IPV6 addresses

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

IPV6 addresses

Colin Law
When I run ifconfig on an 18.04 machine which has been upgraded over
several versions I see an IPV6 address generated from the MAC address
of the form
fe80::xxxx:xxff:fexx:xxxx
which has been generated using the technique in
http://www.sput.nl/internet/ipv6/ll-mac.html.

On another machine with a fresh install, however, the fe80:: address
does not have any obvious relationship to the MAC address and has not
got ff:fe at the appropriate place. I deduce from this that there
other allowed techniques for generating the address but I can't find
any reference to them anywhere.  Can anyone elucidate?

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Karl Auer
On Mon, 2018-06-25 at 11:09 +0100, Colin Law wrote:
> On another machine with a fresh install, however, the fe80:: address
> does not have any obvious relationship to the MAC address and has not
> got ff:fe at the appropriate place. I deduce from this that there
> other allowed techniques for generating the address but I can't find
> any reference to them anywhere.  Can anyone elucidate?

Not sure where they would be documented, but check out the
configuration options in /proc/sys/net/ipv6/conf/all/ and compare them
with the options available on the other system.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Colin Watson
In reply to this post by Colin Law
On Mon, Jun 25, 2018 at 11:09:43AM +0100, Colin Law wrote:

> When I run ifconfig on an 18.04 machine which has been upgraded over
> several versions I see an IPV6 address generated from the MAC address
> of the form
> fe80::xxxx:xxff:fexx:xxxx
> which has been generated using the technique in
> http://www.sput.nl/internet/ipv6/ll-mac.html.
>
> On another machine with a fresh install, however, the fe80:: address
> does not have any obvious relationship to the MAC address and has not
> got ff:fe at the appropriate place. I deduce from this that there
> other allowed techniques for generating the address but I can't find
> any reference to them anywhere.  Can anyone elucidate?

That sounds like IPv6 privacy extensions (RFC 4941).  The addresses in
question will be generated randomly.  You can configure privacy
extensions in network-manager.

As I understand it there isn't much particular benefit in having privacy
extensions cover link-local addresses, except maybe simplifying the
address allocation code (but I'm guessing here).  On the other hand
link-local addresses are only rather rarely useful anyway, so ...

--
Colin Watson                                       [[hidden email]]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Karl Auer
On Mon, 2018-06-25 at 11:43 +0100, Colin Watson wrote:
> As I understand it there isn't much particular benefit in having
> privacy extensions cover link-local addresses

Depends how private you want to be.

> On the other hand
> link-local addresses are only rather rarely useful anyway, so ...

They are perhaps not very visibly useful, but they are essential on the
local link.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Ken D'Ambrosio
In reply to this post by Colin Law
On 2018-06-25 06:09, Colin Law wrote:

> I deduce from this that there
> other allowed techniques for generating the address but I can't find
> any reference to them anywhere.  Can anyone elucidate?

I dug into this deeply once working on cloud stuff, and knew the answers
then, but, alas, don't remember them now.  It may have to do with how
systemd differs in assignment.  But, alas, I no longer recall the
particulars re: Ubuntu, specifically.  But, for a brief overview of the
IPv6 local link mechanisms (with links to corresponding RFCs), the
Wikipedia page does a decent job:

https://en.wikipedia.org/wiki/Link-local_address#IPv6

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Colin Law
In reply to this post by Karl Auer
On 25 June 2018 at 11:34, Karl Auer <[hidden email]> wrote:

> On Mon, 2018-06-25 at 11:09 +0100, Colin Law wrote:
>> On another machine with a fresh install, however, the fe80:: address
>> does not have any obvious relationship to the MAC address and has not
>> got ff:fe at the appropriate place. I deduce from this that there
>> other allowed techniques for generating the address but I can't find
>> any reference to them anywhere.  Can anyone elucidate?
>
> Not sure where they would be documented, but check out the
> configuration options in /proc/sys/net/ipv6/conf/all/ and compare them
> with the options available on the other system.

I thought that was it, /proc/sys/net/ipv6/conf/all/addr_gen_mode [1]
and [2] which seems to fit the bill exactly. Unfortunately it is set
to 0 on both systems, so there must be something else.

Colin

[1] https://developer.gnome.org/NetworkManager/stable/settings-ipv6.html
[2] https://tools.ietf.org/html/rfc7217

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Colin Watson
In reply to this post by Karl Auer
On Mon, Jun 25, 2018 at 09:13:41PM +1000, Karl Auer wrote:
> On Mon, 2018-06-25 at 11:43 +0100, Colin Watson wrote:
> > As I understand it there isn't much particular benefit in having
> > privacy extensions cover link-local addresses
>
> Depends how private you want to be.

Sure, there are some edge cases on a local network where it might be
useful.

> > On the other hand link-local addresses are only rather rarely useful
> > anyway, so ...
>
> They are perhaps not very visibly useful, but they are essential on
> the local link.

I meant for explicit use; I understand that they are technically
required for things like neighbour discovery.

--
Colin Watson                                       [[hidden email]]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Colin Law
In reply to this post by Colin Watson
On 25 June 2018 at 11:43, Colin Watson <[hidden email]> wrote:

> On Mon, Jun 25, 2018 at 11:09:43AM +0100, Colin Law wrote:
>> When I run ifconfig on an 18.04 machine which has been upgraded over
>> several versions I see an IPV6 address generated from the MAC address
>> of the form
>> fe80::xxxx:xxff:fexx:xxxx
>> which has been generated using the technique in
>> http://www.sput.nl/internet/ipv6/ll-mac.html.
>>
>> On another machine with a fresh install, however, the fe80:: address
>> does not have any obvious relationship to the MAC address and has not
>> got ff:fe at the appropriate place. I deduce from this that there
>> other allowed techniques for generating the address but I can't find
>> any reference to them anywhere.  Can anyone elucidate?
>
> That sounds like IPv6 privacy extensions (RFC 4941).  The addresses in
> question will be generated randomly.  You can configure privacy
> extensions in network-manager.

I don't think that is it, as far as I can see that is about how to
generate temporary addresses.  I think the fe80 address is a fixed
address automatically generated that can be used for local comms.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Karl Auer
In reply to this post by Colin Law
On Mon, 2018-06-25 at 13:29 +0100, Colin Law wrote:
> I thought that was it, /proc/sys/net/ipv6/conf/all/addr_gen_mode [1]
> and [2] which seems to fit the bill exactly. Unfortunately it is set
> to 0 on both systems, so there must be something else.

It's been a while, but I think that ../all and ../default can be
overridden by the values in ../conf/<interfacename>. Or maybe it's only
../default. Anyway, check the interface-specific values too.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Colin Law
On 25 June 2018 at 14:09, Karl Auer <[hidden email]> wrote:
> On Mon, 2018-06-25 at 13:29 +0100, Colin Law wrote:
>> I thought that was it, /proc/sys/net/ipv6/conf/all/addr_gen_mode [1]
>> and [2] which seems to fit the bill exactly. Unfortunately it is set
>> to 0 on both systems, so there must be something else.
>
> It's been a while, but I think that ../all and ../default can be
> overridden by the values in ../conf/<interfacename>. Or maybe it's only
> ../default. Anyway, check the interface-specific values too.

Well it is the addr-gen-mode setting because
nmcli connection show "Wired connection 1"
shows it as
ipv6.addr-gen-mode:                     eui64
for one and
ipv6.addr-gen-mode:                     stable-privacy
for the other, and setting it to privacy by
nmcli connection modify "Wired connection 1" ipv6.addr-gen-mode 1
does change the fe00:: address as documented.  Why it is not visible
in any of the proc/sys entries I don't know (they are the same on both
machines, all, default and eth0/en01.

For me it is all a bit academic at the moment as I my ISP doesn't do
IPV6 yet, but I like to understand at least a bit about how these
things work.

Thanks all

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Karl Auer
On Mon, 2018-06-25 at 14:51 +0100, Colin Law wrote:
> nmcli connection modify "Wired connection 1" ipv6.addr-gen-mode 1
> does change the fe00:: address as documented.  Why it is not visible
> in any of the proc/sys entries I don't know (they are the same on
> both machines, all, default and eth0/en01.

Huh. Wonder if an RA can suggest to nodes that they use SP addresses?

Let us know if you find out what's going on :-)

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Colin Law
On 25 June 2018 at 15:09, Karl Auer <[hidden email]> wrote:
> On Mon, 2018-06-25 at 14:51 +0100, Colin Law wrote:
>> nmcli connection modify "Wired connection 1" ipv6.addr-gen-mode 1
>> does change the fe00:: address as documented.  Why it is not visible
>> in any of the proc/sys entries I don't know (they are the same on
>> both machines, all, default and eth0/en01.
>
> Huh. Wonder if an RA can suggest to nodes that they use SP addresses?

Eth0 can have multiple connections configured in Network Manager and
presumably each can have different settings, so I guess there must be
more to it than /proc/sys/net/ipv6/conf/eth0.  Or is that supposed to
follow the current setting? It doesn't.

In fact a bit of googling turns up the fact that the file
"/etc/NetworkManager/system-connections/Wired connection 1" contains
[ipv6]
addr-gen-mode=stable-privacy

I don't know what it was before I changed it using nmcli, but
presumably it was either missing or different.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Colin Law
Just in case anyone who finds this is interested, in non-network
manager systems such as (I assume) Ubuntu Server and Raspbian it seems
this can be controlled via /etc/dhcpcd.conf by specifying
slaac  private

Colin

On 25 June 2018 at 16:57, Colin Law <[hidden email]> wrote:

> On 25 June 2018 at 15:09, Karl Auer <[hidden email]> wrote:
>> On Mon, 2018-06-25 at 14:51 +0100, Colin Law wrote:
>>> nmcli connection modify "Wired connection 1" ipv6.addr-gen-mode 1
>>> does change the fe00:: address as documented.  Why it is not visible
>>> in any of the proc/sys entries I don't know (they are the same on
>>> both machines, all, default and eth0/en01.
>>
>> Huh. Wonder if an RA can suggest to nodes that they use SP addresses?
>
> Eth0 can have multiple connections configured in Network Manager and
> presumably each can have different settings, so I guess there must be
> more to it than /proc/sys/net/ipv6/conf/eth0.  Or is that supposed to
> follow the current setting? It doesn't.
>
> In fact a bit of googling turns up the fact that the file
> "/etc/NetworkManager/system-connections/Wired connection 1" contains
> [ipv6]
> addr-gen-mode=stable-privacy
>
> I don't know what it was before I changed it using nmcli, but
> presumably it was either missing or different.
>
> Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Tom H-4
In reply to this post by Colin Law
On Mon, Jun 25, 2018 at 2:54 PM Colin Law <[hidden email]> wrote:

> On 25 June 2018 at 14:09, Karl Auer <[hidden email]> wrote:
>> On Mon, 2018-06-25 at 13:29 +0100, Colin Law wrote:
>>>
>>> I thought that was it, /proc/sys/net/ipv6/conf/all/addr_gen_mode [1]
>>> and [2] which seems to fit the bill exactly. Unfortunately it is set
>>> to 0 on both systems, so there must be something else.
>>
>> It's been a while, but I think that ../all and ../default can be
>> overridden by the values in ../conf/<interfacename>. Or maybe it's only
>> ../default. Anyway, check the interface-specific values too.
>
> Well it is the addr-gen-mode setting because
> nmcli connection show "Wired connection 1"
> shows it as
> ipv6.addr-gen-mode:                     eui64
> for one and
> ipv6.addr-gen-mode:                     stable-privacy
> for the other, and setting it to privacy by
> nmcli connection modify "Wired connection 1" ipv6.addr-gen-mode 1
> does change the fe00:: address as documented.  Why it is not visible
> in any of the proc/sys entries I don't know (they are the same on both
> machines, all, default and eth0/en01.

For "/proc/sys/net/ipv6/conf/", check the "stable_secret" and
"addr_gen_mode" settings.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Karl Auer
On Tue, 2018-06-26 at 07:50 +0100, Tom H wrote:
> For "/proc/sys/net/ipv6/conf/", check the "stable_secret" and
> "addr_gen_mode" settings.

Tom, that's exactly what we have been talking about for a day or so
now.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: IPV6 addresses

Tom H-4
On Tue, Jun 26, 2018 at 9:19 AM Karl Auer <[hidden email]> wrote:
> On Tue, 2018-06-26 at 07:50 +0100, Tom H wrote:
>>
>> For "/proc/sys/net/ipv6/conf/", check the "stable_secret" and
>> "addr_gen_mode" settings.
>
> Tom, that's exactly what we have been talking about for a day or so
> now.

I go through my emails from oldest to newest so I don't see later replies.

And, I was going by memory from articles that I'd read. I've just
checked these proc values on my Ubu laptop and they're not what I
expected.

So not only was I late, it was BS.

I've just googled for "stable_secret" and "addr_gen_mode" and there's
hardly anything. I'll have to look a little harder.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users