Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
"accept_ra 1" vs "accept_ra 2" in interfaces configuration-file
1,123 views
Skip to first unread message
Martin T
Aug 19, 2018, 10:20:04 PM8/19/18
to
Hi!
According to "man interfaces" "accept_ra 1" makes interface to accept
IPv6 RA messages. "accept_ra 2" does the same and in addition, it also
enables forwarding. What does the forwarding mean in this context? One
could think, that it modifies the /proc/sys/net/ipv6/conf/*/forwarding
file(s), but this does not seem to be the case.
thanks,
Martin
According to "man interfaces" "accept_ra 1" makes interface to accept
IPv6 RA messages. "accept_ra 2" does the same and in addition, it also
enables forwarding. What does the forwarding mean in this context? One
could think, that it modifies the /proc/sys/net/ipv6/conf/*/forwarding
file(s), but this does not seem to be the case.
thanks,
Martin
Andy Smith
Aug 20, 2018, 1:00:04 AM8/20/18
to
Hi Martin,
If forwarding = 1 then by default RAs will not be accepted. Setting
accept_ra to 2 allows RAs to be accepted even when forwarding = 1.
Changing the values of either forwarding or accept_ra does not alter
the values of the other. Only the behaviour of the system.
Back in 2011 this was a hard-won battle:
http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/
Cheers,
Andy
accept_ra to 2 allows RAs to be accepted even when forwarding = 1.
Changing the values of either forwarding or accept_ra does not alter
the values of the other. Only the behaviour of the system.
Back in 2011 this was a hard-won battle:
http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/
Cheers,
Andy
Martin T
Aug 20, 2018, 9:10:05 AM8/20/18
to
Thanks for this very informative blog post! However, setting the
"net.ipv6.conf.all.forwarding" to 1 in /etc/sysctl.conf and
"accept_ra" to 2 in /etc/network/interfaces for ISP facing
interface(eth0) didn't work for me. I expected SLAAC to work, but it
didn't. I'm running kernel version 4.9.0. Settings can be seen below:
# sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1
#
# sysctl net.ipv6.conf.eth0.accept_ra
net.ipv6.conf.eth0.accept_ra = 2
#
When I set the "net.ipv6.conf.all.forwarding" to 0 and reboot the
router, then SLAAC works. What might cause this?
thanks,
Martin
Andy Smith
Aug 20, 2018, 6:30:04 PM8/20/18
to
Hi Martin,
On Mon, Aug 20, 2018 at 03:58:36PM +0300, Martin T wrote:
> On Mon, Aug 20, 2018 at 7:55 AM Andy Smith <an...@strugglers.net> wrote:
> > Back in 2011 this was a hard-won battle:
> >
> > http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/
[…]
> Thanks for this very informative blog post! However, setting the
> "net.ipv6.conf.all.forwarding" to 1 in /etc/sysctl.conf and
> "accept_ra" to 2 in /etc/network/interfaces for ISP facing
> interface(eth0) didn't work for me. I expected SLAAC to work, but it
> didn't. I'm running kernel version 4.9.0.
Strange. I've had a look and it seems I continued to use the
workaround mentioned in the blog post even though supposedly I no
longer need to. If you use that workaround, does it (SLAAC) start
working for you?
Also, is it just address assignment that doesn't work or is it also
default router assignment that doesn't work? On my servers that
forward v6 I don't use dynamic assignment of addresses, I statically
assign them, but I do use dynamic assignment of default route.
Cheers,
Andy
On Mon, Aug 20, 2018 at 03:58:36PM +0300, Martin T wrote:
> On Mon, Aug 20, 2018 at 7:55 AM Andy Smith <an...@strugglers.net> wrote:
> > Back in 2011 this was a hard-won battle:
> >
> > http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/
> Thanks for this very informative blog post! However, setting the
> "net.ipv6.conf.all.forwarding" to 1 in /etc/sysctl.conf and
> "accept_ra" to 2 in /etc/network/interfaces for ISP facing
> interface(eth0) didn't work for me. I expected SLAAC to work, but it
> didn't. I'm running kernel version 4.9.0.
workaround mentioned in the blog post even though supposedly I no
longer need to. If you use that workaround, does it (SLAAC) start
working for you?
Also, is it just address assignment that doesn't work or is it also
default router assignment that doesn't work? On my servers that
forward v6 I don't use dynamic assignment of addresses, I statically
assign them, but I do use dynamic assignment of default route.
Cheers,
Andy
Martin T
Aug 21, 2018, 6:10:04 PM8/21/18
to
Thanks for your reply!
> If you use that workaround, does it (SLAAC) start working for you?
then with those workarounds the SLAAC works, i.e I get the default
route. My ISP-facing interface is eth0 and it has forwarding disabled:
# cat /proc/sys/net/ipv6/conf/eth0/forwarding
0
#
Rest of the options are set:
# cd /proc/sys/net/ipv6/conf/
# cat default/forwarding
1
# cat all/forwarding
1
# cat eth0/accept_ra
2
# cat all/accept_ra
1
# cat default/accept_ra
1
#
However, I quite do not understand how returned IPv6 traffic(ingress
traffic to eth0) is routed to my LAN-facing interface when I have
disabled it in /proc/sys/net/ipv6/conf/eth0/forwarding? If I do the
same for IPv4 traffic(echo 0 >
/proc/sys/net/ipv4/conf/eth0/forwarding), then returned traffic is
dropped because forwarding for eth0 is disabled. In addition,
"accept_ra" with a value of 2 should ensure that RA messages are
accepted even if forwarding for that interface is enabled, shouldn't
it?
> Also, is it just address assignment that doesn't work or is it also
> default router assignment that doesn't work? On my servers that
> forward v6 I don't use dynamic assignment of addresses, I statically
> assign them, but I do use dynamic assignment of default route.
default route and this doesn't work even if "accept_ra" has a value of
2.
thanks,
Martin
Andy Smith
Aug 21, 2018, 7:10:04 PM8/21/18
to
Hi Martin,
On Wed, Aug 22, 2018 at 01:06:32AM +0300, Martin T wrote:
> In addition, "accept_ra" with a value of 2 should ensure that RA
> messages are accepted even if forwarding for that interface is
> enabled, shouldn't it?
Yes, it should.
That's the way it's documented and our use case is what it's meant
to serve, so if it's not behaving that way for you then I think it
is a bug and should be reported upstream in the kernel bugzilla.
Cheers,
Andy
On Wed, Aug 22, 2018 at 01:06:32AM +0300, Martin T wrote:
> In addition, "accept_ra" with a value of 2 should ensure that RA
> messages are accepted even if forwarding for that interface is
> enabled, shouldn't it?
That's the way it's documented and our use case is what it's meant
to serve, so if it's not behaving that way for you then I think it
is a bug and should be reported upstream in the kernel bugzilla.
Cheers,
Andy
Martin T
Aug 26, 2018, 1:30:04 PM8/26/18
to
I did some additional tests and made following observations:
1) For IPv6 one can't enable/disable routing for specific
interface(s). It is either off(/proc/sys/net/ipv6/conf/all/forwarding
is 0) or on(/proc/sys/net/ipv6/conf/all/forwarding is 1).
2) /proc/sys/net/ipv6/conf/<INTERFACE_NAME>/forwarding controls simply
if interface sends out RS messages and accepts RA messages
Also, I found a post from David Miller in 2001(!) where he told pretty
much the same: https://bugzilla.redhat.com/show_bug.cgi?id=38533
This means that I set the accept_ra in interfaces file to 1 for
eth0(ISP-facing interface) and added those two lines to sysctl.conf:
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.eth0.forwarding=0
Martin
0 new messages