turn IPv6 off on interfaces or at least disable advertising default routes

  • first things first: I would like to do IPv6 PD with TNSR, but at this time, it's not implemented.

    I therefore need a second router on the client network for IPv6 (PD and SLAAC advertising), and that's where the problems start.

    I am getting advertised default routes on the clients for IPv6 pointing to the local fe80 IPv6 addresses of the TNSR interfaces, and I can't delete them on the clients; they keep reappearing. I have not yet TCPDUMPed the exact behaviour but would like to turn either IPv6 off on the respective TNSR interfaces (which can't be done using "no ipv6 address"; the local link IPv6 address will be kept) or, failing that, turn off IPv6 completely (if it can't be done right, it shouldn't be done at all). But in the present state, TNSR interfaces are somehow messing up IPv6 in my networks.

    Has anyone got a suggestion or experienced similar behaviour?

    Kind regards


  • edit/add:

    indeed, TNSR sends out IPv6 router advertisements, and while it doesn't advertise a default route technically, the client (in this case openbsd) adds a default route for it:

    12:20:35.552319 fe80::3eec:efff:fe38:33f7 > ff02::1: icmp6: router advertisement
    12:20:35.552321 fe80::3eec:efff:fe38:33f7 > ff02::1: icmp6: router advertisement
    tnsr tnsr#  show inte RADIO 
    Interface: RADIO
        Description: RADIO VLAN 3
        Admin status: up
        Link up, link-speed 10 Gbps, unknown duplex
        Link MTU: 1500 bytes
        MAC address: 3c:ec:ef:38:33:f7
        NAT inside
        IPv4 MTU: 0 bytes
        IPv4 Route Table: ipv4-VRF:0
        IPv4 addresses:
        IPv6 MTU: 0 bytes
        IPv6 Route Table: ipv6-VRF:0
        IPv6 addresses:
        VLAN tag rewrite: disable
            queue-id 0 : cpu-id 1
          received: 8076506222 bytes, 14028807 packets, 0 errors
          transmitted: 32340497834 bytes, 26720262 packets, 0 errors
          protocols: 12845112 IPv4, 240047 IPv6
          1188334 drops, 22 punts, 0 rx miss, 0 rx no buffer

    Can this be turned off? If so, how?

  • LAYER 8 Netgate

    @helmlein Yes, it should not be sending RAs.

    The workaround at the moment is to disable IPv6.

    As root on the host shell:
    echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/50-noipv6.conf
    echo net.ipv6.conf.default.disable_ipv6=1' >> /etc/sysctl.d/50-noipv6.conf
    dp-exec sysctl -p /etc/sysctl.d/50-noipv6.conf

    Then restart the dataplane ((config)# service dataplane restart) or reboot.

  • @derelict Thanks; it's a bit sad TNSR can't do IPv6 PD yet, but at least the workaround (BTW the ' needs to be removed from your echo statement in line 2) stops it from sending RAs.

    It would be nice if the RAs could be turned off per interface without disabling the whole IPv6 stack, that can e.g. be done in VyOs or in EdgeOS.

    As I'm on the homelab edition I can't really complain; thanks for the quick fix!


  • LAYER 8 Netgate

    @helmlein It is not intended to be this way and there is an open bug on the RA. DHCP6 features are simply not implemented yet.