[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipv6 old addresses never deleted

El 13/8/20 a les 22:23, Daniel Gröber ha escrit:

Hi Luca,

On Thu, Aug 13, 2020 at 07:02:21PM +0200, Luca Olivetti wrote:

I found out that, since the router has RA enabled, the boxes get an ipv6
globally routable address. The problem is, when the prefix changes
(unfortunately it's not static, the isp assigns a new one on each PPPoE
session), the new address is added but the old one is never deleted, e.g.:


unless the ISP configured RA wrong those addresses should time out
automatically after their valid_lft time expires. Having lots of addresses
is pretty normal in IPv6 so I wouldn't worry about it :)

You can see the valid_lft field using `ip address` instead of ifconfit.


Mmmh, I think there's a problem

$ ip addr list wlan0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 
    link/ether e8:94:f6:15:30:7a brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.6/24 brd 192.168.10.255 scope global wlan0
       valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3105:bd00:ea94:f6ff:fe15:307a/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3507:8200:ea94:f6ff:fe15:307a/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3605:7a00:ea94:f6ff:fe15:307a/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3306:9800:ea94:f6ff:fe15:307a/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3502:fb00:ea94:f6ff:fe15:307a/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3107:7100:ea94:f6ff:fe15:307a/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3508:f00:ea94:f6ff:fe15:307a/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
inet6 2a0c:5a84:3307:5700:ea94:f6ff:fe15:307a/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
    inet6 fe80::ea94:f6ff:fe15:307a/64 scope link
       valid_lft forever preferred_lft forever
Unfortunately the router is quite limited in what can be configured (and only if you hack it to obtain admin access) and I see no option to adjust the valid_lft, you can just turn RA on/off, set the M (maybe I should set it to use dhcpv6 instead?) and O option, preference (?) high/middle/low, prefix delegate type autosense/manual, a minimum retry interval (currently 198) and maximum retry interval (600). And that's it. 




Is there a way to automatically flush the old addresses?


If you insist on removing them you can do

     ip -6 address flush deprecated


Well, since they're valid "forever" that doesn't remove any address :-/



which should remove all addresses with "preferred_lft 0" but nonzero
valid_lft which means they can still be used for incoming connections
side note: also the ipv6 firewall is quite limited, either no incoming connection is forwarded or all of them to all internal hosts :-( 


but
won't we used for outgoing ones.



OK, if it's no problem I won't bother.

Bye
--
Luca
Reply to: