Modify

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#13943 closed defect (not_a_bug)

r37493 does set wrong ipv6 routes

Reported by: anonymous Owned by: developers
Priority: response-needed Milestone: Chaos Calmer 15.05
Component: kernel Version: Trunk
Keywords: ipv6 route wan6 lan Cc: cyrus@…

Description

since automatic ipv6 set up does not for me (dtag dual-stack) i have to set up my lan interface manually which works for me then. but when there is no active wan6 route or when an active route gets deleted after a short amount of time after manual lan setup, then the router sets wrong routes, so that ipv6 is broken for me. the routes are getting as network/interface lan instead of wan6. setting static routes with interface wan6 instead of lan works for me as a workaround.

what i do for manual ipv6 lan setup:

  • change IPv6 assignment length from 64 to disabled
  • set up an ipv6 for lan interface within the prefix i got from my isp
  • set up remote LL ipv6 from my isp as IPv6 gateway
  • set up the prefix i got from my isp as IPv6 routed prefix
  • set up radvd to announce the prefix i got from my isp

Attachments (0)

Change History (17)

comment:1 Changed 3 years ago by jow

  • Priority changed from normal to response-needed

The correct way would be to:

  • remove radvd
  • set wan6 interface to proto static
  • set wan6 ip6addr to a suitable ip, e.g. ::1/64 out of your prefix
  • set wan6 ip6prefix to your dtag prefix
  • set wan6 ip6gateway to the LL ipv6
  • set lan ip6assign to 64

After you did that, poste the output of "istatus wan6" and "ifstatus lan" here.

comment:2 Changed 3 years ago by anonymous

ok, i reverted the lan interface settings back to standard and set up wan6 the way you wrote. but now i have the same situation like from the beginning (the for me not working) automatic ipv6 configuration: from lan i have no ipv6 connectivity and ping6 on my desktop only says "100% packet loss", no error msg. from within the router i have ipv6 connectivity.

comment:3 Changed 3 years ago by anonymous

btw, the routes are looking good now and i already stopped radvd. but as i said, i have no ipv6 connectivity from lan.

comment:4 Changed 3 years ago by jow

So you only get a single /64 from the dtag?

Your current problem is due to thwe fact that you only have (or configured) a /64 prefix while for proper, traditional routing you'd at least need two (one for wan, one for lan).

If you got a larger prefix than /64 it is enough to just put that into the ip6prefix, otherwise you need to resort to ndp proxying - see example #2 in http://wiki.openwrt.org/doc/uci/6relayd#examples

comment:5 Changed 3 years ago by anonymous

yeah, i got only a single /64 prefix. but since when do i need two /64 for native dual-stack?? the point is, in the past i used a two months old barrier braker and mostly it run flawlessly. the only thing i had to do was to replace/update my prefix when it changed due to different reasons. and also trunk from yesterday runs with a single prefix, when i work around the routes. so i dont understand why i need two /64 for autoconfiguration. in my opinion this would be a waste of ip addresses when i have to use a single /64 only for my wan interface. i'll have a look on 6relayd.

comment:6 Changed 3 years ago by cyrus

Judging from your first ifstatus everything seems to be fine with the default setup. You dont need 6relayd. Honestly i dont see what is wrong with your setup. The same thing works for others. I dont think manual setup and / or radvd will help in your case.

comment:7 Changed 3 years ago by cyrus

Please provide the output of ip -6 route show table all and ifstatus wan6 using the default trunk config (automatic dhcpv6) without radvd and the like otgerwise there is not really much to debug.

comment:8 Changed 3 years ago by cyrus

Also does a ping6 from the router itself work with the defaults?

comment:9 Changed 3 years ago by cyrus

  • Cc cyrus@… added

comment:10 Changed 3 years ago by anonymous

ok, i erased rootfs_data to get the standard config. ipv6 now works ootb. but from lan only when 6relayd is running. when i stop 6relayd i have no ipv6 at all on my lan.

the only thing i am wondering about is the standard IPv6 assignment length of '60' on my lan interface. in my understanding this should be outside of my prefix (subnet) i got from my isp. the fun fact for me is, that it is working flawlessly.

comment:11 Changed 3 years ago by cyrus

  • Resolution set to not_a_bug
  • Status changed from new to closed

Yes 6relayd acts as DHCPv6-server and RA-server (radvd-replacement) by default which is why your clients don't get IPv6-connectivity without it, this is why you don't need radvd anymore.

6relayd can also act as a relay for those + proxy-NDP. But this is only required when your ISP doesn't give you a delegated prefix and only provides your router's WAN-interface with an IPv6-address (this is what jow meant with the single /64). This also helps if you try to put your router behind another router which doesn't hand out delegated prefixes but only announces a /64 via radvd or so.

The assignment length of 60 is OK. It is an upper bound. If your ISP only provides a /64 then you only get a /64 assigned. However if your ISP delegates a bigger subnet (e.g. /56 or /48) then a /60 will be assigned to your lan. In this case 6relayd sub-delegates all but the first /64 of that /60 to downstream routers on your lan via DHCPv6-PD so you can have multiple IPv6-routers chained at home without resorting to the relaying / NDP-proxy hack I mentioned above.

comment:12 Changed 3 years ago by anonymous

well, but my isp doesnt delegate a bigger subnet and my lan doesnt get assigned ip's from within the /64 i got from my isp but ip's from another subnet.
my isp gives me 2003:40:6fff:xxx::/64 and my desktop gets 2003:40:6f80:xxx:xxx:xxx:xxx:xxx/64. in my understanding is this not within the subnet i got delegated from my isp. regarding to this subnet calculator my lan should get ip's from within the range 2003:40:6fff:xxx:0000:0000:0000:0000-
2003:40:6fff:xxx:ffff:ffff:ffff:ffff

comment:13 Changed 3 years ago by cyrus

I just had a look at your ifstatus.
You can see under "ipv6-address" the IPv6 address that your router got on its WAN-interface which is "2003:40:6fff:xxx:xxx:xxx:xxx:2b01" with the prefix-length /64. However this is only for your router's interface and NOT the prefix from which your clients get addresses. This is what was mentioned early with the two distinct prefixes given by your ISP.

As you can see in the ifstatus your ISP also delegates the prefix 2003:40:6f80:yyy::/56 to you (under "ipv6-prefix"). According to the ip6assign=60 setting the subprefix 2003:40:6f80:yyy::/60 is assigned to your lan-interface which is in that /56 range your ISP delegates to you.

On your LAN-interface 6relayd will therefore announce 2003:40:6f80:yyy::/64 to your clients which is why they get adresses from that range. If you happen to put another router behind this OpenWrt router 6relayd can delegate parts of that /60 further so that the second router will get an address from 2003:40:6f80:yyy::/64 on its wan-interface and a part of the /60 that it can then assign to its LAN-interface for the clients. This is basically the same that your ISP does with your OpenWrt router.

comment:14 Changed 3 years ago by anonymous

ok, thank you for your explanations.

in other words i could set up another 18446744073709551615 wan interfaces on my router (number of ip addresses in a /64 -1).

one question is left to me: why do i not see that /56 at 'rdsic6 pppoe-wan' (or at all on router-side)?

comment:15 Changed 3 years ago by cyrus

Haha well something like that. I guess it doesn't make much sense for PPP-connections and is actually quite a waste there but on other connection types you could just have one upstream and several downstream routers connected on the same link sharing that /64 prefix for their wan-interface.

Also you can't see that /56 in rdisc6 because its negotiated through DHCPv6. You could do a tcpdump or use wireshark to sniff / monitor the exchange.

comment:16 Changed 3 years ago by anonymous

i'm sorry, but i've got another question. i'm trying to understand what my isp does. regarding to the ips my wan (2003:40:6f7f::) and lan (2003:40:6f0d::) got and in my understanding of routing and subnetting, i presume that my isp delegates a /40 (2003:40:6f00::) to their customers. or am i wrong?

comment:17 Changed 3 years ago by anonymous

No they delegate a /56 to you (at least accoding to your ifstatus wan6).

	"ipv6-prefix": [
		{
			"address": "2003:40:6f80:yyy::",
			"mask": 56,
...

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.