My ISP has just started IPv4/IPv6 dual stack service. In order to connect IPv4/IPv6 internet, almost all users usually use a CPE leased by the ISP. But I want to use my Linux router instead of such CPE, because my router has so many roles(a lot of iptables rules and 3 Ethernet interfaces, http reverse proxy, http cache, memcached, smtp/pop server and DNS proxy). I want to let it to be an IPv4/IPv6 dual stack router.
My router
- CentOS6.0 i686
- eth0 for WAN
- eth1,2 for LAN
- ISC dhcp(version 4.1.1) installed by "# yum install dhcp" from CentOS-updates repo
- radvd(version 1.6) installed by "# yum install radvd" from CentOS-base repo
- [EDIT] The reason why I use ISC dhclient is that my router has to send a DHCPv6 option 16 (Vendor class) in its solicit and request messages, in order to get vendor-specific-information option which includes some ISP-specific informations(SIP phone number, firmware server address). I know how to set option 16 in ISC dhclient, but don't know it in WIDE-dhcpv6. And I can not find such settings as "id-assoc" in ISC dhclient.
My goal
- /48 prefix is delegated to DHCPv6-PD(DHCPv6 Prefix Delegation) client(dhclient) on eth0.
- An IPv6 default route is set toward to ISP. I have to consider ISP's DHCPv6 server's link-local address as a default route.
- One /64 subnet and one global address (which are in the delegated prefix) are assigned to each LAN I/F(eth1/eth2).
- radvd on eth1 and eth2 announces RA based on the assigned /64 subnet.
- dhcpd6 on eth1 and eth2 announces additional network information(name-servers, domain-searchlist and sip-servers-addresses) received from ISP's DHCPv6 server.
My current configuration
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=xxx.yyy.zzz
# Enable IPv6 routing and stop accept_ra/autoconf.
IPV6FORWARDING=yes
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
# Enable DHCPv6-PD client.
DHCPV6C=yes
DHCPV6C_OPTIONS="-P -cf /etc/dhcp/dhclient6.conf"
# Disable make_resolv_conf function in /sbin/dhclient-script.
PEERDNS=no
/etc/dhcp/dhclient6.conf
script "/sbin/dhclient-script";
interface "eth0" {
send dhcp6.reconf-accept;
also request dhcp6.vendor-opts, dhcp6.sip-servers-names, dhcp6.sip-servers-addresses, dhcp6.sntp-servers;
}
Result
After "# service network restart", DHCPv6-PD client seems to finish successfully.
lease6 {
interface "eth0";
ia-pd xx:xx:xx:xx {
starts 1312464004;
renew 7200;
rebind 10800;
iaprefix 24xx:xxxx:xxxx::/48 {
starts 1312464004;
preferred-life 12600;
max-life 14400;
}
}
option dhcp6.client-id xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;
option dhcp6.server-id xx:xx:xx:xx:xx:xx:xx:xx:xx:xx;
option dhcp6.reconf-accept ;
option dhcp6.sip-servers-addresses 24xx:xxxx:xxxx:xxxx::1;
option dhcp6.name-servers 24xx:xxxx:xxxx:xxxx::3,24xx:xxxx:xxxx:b::3;
option dhcp6.domain-search "xxx.jp.", "yyy.jp.";
option dhcp6.sntp-servers 24xx:xxxx:xxxx:xxxx::a,24xx:xxxx:xxxx:b::b;
}
Question
DHCPv6-PD client is delegated /48 prefix successfully. But after that,
- How to set an IPv6 default route in the router's routing table ?
- How to assign a global IPv6 address and /64 subnet to each LAN I/F(eth1 and eth2) based on the delegated prefix ?
- How to trigger radvd to announce RA on each LAN I/F(eth1 and eth2) ?
- How to trigger DHCPv6 server(dhcpd6) on each LAN I/F to announce additional network information(name-servers, domain-searchlist and sip-servers-addresses) received from ISP's DHCPv6 server ?
My guess
According to "$ man dhclient" and "$ man dhclient-script", dhclient-script seems to be used to configure such settings, and it offers some hooks. But now, it does nothing for DHCPv6-PD client.
Yes, I may have to write some scripts suitable for my DHCPv6-PD environment, though I am not familiar with IPv6 network configurations. Anyone let me know the above settings in dhclient-script ? [EDIT] I want to know the practical dhclient-script.
And I worry, some special consideration should be taken. For example, because each IPv6 address has preferred/valid lifetime, when I assign a global IPv6 address to a LAN interface based on the delegated prefix, I have to assign not only an IPv6 address but also its lifetimes which must be derived from the delegated prefix's preferred/valid lifetimes ?
Also, radvd and DHCPv6 server on LAN interfaces may have to be re-configured when DHCPv6 re-configuration happens ? Which hook should be used ?
[EDIT] When DHCPv6 re-configuration happens, how to announce both new and obsolete information ? radvd automatically announce the previous prefix is obsolete? DHCPv6 server automatically announce the previous name-servers are obsolete ?
I don't know the answer to your question, but I just want to warn you about using the DHCP server address as your default router. If that works it is by chance... In IPv6 the default route is communicated by RA's and not by DHCP.
You will need to enable forwarding, accepting RA's and sending out RS's. A problem here is that the kernel included in Centos6 does not allow you to do that. When forwarding is enabled then accepting RA's and sending RS's is disabled. There should be a CentosPlus kernel with the relevant patches though. See the mailing list thread / message at http://lists.centos.org/pipermail/centos/2011-April/thread.html#109756
The relevant sysctl.conf settings are:
I use WIDE DHCPv6 client, rather than ISC, so I don't know how to do it specifically, but I expect that ISC has something equivalent to this WIDE configuration option:
Basically, you tell the DHCP client how to assign subnets to internal interfaces; the above configuration says "I'm getting 4 bits of prefix delegated to me (
sla-len 4
), take the first available subnet (sla-id 1
) and assign it toeth0
(prefix-interface eth0
).interface
stanzas (there are good examples in theradvd.conf
man page to work from), and it'll Just Work.Wombie has given the same answer I would use for setting up radv and routing. Inet6 is designed to do self configuration without the need for a DHCP server.
I don't use DHCPv6 as it can be handled by radvd and zeroconf. radvd can be configured to supply name servers, and can advertise servers from /etc/resolv.conf. New versions of radvd have also implemented distributing search lists.
I configured avahi-daemon to distribute name services and servers to clients. You will need clients are able to do service discovery. I haven't done much testing of service discovery as I run a dual stack network across the board.