forwarding all/forwarding:1 default/forwarding:1 eth0/forwarding:1 lo/forwarding:1 nat64/forwarding:1 tunl0/forwarding:1 veth_cm/forwarding:1 wifi0/forwarding:1 wlan0/forwarding:1Now network starts working.
/proc/sys/net/ipv6/conf# grep '' */forwarding all/forwarding:1 default/forwarding:0 eth0/forwarding:0 lo/forwarding:0 nat64/forwarding:0 tunl0/forwarding:0 veth_cm/forwarding:0 wifi0/forwarding:0 wlan0/forwarding:0Network still works. Are those individual per-interface switches even used? Can it be a Linux kernel bug (now running version 4.9.5).
-
mleonard about 7 yearsYes, the Linux kernel behaviour is surprising here. I appreciate that you documented it here. +1
-
Vi. about 7 yearsI'd removed
forwardingfrom per-interface config and named itis_routerinstead.
