[ previous ] [ next ] [ threads ]
 
 From:  "Egbert Jan" <egbert at vandenbussche dot nl>
 To:  "'Ray Soucy'" <rps at maine dot edu>
 Cc:  "'Andrew White'" <andywhite at gmail dot com>, <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] native IPV6 needs dhcp6c
 Date:  Thu, 29 Apr 2010 17:24:28 +0200
Roy is completely right here. 

My ISP (xs4all.nl) is running this pilot to see how they should bring this
to a broader public. In the pilot are mostly knowledgeble techies taking
part, tech staff from xs4all and at least one modem manufacturer (avm.de).
Avm is very helpfull with beta releses of their firmware. There are also
cisco users, openwrt and monowall (myself) in the pilot. On the openwrt
platform we all use wide-dhcp6c to pick up the PD and aasign to interfaces
and radvd to further advertise on the LAN side. 
The reason i moved to OpenWRT with a simple modem (Vigor120) was that

1. I didn't wanted to change my working monowall setup with the AVM adsl
modem/router, and 

2. because the current firmware in the modem has no IPv6 routing.
<PREFIX>:0::1 goes to lo, <PREFIX>:1::1/64 to LAN. That's it. No way to tell
the modem that yet another /64 sits behind a router (monowall in my case). 

Egbert Jan

> -----Oorspronkelijk bericht-----
> Van: Ray Soucy [mailto:rps at maine dot edu] 
> Verzonden: donderdag 29 april 2010 16:36
> Aan: Egbert Jan
> CC: Andrew White; m0n0wall dash dev at lists dot m0n0 dot ch
> Onderwerp: Re: [m0n0wall-dev] native IPV6 needs dhcp6c
> 
> 
> DHCPv6 and IPv6 RA are related but different things.
> 
> You should _never_ send an IPv6 RA out the WAN connection, 
> you should only send RA to advertise the prefixes you are the 
> router for.
> 
> There is currently no way to filter rogue RA, so RA out the 
> WAN connection could bring down IPv6 for everyone on the ISPs network.
> 
> RA messages have a "managed config" flag that indicates the 
> host should use DHCPv6 to configure its address (as opposed 
> to stateless).
> 
> So the WAN port would need a DHCPv6 client listening, and the 
> LAN port would need to send RA of the prefix delegated though 
> DHCPv6-PD.
> 
> On Thu, Apr 29, 2010 at 10:18 AM, Egbert Jan 
> <egbert at vandenbussche dot nl> wrote:
> > Andy, Ray,
> >
> > IMHO dhcpdc *IS* needed to accept the PD RA advertisement from the 
> > ISP. Switching om RA om the WAN side of Monowall will act 
> as ISP and 
> > advertise instead of listen. Or am I completely wromg here? Maybe I 
> > should just test that bij connecting the modem (Vigor120 in
> > PPPoE->PPPoA bridge mode) to the Soekris running Monowall and 
> > PPPoE->reconfigure
> > for PPPoE. Unfortunately I have only one ADSL line here and 
> can only 
> > test when nobody is at home except myself...
> >
> > Egbert Jan
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: Andrew White [mailto:andywhite at gmail dot com]
> >> Verzonden: donderdag 29 april 2010 14:47
> >> Aan: Egbert Jan
> >> CC: m0n0wall dash dev at lists dot m0n0 dot ch
> >> Onderwerp: Re: [m0n0wall-dev] native IPV6 needs dhcp6c
> >>
> >>
> >> My last comment on this outside of the forums because it's 
> important 
> >> these questions are asked on the forums as others will 
> learn from the 
> >> thread , it's searchable (including
> >> google) and others can contribute.
> >>
> >>
> >> You may not need to do anything at all.
> >>
> >> m0n0wall supports ipv6 via a number of mechanisms including 
> >> ppp/pppoe.
> >>
> >> DHCP-PD is an aide to help configure your LAN side addressing, but 
> >> more than likely they will announce your subnet down your 
> ppp tunnel, 

> >> This being the case, m0n0wall will suggest an ip address based on 
> >> receiving this announcement if you enable RA on the WAN, 
> and wait to 
> >> receive an announcement.
> >>
> >> DHCP-PD should only be required if you are given a different home 
> >> subnet on a regular basis, and reconfiguring your WAN would be a 
> >> pain, but that really would not be normal in an ipv6 environment 
> >> where you get a subnet associated with your UID.
> >>
> >> DUID's are supposed to be static according to the RFC's 
> and most OS's 
> >> use the MAC address to form their DUID, but Windows 7 , 
> for example, 

> deriving 
> >> their DUID (which is why you must enter a DUID in dhcp6d 
> for windows 
> >> 7 systems, and just a MAC for others).
> >>
> >> On Wed, Apr 28, 2010 at 6:32 PM, Egbert Jan 
> <egbert at vandenbussche dot nl> 
> >> wrote:
> >>
> >> > Hi Andy.
> >> >
> >> > Well.. the request is to put into the image what is
> >> neccessary to get
> >> > native Ipv6 going. I'm currently in a pilot for native IPv6 with 
> >> > prefix delegation on unnumbered link organized by XS4ALL a major 
> >> > player here in NL.
> >> >
> >> > Integration is needed for wide-dhcp6-client and radvd might need 
> >> > pacthing. The DHCP6 client needs a configuration file. 
> Parameters 
> >> > should be set via the GUI. Logging what goes on is
> >> essential as is a
> >> > status display. ppp might need extensions to send/receive
> >> IPV6CP. Also
> >> > a unique but no-changing DUID must be created (or kept) in the 
> >> > confuguration. I would advise a type 3 DUID; only based on MAC 

> >> >
> >> > I saw that it should be possible to use exec.php to add 
> dhcp6c and 
> >> > config. I did not go thru that all, though... I took
> >> another piece of
> >> > (x86) hardware and installed OpenWRT 10.03. Got that 
> working today. 
> >> > Still, when monowall becomes available, I will stay on that
> >> platform.
> >> > OpenWRT is quite new to me.
> >> > It has a nice look and feel and there is a full 
> commandline (ash in 
> >> > busybox). I must say that it rocks.
> >> >
> >> > I do not know how rigid the 8 Mb image size barrier is that you 
> >> > developers seem to have set for yourselves. With the newer
> >> hardware it
> >> > is hardly an issue anymore imho. OpenWRT formats whatever
> >> extra space
> >> > you have and uses unionfs to overlap. So I have plenty of
> >> room on my
> >> > 256 Mb IDE-Flashcard.
> >> >
> >> > HTH
> >> > Egbert Jan
> >> >
> >> >
> >> > > -----Oorspronkelijk bericht-----
> >> > > Van: Andrew White [mailto:andywhite at gmail dot com]
> >> > > Verzonden: woensdag 28 april 2010 17:31
> >> > > Aan: Egbert Jan
> >> > > CC: m0n0wall dash dev at lists dot m0n0 dot ch
> >> > > Onderwerp: Re: [m0n0wall-dev] native IPV6 needs dhcp6c
> >> > >
> >> > >

> some time to 
> >> > > look at this in the next 2-3 weeks, work permitting.
> >> > >
> >> > > Also, if you tried using dhcp6c , posting your results in
> >> there too
> >> > > ?
> >> > >
> >> > > On Thu, Apr 22, 2010 at 2:14 PM, Egbert Jan 
> >> > > <egbert at vandenbussche dot nl> wrote:
> >> > >
> >> > > > It would be wonderful when dhcp6c could be in the 1.33 (or
> >> > > a later...)
> >> > > > release! With a posibility to configure via the
> >> > > webinterface offcause!
> >> > > > There is some activity already; there is an image that can
> >> > > be uploaded
> >> > > > via the exec.php page. This is cumbersome though...
> >> > > >
> >> > > > Any chance that dhcp6c is finding its way into Monowall???
> >> > > >
> >> > > > Egbert Jan
> >> > > >
> >> > > >
> >> > > >
> >> > >
> >> 
> --------------------------------------------------------------------
> >> > > -
> >> > > > To unsubscribe, e-mail: 
> m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> >> > > > For additional commands, e-mail: 
> >> > > > m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >> > > >
> >> > > >
> >> > >
> >> >
> >> >
> >>
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >
> >
> 
> 
> 
> -- 
> Ray Soucy
> 
> Epic Communications Specialist
> 
> Phone: +1 (207) 561-3526
> 
> Networkmaine, a Unit of the University of Maine System 
> http://www.networkmaine.net/
>