(→Notes) |
|||
(18 intermediate revisions by the same user not shown) | |||
Line 13: | Line 13: | ||
* Gateway needs a manual address (at least a default one), conflicts with dynamic address | * Gateway needs a manual address (at least a default one), conflicts with dynamic address | ||
=== IPv4/IPv6 methods === | === IPv4/IPv6 methods broken down to features === | ||
{| | {| | ||
Line 41: | Line 41: | ||
|dhcp||IPv6||kernel||allowed||dhcp||none | |dhcp||IPv6||kernel||allowed||dhcp||none | ||
|- style="color: darkblue;" | |- style="color: darkblue;" | ||
|shared||IPv4||none|| | |shared||IPv4||none||forbidden||none||dhcp+dns+NAT | ||
|} | |} | ||
Line 54: | Line 54: | ||
* There's no IPv6 shared method, yet. | * There's no IPv6 shared method, yet. | ||
=== | === All possible feature combinations === | ||
{| | {| | ||
!L!!M!!A!!G!!IPv4!!IPv6!!notes | !L!!M!!A!!G!!IPv4!!IPv6!!notes | ||
|- style="color: red" | |- style="color: red" | ||
|no||no||no||no||disabled||unsupported||kernel's disable_ipv6 buggy | |no||no||no||no||method=disabled||unsupported||kernel's disable_ipv6 buggy | ||
|- style="color: grey" | |- style="color: grey" | ||
|no||no||no||yes||invalid||invalid||missing manual address | |no||no||no||yes||invalid||invalid||missing manual address | ||
|- style="color: blue" | |- style="color: blue" | ||
|no||no||yes||no||auto||invalid||missing IPv6 link-local address | |no||no||yes||no||method=auto||invalid||missing IPv6 link-local address | ||
|- style="color: grey" | |- style="color: grey" | ||
|no||no||yes||yes||invalid||invalid||missing manual address | |no||no||yes||yes||invalid||invalid||missing manual address | ||
|- style="color: red" | |- style="color: red" | ||
|no||yes||no||no||manual||unsupported||missing kernel feature | |no||yes||no||no||method=manual||unsupported||missing kernel feature | ||
|- style="color: red" | |- style="color: red" | ||
|no||yes||no||yes||shared||unsupported||missing kernel feature | |no||yes||no||yes||method=shared||unsupported||missing kernel feature | ||
|- style="color: red" | |- style="color: red" | ||
|no||yes||yes||no||auto||unsupported||missing kernel feature | |no||yes||yes||no||method=auto||unsupported||missing kernel feature | ||
|- style="color: grey" | |- style="color: grey" | ||
|no||yes||yes||yes||invalid||invalid||both sides of dynamic configuration | |no||yes||yes||yes||invalid||invalid||both sides of dynamic configuration | ||
|- style="color: green" | |- style="color: green" | ||
|yes||no||no||no||link-local||link-local|| | |yes||no||no||no||method=link-local||method=link-local|| | ||
|- style="color: grey" | |- style="color: grey" | ||
|yes||no||no||yes||invalid||invalid||missing manual address | |yes||no||no||yes||invalid||invalid||missing manual address | ||
|- style="color: brown" | |- style="color: brown" | ||
|yes||no||yes||no||unsupported||auto|| | |yes||no||yes||no||unsupported||method=auto|| | ||
|- style="color: grey" | |- style="color: grey" | ||
|yes||no||yes||yes||invalid||invalid||missing manual address | |yes||no||yes||yes||invalid||invalid||missing manual address | ||
|- style="color: brown" | |- style="color: brown" | ||
|yes||yes||no||no||unsupported||manual|| | |yes||yes||no||no||unsupported||method=manual|| | ||
|- style="color: brown" | |- style="color: brown" | ||
|yes||yes||no||yes||shared||unsupported|| | |yes||yes||no||yes||method=shared||unsupported||IPv6 connection sharing is not implemented | ||
|- style="color: brown" | |- style="color: brown" | ||
|yes||yes||yes||no||unsupported||auto|| | |yes||yes||yes||no||unsupported||method=auto|| | ||
|- style="color: grey" | |- style="color: grey" | ||
|yes||yes||yes||yes||invalid||invalid||both sides of dynamic configuration | |yes||yes||yes||yes||invalid||invalid||both sides of dynamic configuration | ||
Line 99: | Line 99: | ||
* There's a bug in the kernel (found by Dan Winship) that once setting IFF_UP with disable_ipv6=1 affects future state. But we shouldn't need disable_ipv6 just as we don't need disable_ipv4, see the next note. | * There's a bug in the kernel (found by Dan Winship) that once setting IFF_UP with disable_ipv6=1 affects future state. But we shouldn't need disable_ipv6 just as we don't need disable_ipv4, see the next note. | ||
* Kernel doesn't support turning link-local addressing on/off (without affecting other features). | * Kernel doesn't support turning link-local addressing on/off (without affecting other features). Some people may view it as a [http://tools.ietf.org/html/rfc4291#section-2.8 good thing], others as an undue limitation. | ||
== Proposal == | == Proposal == | ||
Line 108: | Line 108: | ||
{| | {| | ||
!name!!value!!meaning | !name!!value!!proposed meaning | ||
|- | |- | ||
|link-local||enabled||configure LL address as soon as possible | |link-local||enabled||configure LL address as soon as possible | ||
Line 118: | Line 118: | ||
|||undefined||default for IPv6, use system default | |||undefined||default for IPv6, use system default | ||
|- | |- | ||
|rdisc||enabled||default | |rdisc||enabled||default | ||
|- | |- | ||
|||disabled||skip directly to DHCP (if enabled) | |||disabled||skip directly to DHCP (if enabled) | ||
|- | |||
|||ignored||a compatibility option to implement current method=ignore | |||
|- | |- | ||
|dhcp||enabled||default | |dhcp||enabled||default | ||
|- | |- | ||
|||disabled|| | |||disabled||don't use DHCP | ||
|- | |- | ||
| | |router||enabled||provide connection sharing facilities | ||
|- | |- | ||
|||disabled||default | |||disabled||default | ||
|} | |} | ||
==== Notes ==== | |||
* Manual address configuration would be turned on by configuring at least one manual address. | |||
=== Consequences on IPv6 configuration === | === Consequences on IPv6 configuration === | ||
Line 161: | Line 167: | ||
{| | {| | ||
!LL!!RD!!DHCP | !LL!!RD!!DHCP!!notes | ||
|- style="color: green" | |- style="color: green" | ||
|no||no||method=disabled/manual|| | |no||no||method=disabled/manual|| | ||
Line 171: | Line 177: | ||
|yes||yes||unsupported||immediate link-local, follow-up DHCP | |yes||yes||unsupported||immediate link-local, follow-up DHCP | ||
|- style="color: grey" | |- style="color: grey" | ||
|fallback||no||method=manual/link-local||not | |fallback||no||method=manual/link-local||not useful | ||
|- style="color: brown" | |- style="color: brown" | ||
|fallback||yes||unsupported||DHCP with fallback to link-local} | |fallback||yes||unsupported||DHCP with fallback to link-local} | ||
|} | |} | ||
== DISCONNECTED state considerations == | |||
=== Interpretations of the DISCONNECTED state === | |||
==== No communication ==== | |||
The strictest and most secure interpretation of DISCONNECTED state would require the device to behave as if there was no physical connection, i.e. as if the cable was unplugged. That would mean *no* communication on the wire at all. Simplest way to implement it is to unset IFF_UP. | |||
Problems: | |||
* We can't wait for link carrier as that requires L1 communication, at the least. | |||
* It would break non-IP protocols and IPv6 zeroconf networking | |||
==== No IPv4/IPv6 communication ==== | |||
A hybrid interpretation of DISCONNECTED state is that L1 and L2 communication is allowed but the IP layer must be turned off. | |||
Problems: | |||
* It would break IPv6 zeroconf networking | |||
==== No IPv4/IPv6 configuration except kernel-created link-local addresses ==== | |||
A relaxed interpretation that integrates well with zeroconf configuration. A kernel IPv6 link-local address is never removed unless a connection is activated whose configuration explicitly requests that. | |||
=== Possible solutions === | |||
No size fits all. The best way to choose between those policies whould IMO be a sysctl used for turning link-local addresses on/off. That's not implemented in the kernel. Reversed value of disable_ipv6 could be theoretically used instead, as we don't expect any other configuration during the DISCONNECTED phase but it would have to be fixed in the kernel. | |||
An alternative would be to add a global configuration directive to NetworkManager but that sounds redundant to me as people already use sysctls for stuff like that. | |||
==== Zeroconf-friendly workflow example ==== | |||
1) The administrator allows IPv6 link-local addresses for all interfaces in <code>/etc/sysctl.conf</code> and ensures the file is committed into kernel's runtime configuration. Currently he doesn't have to do anything as link-local addresses are enabled by default and there's no separate directive for link-local addresses. | |||
2) Optional: Some of the wired interfaces are set up to be available using zeroconf. The kernel assings link-local IPv6 addresses to them. | |||
3) NetworkManager is started and wants to manage an interface. It sets its IFF_UP flag if necessary. It sees that link-local addresses are enabled on the interface (from sysctl) and it doesn't perform any action that would result in removing the link-local address. | |||
== Related bug reports == | |||
* [https://bugzilla.gnome.org/show_bug.cgi?id=682932 settings: harmonize IPv6 methods with IPv4] | |||
* [https://bugzilla.gnome.org/show_bug.cgi?id=700414 Slaves get IPv6 configuration (add IPv6 DISABLED method)] | |||
* [https://bugzilla.gnome.org/show_bug.cgi?id=707155 ipv6: wait for link-local address and/or ask the kernel to add it when appropriate] | |||
* [https://bugzilla.gnome.org/show_bug.cgi?id=683206 maximize device availability (IFF_UP/IFF_LOWER_UP) for IPv6 link-local communication during runtime and after exit] |
Latest revision as of 00:04, 18 December 2013
Current status
Features
- Automatic link-local addresses
- Manual addresses
- Automatic global address
- Gateway/DNS for other hosts (IPv4 only)
Feature dependencies
- IPv6: Automatic global address needs link-local address
- Gateway needs a manual address (at least a default one), conflicts with dynamic address
IPv4/IPv6 methods broken down to features
Method | Protocol | Link-local | Manual | Automatic | Gateway |
---|---|---|---|---|---|
disabled | IPv4 | none | forbidden | none | none |
ignore | IPv6 | kernel | forbidden | kernel | none |
link-local | IPv4 | userspace | forbidden | none | none |
link-local | IPv6 | kernel | forbidden | none | none |
manual | IPv4 | none | required | none | none |
manual | IPv6 | kernel | required | none | none |
auto | IPv4 | none | allowed | dhcp | none |
auto | IPv6 | kernel | allowed | ra+dhcp | none |
dhcp | IPv6 | kernel | allowed | dhcp | none |
shared | IPv4 | none | forbidden | none | dhcp+dns+NAT |
Notes
- Even when IPv4 is in the disabled state, the network interface communicates on the L2 level.
- There's no disable method for IPv6 and its semantics is unclear (whether disable means the same as link-local, or it also applies to the link-local address which is unaffected in all other methods).
- The usage of IPv4 and IPv6 link-local addresses substatially differs. While IPv6 uses link-local addresses for *all* methods, IPv4 only uses it for the special link-local method.
- The IPv4 disable and IPv4/manual methods only differ in the number of addresses (0 versus >=1), therefore one of them is redundant.
- The IPv6 link-local and IPv6/manual methods only differ in the number of addresses (0 versus >=1), therefore one of them is redundant.
- The IPv6 dhcp method is currently defunct.
- There's no IPv6 shared method, yet.
All possible feature combinations
L | M | A | G | IPv4 | IPv6 | notes |
---|---|---|---|---|---|---|
no | no | no | no | method=disabled | unsupported | kernel's disable_ipv6 buggy |
no | no | no | yes | invalid | invalid | missing manual address |
no | no | yes | no | method=auto | invalid | missing IPv6 link-local address |
no | no | yes | yes | invalid | invalid | missing manual address |
no | yes | no | no | method=manual | unsupported | missing kernel feature |
no | yes | no | yes | method=shared | unsupported | missing kernel feature |
no | yes | yes | no | method=auto | unsupported | missing kernel feature |
no | yes | yes | yes | invalid | invalid | both sides of dynamic configuration |
yes | no | no | no | method=link-local | method=link-local | |
yes | no | no | yes | invalid | invalid | missing manual address |
yes | no | yes | no | unsupported | method=auto | |
yes | no | yes | yes | invalid | invalid | missing manual address |
yes | yes | no | no | unsupported | method=manual | |
yes | yes | no | yes | method=shared | unsupported | IPv6 connection sharing is not implemented |
yes | yes | yes | no | unsupported | method=auto | |
yes | yes | yes | yes | invalid | invalid | both sides of dynamic configuration |
- L: Automatic link-local addresses
- M: Manual addresses
- A: Automatic global address
- G: Gateway/DNS for other hosts
Notes
- There's a bug in the kernel (found by Dan Winship) that once setting IFF_UP with disable_ipv6=1 affects future state. But we shouldn't need disable_ipv6 just as we don't need disable_ipv4, see the next note.
- Kernel doesn't support turning link-local addressing on/off (without affecting other features). Some people may view it as a good thing, others as an undue limitation.
Proposal
Use one configuration directives per feature whenever possible, use multiple configuration directives per feature where further tweaking is needed.
Configuration directives
name | value | proposed meaning |
---|---|---|
link-local | enabled | configure LL address as soon as possible |
fallback | configure a LL address when other configuration methods failed | |
disabled | default for IPv4 | |
undefined | default for IPv6, use system default | |
rdisc | enabled | default |
disabled | skip directly to DHCP (if enabled) | |
ignored | a compatibility option to implement current method=ignore | |
dhcp | enabled | default |
disabled | don't use DHCP | |
router | enabled | provide connection sharing facilities |
disabled | default |
Notes
- Manual address configuration would be turned on by configuring at least one manual address.
Consequences on IPv6 configuration
LL | RD | DHCP | current status | notes |
---|---|---|---|---|
no | no | no | unsupported | |
no | no | yes | invalid | |
no | yes | no | invalid | |
no | yes | yes | invalid | |
yes | no | no | method=link-local/manual | link-local |
yes | no | yes | broken | link-local and DHCPv6 (without rdisc) |
yes | yes | no | unsupported | link-local and rdisc only |
yes | yes | yes | method=auto | link-local and rdisc, DHCPv6 if requested by router |
Notes
- For any valid combination of the above directives, you can optionally add one or more manually specified addresses.
- The DHCP only method is not properly implemented and it never worked.
Consequences on IPv4 configuration
LL | RD | DHCP | notes |
---|---|---|---|
no | no | method=disabled/manual | |
no | yes | method=auto | classic DHCP configuration |
yes | no | unsupported | link-local method doesn't allow manual addresses |
yes | yes | unsupported | immediate link-local, follow-up DHCP |
fallback | no | method=manual/link-local | not useful |
fallback | yes | unsupported | DHCP with fallback to link-local} |
DISCONNECTED state considerations
Interpretations of the DISCONNECTED state
No communication
The strictest and most secure interpretation of DISCONNECTED state would require the device to behave as if there was no physical connection, i.e. as if the cable was unplugged. That would mean *no* communication on the wire at all. Simplest way to implement it is to unset IFF_UP.
Problems:
- We can't wait for link carrier as that requires L1 communication, at the least.
- It would break non-IP protocols and IPv6 zeroconf networking
No IPv4/IPv6 communication
A hybrid interpretation of DISCONNECTED state is that L1 and L2 communication is allowed but the IP layer must be turned off.
Problems:
- It would break IPv6 zeroconf networking
No IPv4/IPv6 configuration except kernel-created link-local addresses
A relaxed interpretation that integrates well with zeroconf configuration. A kernel IPv6 link-local address is never removed unless a connection is activated whose configuration explicitly requests that.
Possible solutions
No size fits all. The best way to choose between those policies whould IMO be a sysctl used for turning link-local addresses on/off. That's not implemented in the kernel. Reversed value of disable_ipv6 could be theoretically used instead, as we don't expect any other configuration during the DISCONNECTED phase but it would have to be fixed in the kernel.
An alternative would be to add a global configuration directive to NetworkManager but that sounds redundant to me as people already use sysctls for stuff like that.
Zeroconf-friendly workflow example
1) The administrator allows IPv6 link-local addresses for all interfaces in /etc/sysctl.conf
and ensures the file is committed into kernel's runtime configuration. Currently he doesn't have to do anything as link-local addresses are enabled by default and there's no separate directive for link-local addresses.
2) Optional: Some of the wired interfaces are set up to be available using zeroconf. The kernel assings link-local IPv6 addresses to them.
3) NetworkManager is started and wants to manage an interface. It sets its IFF_UP flag if necessary. It sees that link-local addresses are enabled on the interface (from sysctl) and it doesn't perform any action that would result in removing the link-local address.