systemd-networkd: IPv6 prefix delegation lost when changing prefixes

To: debian-user@lists.debian.org
Subject: systemd-networkd: IPv6 prefix delegation lost when changing prefixes
From: Tobias Brink <tobias.brink@gmail.com>
Date: Fri, 10 Apr 2020 13:34:40 +0200
Message-id: <[🔎] 87imi7zi9b.fsf@tobe.homeunix.org>

Hello debian-user,

I have an internet connection via a router provided by my ISP. I have a
Linux box (Debian Buster) between this router and my internal network in
order to provide nicer firewalling and some services like OpenVPN, wifi
for guests without access to the internal network, and so on.

In order to provide IPv6 to my internal network, I use IPv6 prefix
delegation to get a prefix from the ISP-provided router. That works and
my systemd-networkd (systemd version 244.3-1 from backports) config
files look somewhat like this:

#/etc/systemd/network/10-enp3s0.network <- the "external" interface

[Match]
Name=enp3s0

[Network]
Address=<some RFC1918 IPv4 address>
Gateway=<IPv4 gateway>
Address=fdxx:xxxx:xxxx:xxxx::1/64
IPv6AcceptRA=yes
DHCP=ipv6
IPv6PrivacyExtensions=true

[DHCPv6]
ForceDHCPv6PDOtherInformation=yes


#/etc/systemd/network/20-br0.network <- the "internal" interface

[Match]
Name=br0

[Network]
Address=<some RFC1918 IPv4 address>
Address=fdxx:xxxx:xxxx:yyyy::1/64
IPv6PrefixDelegation=yes

[IPv6PrefixDelegation]
Managed=yes
OtherInformation=yes
RouterLifetimeSec=7200
EmitDNS=yes
DNS=fdxx:xxxx:xxxx:yyyy::1
DNSLifetimeSec=7200

[IPv6Prefix]
Prefix=fdxx:xxxx:xxxx:yyyy::/64
ValidLifetimeSec=7200
PreferredLifetimeSec=3600


That works quite nicely and I get both ULA addresses and some dynamic
prefix from my ISP for the internal net. Unfortunately, whenever the
public IPv6 prefix changes [enforced nightly by the ISP :-( ] the prefix
delegation is lost and I only retain IPv4 and the ULA addresses on my
internal network. The external interface enp3s0 gets a new public IPv6
address without trouble, though. Debug logs from systemd-networkd
contain the following at the relevant time (nothing else relevant,
though):

 DHCPv6 CLIENT: Sent RENEW
 DHCPv6 CLIENT: Next retransmission in 9s
 DHCPv6 CLIENT: REPLY Status Binding unavailable

It seems that the built-in DHCPv6 client of systemd tries to renew the
old prefix and is denied. It does not seem to request a new prefix. Does
anybody have some experience with this? Is this a bug in
systemd-networkd or the ISP-provided router? Some other problem?

It is also a bit annoying to implement a workaround. While "networkctl
reconfigure enp3s0" does the trick and gets a new delegated prefix, I am
not sure how to automate this command. There seems to be no tool to show
the delegated prefixes, so I cannot find out when they are lost. Does
somebody have an idea?

Any help appreciated.

Tobias

Reply to:

Follow-Ups:
- Re: systemd-networkd: IPv6 prefix delegation lost when changing prefixes
  - From: Vincent Truchseß <debian-user@v-tr.org>

Prev by Date: Re: New RAM, does Debian has a tool to benchmark?
Next by Date: Re: New RAM, does Debian has a tool to benchmark?
Previous by thread: Re: Can't get my Debian laptop to use my Radeon 520 Mobile graphics card
Next by thread: Re: systemd-networkd: IPv6 prefix delegation lost when changing prefixes
Index(es):
- Date
- Thread