• IPv6
• IPv6OnlyRAFlag

IPv6-Only RA Flag

In the IETF 6man working group, the draft-ietf-6man-ipv6only-flag discusses an option by which a client shall disable IPv4 processing if all routers on a link consistently announce the IPv6-Only flag.

Summary

Work has been ongoing to produce a prototype implementation for FreeBSD in a private repository so people can gain experience and changes were merged back to FreeBSD head. The code is compile time disabled by default under the EXPERIMENTAL src.conf and kernel options.

Changes for the IPv6-Only flag include updates of user space utilities to announce the “S” (IPv6-Only) flag to the network and to show it in management utilities.

The kernel logic includes a global flag to disable processing of the IPv6-Only flag even if the logic to act upon the IPv6-Only flag is compiled in. There are checks for IPv4 configuration on a receiving interface, which if found, will also force the IPv6-Only flag to be ignored. Further there are input and output filters for IPv4, ARP, and REVARP in place for when the flag passes the aforementioned checks and is enabled.

In addition to the draft there is a manual option to enable the IPv6-Only filtering logic manually to observe the system behaviour on links without router(s) advertising the IPv6-Only flag.

In case you have questions please contact BjoernZeeb.

List of commits

Below is a list of chronological commits (oldest to newest in reading order) related to the IPv6-Only flag work. Some of the commits are not directly related to the flag (e.g., ARP changes) but help to improve the overall system behaviour in case the flag is on (and possibly otherwise as well).

• https://svnweb.freebsd.org/changeset/base/339922

  • Introduce EXPERIMENTAL option.

• https://svnweb.freebsd.org/changeset/base/339929

  • Initial implementation for '-03':

    • Kernel infrastructure to act on IPv6-Only RA flag.

    • IPv4/ARP output filter.
    • rtadvd(8) and ndp(8) changes.

• https://svnweb.freebsd.org/changeset/base/340098

  • Update for draft '-04':

    • Rename IPv6-Only flag from 6 to S.

• https://svnweb.freebsd.org/changeset/base/340493

  • Remove unused ARP function.

• https://svnweb.freebsd.org/changeset/base/344504

  • Make ARP return more errors; in case of IPv6-Only being set, this gives better error codes and instant feedback if packets are not queued.

• https://svnweb.freebsd.org/changeset/base/344859

  • Update for draft '-05':
    • Global option to disable processing of the RA flag (enabled by default as per draft).
    • Detection of IPv4 configuration on the interface when we would turn the IPv6-Only flag on by RA and ignore.
  • Add manual flag (to be able to play with the feature without automatic notification by RA).
  • IPv4/ARP/REVARP input filter, added REVARP to output filter as well.

• https://svnweb.freebsd.org/changeset/base/344904

  • Clear IPv6-Only flag on link-down event to not accidentally carry it to a new (possibly IPv4-only) link when roaming and prevent that from working.

• https://svnweb.freebsd.org/changeset/base/344954

  • Improve ARP logging after r344504 (this gives ideas on how often there are ARP send failures, possibly due to the IPv6-Only flag and no longer spams console).

• https://svnweb.freebsd.org/changeset/base/345088

  • Prefer IPv6 auto-configuration; always run rtsol when accept_rtadv is enabled and do so before IPv4 DHCP.

• https://svnweb.freebsd.org/changeset/base/345241

  • Fix previous commit in that it deteriorated legacy-IP auto-configuration in one case (what a shame).

Outstanding work

Patches are available for:

• Changes to tcpdump to print the flag.
• Changes to man page currently not committed due to options not available unless compiled in manually (rtadvd, ndp, .. still needed).

  https://people.freebsd.org/~bz/20190306-bz_experimental_v6only-leftovers.diff

Possible TODO

• Improve logic for logging in case of IPv4 interface configuration when we receive the IPv6-Only flag for the same interface. Currently we log for each RA.
• Send notifications to user space to more easily act upon IPv6-Only flag changes on a link. Based on this (temporarily) disable DCHPv4 for the interface; should automatically re-start on link-up. Need to handle the case when the IPv6-Only flag is turned off.

• Statistics counters for dropped packets (input or output) due to the IPv6-Only flag.

Testing

• Currently running my Laptop with the flag set manually. ARP and dhclient produce quite some (console) noise still.

• Ran two FreeBSD routers in a lab setup, FreeBSD Laptop on WiFi and wired, Win10 and OSX clients. The 3rd party OSes did not fall over when receiving the IPv6-Only flag set and seem to have ignored it.

CategoryIpv6