11 Feb
2013
11 Feb
'13
5:25 p.m.
Hi Paul,
On Mon, Feb 11, 2013 at 03:13:15PM +0000, Paul Tansom wrote:
My understanding was that this stopped the interface picking up any addressing or routes
from the router for IPv6
Basically yes. Though you probably want to explicitly also disable
the "all" and "eth0" interfaces as well.
Okay, what is the output of:
$ grep . /proc/sys/net/ipv6/conf/*/{forwarding,accept_ra,autoconf}
please?
A link-local address of fe80::204:edff:febc:b011 implies a MAC
address of 00:04:ed:bc:b0:11, btw, and the OUI for 00:04:ED is
"Billion Electric Co., Ltd.". So hopefulyl that helps you track down
the device which is sending the RA.
Cheers,
Andy
¹ Stateless Address Auto Configuration.
https://en.wikipedia.org/wiki/IPv6#Stateless_address_autoconfiguration_.28S…
usually through Router Advertisement (RA) packets sent by the
default router.
--
http://bitfolk.com/ -- No-nonsense VPS hosting
** Andy Smith <andy(a)bitfolk.com> [2013-02-10
15:10]:
Right; when IPv6 is configured (through SLAAC¹ or statically), it can
start to expose problems if the configuration is not correct.
On Sun, Feb 10, 2013 at 11:59:30AM +0000, Paul
Tansom wrote:
I initially started investigating this when I was failing to download updates through
aptitude or apt-get, before that I hadn't really noticed. I've noticed that my internal Ubuntu servers
have odd default routes for and fe80:: address:
::/0 fe80::204:edff:febc:b011 UGDAe 1024 0 1 eth0
It is okay to have default route through a link-local address. You
would also get one on BitFolk if you didn't do any static routing
and just let RA set it up for you. As long as your default route is
reachable and works, does it matter which address on it is used? When I 'ping6' the IP address above I get
'connect: Invalid argument', although 'ping6 -I eth0' works fine.
That is normal behaviour; you can't communicate with link-local
addresses except from an address on that link, and that's what '-I
eth0' is forcing.
All my routing is static on the servers is static so I
had to work out where this new route had come from!
Yep, most operating systems that support IPv6 will automatically
listen to RA which does mean that any misconfigured device on the
network that starts to spew RA packets can potentially break
everything..
If you do want to statically configure IPv6 then that's one thing,
but you may also want to track down this device that is sending out
RA packets, especially if they are wrong.
It seems
that this is picked up from my router somehow and I've found that there is a need to
use the following:
echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
A need to use that in order to achieve what outcome? Since that will
disable RA, you shouldn't pick up a default route by RA, yes. Was
disabling RA what you wanted to do? > > post-up echo
"/proc/sys/net/ipv6/conf/default/forwarding=0" && echo 0 >
/proc/sys/net/ipv6/conf/default/forwarding || true
> > post-up echo "/proc/sys/net/ipv6/conf/all/forwarding=0"
&& echo 0 > /proc/sys/net/ipv6/conf/all/forwarding || true
> > post-up echo "/proc/sys/net/ipv6/conf/default/accept_ra=0"
&& echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra || true
> > post-up echo "/proc/sys/net/ipv6/conf/all/accept_ra=0"
&& echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra || true
> > post-up echo "/proc/sys/net/ipv6/conf/$IFACE/accept_ra=0"
&& echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra || true
> > post-up echo "/proc/sys/net/ipv6/conf/default/autoconf=0"
&& echo 0 > /proc/sys/net/ipv6/conf/default/autoconf || true
> > post-up echo "/proc/sys/net/ipv6/conf/all/autoconf=0"
&& echo 0 > /proc/sys/net/ipv6/conf/all/autoconf || true
> > post-up echo "/proc/sys/net/ipv6/conf/$IFACE/autoconf=0"
&& echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf || true
So you're
saying you have all the above lines in your
/etc/network/interfaces but still end up with a default route to an
fe80 address set up by RA?
Yup.