2012-03-04

Automatic IPv6

This generation of FireBrick has had IPv6 built in in from scratch. It has proved very useful for customers wanting IPv6 on their network.

We put in the PPPoE client code some time ago, and now our preferred configuration for FireBricks in an office is to use PPPoE. This works directly on FTTC/FTTP and with DSL modem or bridges.

The IPv6 works nicely. You configure the LAN with the IPv6 blocks that we (or your ISP) are routing to you.

As we got DSL routers that handled IPv6 we added DHCPv6 serving to the LNS so delegate the IPv6 prefix to the router. The router then broadcasts router announcements for the delegated prefix on the LAN. Works well.

DHCPv6 is a horrid way to do it, as I have said before. A broadcast protocol on a point to point link; using a no routable link local address on a link with source filtering; Using IP level protocol on routers where it can hit firewall rules. Also it is not associated with the link state or established as part of bringing up the link itself. All very messy. But we have it working on the LNS.

Today I have been putting the final piece of the puzzle in place with DHCPv6 client in the PPPoE code so that am FB2500 and FB2700 can get a delegated prefix automatically. I have it mostly working this morning, but need a few more bit and some testing. I have issued an alpha with what I have now anyway. I still need to handle the PPPoE link address (IA NA) and DNS servers. I am not sure the RA timing is quite right on the delegated prefixes yet either - needs testing.

In principle it is simple, but as ever there are challenges. The main one is that FireBricks are a tad flexible. Even the FB2500 can have hundreds of interfaces with ports and VLAN combinations - so which LANs do we get prefixes for exactly? The FireBrick can also handle multiple PPPoE connections.

My main objective is that it is simple for the typical case. In fact I have been working on making a factory reset FireBrick use a default login and password to get on to the Internet and in the process to get an IPv6 prefix for the LAN. But I also want it to be flexible as well.

What I have come up with is a setting on the PPPoE config allowing you to say which interfaces you want a prefix for. The PPPoE connection then requests the prefixes you have asked for and allocates them to those interfaces. That allows different PPPoE links to provide prefixes for different interfaces in a variety of combinations. Obviously if multiple PPPoE links are providing the same prefixes to the same interfaces (as with our typical bonded lines) then that works too - with each DHCPv6 response updating the prefix to the latest expiry time. The default is, however, to delegate for all interfaces on the same routing table that are not RA clients - so a sensible default. You can also set to an empty list so no prefix delegation is done.

I think this makes sense. I'll probably do more updates tomorrow to finish it off.

P.S. Now does the IPv6 WAN address, and (in theory) DNS servers. Just testing now.

3 comments:

  1. I do like the way it seems to be becoming easier to setup IPv6 than IPv4.

    ReplyDelete
  2. Why not delegate a /56 for each PPPoE session, and and then advertise a /64 out of that /56 to for each interface?

    ReplyDelete
    Replies
    1. Indeed - that is one idea. We are working from both ends though. So I need to make the 2500/2700 accept a larger block and split it up. I also need to make the LNS, when it has a large block but asked for /64s, split up what it sends. I am sure there will be fine tuning as we work with out ISPs on this and other routers.

      Delete

Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

Missing unix/linux/posix file open option

What I would like is a file open option for "create replacement file". The idea is that this makes a new inode in the same mount p...