Hallo,
as described by CISCO in http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_auto...
a router hast to send ICMPv6 messages of type RS to the all-router multicast group: ff02::1 and ff02::2 for stateless autoconfiguration.
How can I activate this sending in CentOS?
Best regards Helmut
Von: centos-bounces@centos.org [mailto:centos-bounces@centos.org] Im Auftrag von Helmut Drodofsky Gesendet: Dienstag, 6. September 2011 16:03 An: 'CentOS mailing list' Betreff: [CentOS] ICMPv6 messages of type RS
Hallo,
as described by CISCO in http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_auto...
a router hast to send ICMPv6 messages of type RS to the all-router multicast group: ff02::1 and ff02::2 for stateless autoconfiguration.
How can I activate this sending in CentOS?
Best regards Helmut
Dear Helmut,
Sorry for this letter. I want just to make some aspects of the problem more clear.
Joining all-router multicast group is a kernel option. Your host send Router Solicitation requests (it's ICMPv6 code number 133) to the all-routers multicast group. Sending of RS is controlling by the kernel options through sysctl:
$ sysctl -a | grep net.ipv6.conf.default.router_solicitations
The default number of router solicitation messages to send is 3. You can change it to 0 to disable RS if you want:
# sysctl -w "grep net.ipv6.conf.default.router_solicitations=0"
and write this option value to /etc/sysctl.conf if You want to preserve the value after the system reboot. There are possibility to manage sysctl via Avahi.
There is some security reasons in support of disabling RS in the kernels of Your workstations, esp. if You use unmanaged ethernet switches or managed ones without multicast group management. Where is the problem? It could be almost IPv6 disaster to enable ipv6 forwarding in more than one of Your local stations or servers, especially if the router-enabled kernel is not on router machine (so called "fake router"). If that scenario happens and some or all of Your stations autoconfigure the fake router local-ling address as a default IPv6 nexthop, they'll lost their IPv6 connectivity.
I'll recommend You not to use statefull or stateless auto-configuration unless You can manage the access to You multicast groups in the local ethernet. DHCPv6 (as a statefull host configuration) do not solve the problem with fake routers - it uses RS do discover the router too.
Best regards Vesselin
On 09/06/2011 05:33 PM, Helmut Drodofsky wrote:
*Von:* centos-bounces@centos.org [mailto:centos-bounces@centos.org] *Im Auftrag von *Helmut Drodofsky *Gesendet:* Dienstag, 6. September 2011 16:03 *An:* 'CentOS mailing list' *Betreff:* [CentOS] ICMPv6 messages of type RS
Hallo,
as described by CISCO in
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_auto...
a router hast to send ICMPv6 messages of type RS to the all-router multicast group: ff02::1 and ff02::2 for stateless autoconfiguration.
How can I activate this sending in CentOS?
Best regards
Helmut
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tue, 6 Sep 2011, Helmut Drodofsky wrote:
as described by CISCO in http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_auto...
a router has to send ICMPv6 messages of type RS to the all-router multicast group: ff02::1 and ff02::2 for stateless autoconfiguration.
How can I activate this sending in CentOS?
I believe what you seek to enable is provided by the radvd, which is in the package of the same name. We had to provide configuration to get it working properly on our direct assignment ipv6 block at PMman, and to take steps to filter out 'non-authoritative' advertisements from clients running the daemon on domU instances, to get it working as we expected, handing out the proper route information
We use this to do assignments both for our production networking, and also pass this through to client instances as a matter of default-enabled. All the admin for a client domU needs to do is comment out a couple of lines and it 'just works'
For local network ipv6, simply enabling the 'avahi' services will suffice
-- Russ herrold
-
Helmut Drodofsky -
R P Herrold -
Vesselin Kolev