Summary:

 - Accept Router Advertisement messages even when
   net.inet6.ip6.forwarding=1.

 - A new per-interface knob: IPV6CTL_DEFROUTE_RTADV.  This controls
   if accepting a route in an RA message as the default route.

 - A new sysctl: net.inet6.ip6.disable_isrouter_rtadvif.  This
   controls if setting R-bit in NA on RA accepting interfaces.  The
   default is 0 (R-bit is set based on net.inet6.ip6.forwarding).

Background:

 IPv6 host/router model suggests a router sends an RA and a host
 accepts it for router discovery.  Because of that, KAME
 implementation does not allow accepting RAs when
 net.inet6.ip6.forwarding=1.  Accepting RAs on a router can make the
 routing table confused since it can change the default router
 unintentionally.

 However, in practice there are cases where we cannot distinguish a
 host from a router clearly.  For example, a customer edge router
 often works as a host against the ISP, and as a router against the
 LAN at the same time.  Another example is a complex network
 configurations like an L2TP tunnel for IPv6 connection to Internet
 over an Ethernet link with another native IPv6 subnet.  In this case,
 the physical interface for the native IPv6 subnet works as a host,
 and the pseudo-interface for L2TP works as the default IP forwarding
 route.

Problems:

 When processing RA messages is limited when
 net.inet6.ip6.forwarding=1, the following issues are typical:

 - A router cannot perform SLAAC.  It becomes a problem if a box has
   multiple interfaces and you want to use SLAAC on some of them, for
   example.  A customer edge router for IPv6 Internet access service
   using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the
   physical interface for administration purpose; updating firmware
   and so on (link-local addresses can be used there, but GUAs by
   SLAAC are often used for scalability).

 - When a box has multiple IPv6 interfaces and it receives multiple
   RAs on them, controlling the default route is difficult.  Router
   preferences defined in RFC 4191 works only when the routers are
   under your control.

Details of Implementation Changes:

 Router Advertisement messages will be accepted even when
 net.inet6.ip6.forwarding=1.  More precisely, the conditions are as
 follow:

    (ACCEPT_RTADV && DEFROUTE_RTADV)
       => Normal RA processing (as IPv6 host)

    (ACCEPT_RTADV && !DEFROUTE_RTADV)
       => Accept RA but add the router to the defroute list with
          rtlifetime=0 unconditionally.  This effectively prevents
          from setting the received router address as the box's
          default route.

    (!ACCEPT_RTADV && DEFROUTE_RTADV)
       => No RA processing

 ACCEPT_RTADV and DEFROUTE_RTADV are per-interface knob.

 R-bit in NA on the RA accepting interfaces is set based on
 net.inet6.ip6.forwarding.  While an on-going discussion on
 draft-ietf-v6ops-ipv6-cpe-router suggests R-bit can be disabled
 completely even when net.inet6.ip6.forwarding=1, I believe there is
 no technical reason with disabling it.  This behavior can be set by a
 new sysctl net.inet6.ip6.disable_isrouter_rtadvif (the default is 0).

Usage:

 # ifconfig fxp0 inet6 accept_rtadv

   => accept RA on fxp0

 # ifconfig fxp0 inet6 accept_rtadv -defroute_rtadv

   => accept RA but ignore default route information on fxp0.

   The default value of defroute_rtadv flag can be set by
   net.inet6.ip6.defroute_rtadv (the default is 1).

 # sysctl net.inet6.ip6.disable_isrouter_rtadvif=1

   => R-bit in NAs on RA accepting interfaces will always be set as 0.

Reviewed by:	bz

0 files changed, 0 insertions, 0 deletions