Re: ipv6 old addresses never deleted

To: Luca Olivetti <luca@ventoso.org>
Cc: debian-arm@lists.debian.org
Subject: Re: ipv6 old addresses never deleted
From: Daniel Gröber <dxld@darkboxed.org>
Date: Fri, 14 Aug 2020 01:49:46 +0200
Message-id: <[🔎] 20200813234946.GB23993@Eli.clients.dxld.at>
In-reply-to: <[🔎] 335c6808-5ffd-4f10-3139-b6d7d2a1ba1f@ventoso.org>
References: <[🔎] 0d401a11-9b1a-173d-e93a-2b4735eb8c6d@ventoso.org> <[🔎] 20200813202346.GA23993@Eli.clients.dxld.at> <[🔎] 335c6808-5ffd-4f10-3139-b6d7d2a1ba1f@ventoso.org>

Hi,

On Fri, Aug 14, 2020 at 12:55:14AM +0200, Luca Olivetti wrote:
> Mmmh, I think there's a problem

Uff, yeah that's bad. I'd contact the ISP and ask them to fix this their
deployment is quite broken if they do things like this.

You can try running rdisc6 (from the ndisc6 debian packge) to see exactly
what is wrong with the RAs or if it's some other component that's broken
maybe.

Assigning a new IPv6 address on each re-connect isn't really how address
assignment is supposed to work in the first place, but with unlimited
lifetime is just plain wrong since those addresses will actually never get
removed.

You could try linking your ISP to

    https://www.ripe.net/publications/docs/ripe-690#5--end-user-ipv6-prefix-assignment--persistent-vs-non-persistent

to convince them they shouldn't do things like this.

> Unfortunately the router is quite limited in what can be configured (and
> only if you hack it to obtain admin access) and I see no option to adjust
> the valid_lft, you can just turn RA on/off, set the M (maybe I should set it
> to use dhcpv6 instead?) and O option,  preference (?) high/middle/low,
> prefix delegate type autosense/manual, a minimum retry interval (currently
> 198) and maximum retry interval (600). And that's it.

Prefix delegate type sounds interesting. You could try connecting a proper
rounter/firewall behind this thing if it supports DHCPv6-PD
(properly). Then you can configure your own router with radvd and correct
lifetime values.

I'd use OpenWrt for this use cases since I haven't had to figured out how
to do dynamic prefix assignment properly using software in Debian yet but I
know it just-works^{TM} on OpenWrt.

> Well, since they're valid "forever" that doesn't remove any address :-/

Indeed, I was hoping that surely your ISP isn't _that_ incompetent :)

I'm not sure how linux even manages to use the correct address in this
case. My guess would be that the old ones just stop working but since the
are all preferred>0 it might just pick a random one. You can use something
like

    ping -6 -S 2a0c:5a84:3307:5700:ea94:f6ff:fe15:307a debian.org

to check which source addresses are actually currently routable (-S is to
specify the source address) and just remove all the other ones as a
workaround.

> side note: also the ipv6 firewall is quite limited, either no incoming
> connection is forwarded or all of them to all internal hosts :-(

Same with my ISP, I just run the DOCSIS modem in IPv4-only "Modem Mode" and
do my own IPv6 tunnling using wireguard. If the DHCPv6-PD works that might
not go though the firewall if you're lucky. I'd give that a try.

> OK, if it's no problem I won't bother.

I'm not sure if there is a limit to the number of IPs linux will accept or
if something breaks when that number gets ridiculously large. I'd still
complain to the ISP about this.

--Daniel

Reply to:

Follow-Ups:
- Re: ipv6 old addresses never deleted
  - From: Luca Olivetti <luca@ventoso.org>

References:
- ipv6 old addresses never deleted
  - From: Luca Olivetti <luca@ventoso.org>
- Re: ipv6 old addresses never deleted
  - From: Daniel Gröber <dxld@darkboxed.org>
- Re: ipv6 old addresses never deleted
  - From: Luca Olivetti <luca@ventoso.org>

Prev by Date: Re: ipv6 old addresses never deleted
Next by Date: Re: ipv6 old addresses never deleted
Previous by thread: Re: ipv6 old addresses never deleted
Next by thread: Re: ipv6 old addresses never deleted
Index(es):
- Date
- Thread