[BUG] Enforcing IPv6 forwarding in radvd startup script breaks some use cases

To: ghe@debian.org, debian-ipv6@lists.debian.org
Subject: [BUG] Enforcing IPv6 forwarding in radvd startup script breaks some use cases
From: Emmanuel Thierry <ml@sekil.fr>
Date: Thu, 28 Feb 2013 18:11:25 +0100
Message-id: <[🔎] 26C8AD39-AF4D-4A03-93FE-2B1393CCA188@sekil.fr>

Hello,

I'm setting up an IPv6-only virtual platform on a debian wheezy, with complex networking setup and net namespaces.
For doing this, i run a radvd on one of the virtual networks. I experimented on this platform a use case where the constraint of enforcing ipv6 forwarding when radvd starts is harmful.

The network where radvd runs is configured with Unique Local Addresses and is not supposed to be used for sending packets outside of the system.
This looks like the following:

 VM1 [ fd00:dead:beef::<EUI64> ] \
 VM2 [ fd00:dead:beef::<EUI64> ] --- [ fd00:dead:beef::1 ] Host (forwarding disabled)
 VM3 [ fd00:dead:beef::<EUI64> ] /

This setup is perfectly valid and it is possible to specify in Router Advertisements that the "router" (in the sense of the node that sends router advertisements) should not be considered as a default route. In radvd, it is performed by setting the option "AdvDefaultLifetime" to "0".

The hosts are still able to perform SLAAC on this prefix and knows that it is not to be used for default route:
> root@test:~# ip -6 a show eth0
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
>     inet6 fd00:dead:beef::5054:ff:fe12:3456/64 scope global dynamic 
>        valid_lft 86341sec preferred_lft 14341sec
>     inet6 fe80::5054:ff:fe12:3456/64 scope link 
>        valid_lft forever preferred_lft forever
> root@test:~# ip -6 r          
> fd00:dead:beef::/64 dev eth0  proto kernel  metric 256  expires 86285sec
> fe80::/64 dev eth0  proto kernel  metric 256

The RFC is consistent with this behaviour. It states that a node may send Router Advertisements while having its forwarding capabilities disabled, as soon as it sets the Router Lifetime field (AdvDefaultLifetime) to zero.
RFC 4861 section 6.2.5:
>    Note that system management may disable a router's IP forwarding
>    capability (i.e., changing the system from being a router to being a
>    host), a step that does not necessarily imply that the router's
>    interfaces stop being advertising interfaces.  In such cases,
>    subsequent Router Advertisements MUST set the Router Lifetime field
>    to zero.


As a conclusion, i kindly ask you to consider relaxing the constraint of having net.ipv6.conf.all.forwarding enabled. It breaks some use cases were disabling forwarding is intended and legal.

Regards.
Emmanuel Thierry


PS: See below my full radvd configuration

> interface virbr1 {
>         IgnoreIfMissing off;
>         AdvSendAdvert on;
>         AdvDefaultLifetime 0;
> 
>         prefix fd00:dead:beef::1/64 {
>                 AdvOnLink on;
>                 AdvAutonomous on;
>         };
> 
>         RDNSS fd00:dead:beef::1 {
>         };
> };

Reply to:

Follow-Ups:
- Re: [BUG] Enforcing IPv6 forwarding in radvd startup script breaks some use cases
  - From: Philipp Kern <pkern@debian.org>
- Re: [BUG] Enforcing IPv6 forwarding in radvd startup script breaks some use cases
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: IP sent by DNSv6 Server
Next by Date: Re: [BUG] Enforcing IPv6 forwarding in radvd startup script breaks some use cases
Previous by thread: Re: IP sent by DNSv6 Server
Next by thread: Re: [BUG] Enforcing IPv6 forwarding in radvd startup script breaks some use cases
Index(es):
- Date
- Thread