turn IPv6 off on interfaces or at least disable advertising default routes
first things first: I would like to do IPv6 PD with TNSR, but at this time, it's not implemented.
I therefore need a second router on the client network for IPv6 (PD and SLAAC advertising), and that's where the problems start.
I am getting advertised default routes on the clients for IPv6 pointing to the local fe80 IPv6 addresses of the TNSR interfaces, and I can't delete them on the clients; they keep reappearing. I have not yet TCPDUMPed the exact behaviour but would like to turn either IPv6 off on the respective TNSR interfaces (which can't be done using "no ipv6 address"; the local link IPv6 address will be kept) or, failing that, turn off IPv6 completely (if it can't be done right, it shouldn't be done at all). But in the present state, TNSR interfaces are somehow messing up IPv6 in my networks.
Has anyone got a suggestion or experienced similar behaviour?
indeed, TNSR sends out IPv6 router advertisements, and while it doesn't advertise a default route technically, the client (in this case openbsd) adds a default route for it:
12:20:35.552319 fe80::3eec:efff:fe38:33f7 > ff02::1: icmp6: router advertisement 12:20:35.552321 fe80::3eec:efff:fe38:33f7 > ff02::1: icmp6: router advertisement
tnsr tnsr# show inte RADIO Interface: RADIO Description: RADIO VLAN 3 Admin status: up Link up, link-speed 10 Gbps, unknown duplex Link MTU: 1500 bytes MAC address: 3c:ec:ef:38:33:f7 NAT inside IPv4 MTU: 0 bytes IPv4 Route Table: ipv4-VRF:0 IPv4 addresses: 192.168.3.1/24 IPv6 MTU: 0 bytes IPv6 Route Table: ipv6-VRF:0 IPv6 addresses: fe80::3eec:efff:fe38:33f7/64 VLAN tag rewrite: disable Rx-queues queue-id 0 : cpu-id 1 counters: received: 8076506222 bytes, 14028807 packets, 0 errors transmitted: 32340497834 bytes, 26720262 packets, 0 errors protocols: 12845112 IPv4, 240047 IPv6 1188334 drops, 22 punts, 0 rx miss, 0 rx no buffer
Can this be turned off? If so, how?
@helmlein Yes, it should not be sending RAs.
The workaround at the moment is to disable IPv6.
As root on the host shell:
echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/50-noipv6.conf
echo net.ipv6.conf.default.disable_ipv6=1' >> /etc/sysctl.d/50-noipv6.conf
dp-exec sysctl -p /etc/sysctl.d/50-noipv6.conf
Then restart the dataplane (
(config)# service dataplane restart) or reboot.
@derelict Thanks; it's a bit sad TNSR can't do IPv6 PD yet, but at least the workaround (BTW the ' needs to be removed from your echo statement in line 2) stops it from sending RAs.
It would be nice if the RAs could be turned off per interface without disabling the whole IPv6 stack, that can e.g. be done in VyOs or in EdgeOS.
As I'm on the homelab edition I can't really complain; thanks for the quick fix!
@helmlein It is not intended to be this way and there is an open bug on the RA. DHCP6 features are simply not implemented yet.