From Fedora Project Wiki
 
(14 intermediate revisions by the same user not shown)
Line 13: Line 13:
* Gateway needs a manual address (at least a default one), conflicts with dynamic address
* Gateway needs a manual address (at least a default one), conflicts with dynamic address


=== IPv4/IPv6 methods ===
=== IPv4/IPv6 methods broken down to features ===


{|
{|
Line 41: Line 41:
|dhcp||IPv6||kernel||allowed||dhcp||none
|dhcp||IPv6||kernel||allowed||dhcp||none
|- style="color: darkblue;"
|- style="color: darkblue;"
|shared||IPv4||none||?||none||dhcp+dns+NAT
|shared||IPv4||none||forbidden||none||dhcp+dns+NAT
|}
|}


Line 54: Line 54:
* There's no IPv6 shared method, yet.
* There's no IPv6 shared method, yet.


=== Feature combinations ===
=== All possible feature combinations ===
{|
{|
!L!!M!!A!!G!!IPv4!!IPv6!!notes
!L!!M!!A!!G!!IPv4!!IPv6!!notes
|- style="color: red"
|- style="color: red"
|no||no||no||no||disabled||unsupported||kernel's disable_ipv6 buggy
|no||no||no||no||method=disabled||unsupported||kernel's disable_ipv6 buggy
|- style="color: grey"
|- style="color: grey"
|no||no||no||yes||invalid||invalid||missing manual address
|no||no||no||yes||invalid||invalid||missing manual address
|- style="color: blue"
|- style="color: blue"
|no||no||yes||no||auto||invalid||missing IPv6 link-local address
|no||no||yes||no||method=auto||invalid||missing IPv6 link-local address
|- style="color: grey"
|- style="color: grey"
|no||no||yes||yes||invalid||invalid||missing manual address
|no||no||yes||yes||invalid||invalid||missing manual address
Line 84: Line 84:
|yes||yes||no||no||unsupported||method=manual||
|yes||yes||no||no||unsupported||method=manual||
|- style="color: brown"
|- style="color: brown"
|yes||yes||no||yes||method=shared||unsupported||
|yes||yes||no||yes||method=shared||unsupported||IPv6 connection sharing is not implemented
|- style="color: brown"
|- style="color: brown"
|yes||yes||yes||no||unsupported||method=auto||
|yes||yes||yes||no||unsupported||method=auto||
Line 99: Line 99:


* There's a bug in the kernel (found by Dan Winship) that once setting IFF_UP with disable_ipv6=1 affects future state. But we shouldn't need disable_ipv6 just as we don't need disable_ipv4, see the next note.
* There's a bug in the kernel (found by Dan Winship) that once setting IFF_UP with disable_ipv6=1 affects future state. But we shouldn't need disable_ipv6 just as we don't need disable_ipv4, see the next note.
* Kernel doesn't support turning link-local addressing on/off (without affecting other features).
* Kernel doesn't support turning link-local addressing on/off (without affecting other features). Some people may view it as a [http://tools.ietf.org/html/rfc4291#section-2.8 good thing], others as an undue limitation.


== Proposal ==
== Proposal ==
Line 108: Line 108:


{|
{|
!name!!value!!meaning
!name!!value!!proposed meaning
|-
|-
|link-local||enabled||configure LL address as soon as possible
|link-local||enabled||configure LL address as soon as possible
Line 118: Line 118:
|||undefined||default for IPv6, use system default
|||undefined||default for IPv6, use system default
|-
|-
|rdisc||enabled||default, IPv6 only
|rdisc||enabled||default
|-
|-
|||disabled||skip directly to DHCP (if enabled)
|||disabled||skip directly to DHCP (if enabled)
|-
|||ignored||a compatibility option to implement current method=ignore
|-
|-
|dhcp||enabled||default
|dhcp||enabled||default
|-
|-
|||disabled||never use DHCP, only useful for IPv6
|||disabled||don't use DHCP
|-
|-
|sharing||enabled||provide sharing facilities
|router||enabled||provide connection sharing facilities
|-
|-
|||disabled||default
|||disabled||default
Line 165: Line 167:


{|
{|
!LL!!RD!!DHCP!!current status!!notes
!LL!!RD!!DHCP!!notes
|- style="color: green"
|- style="color: green"
|no||no||method=disabled/manual||
|no||no||method=disabled/manual||
Line 175: Line 177:
|yes||yes||unsupported||immediate link-local, follow-up DHCP
|yes||yes||unsupported||immediate link-local, follow-up DHCP
|- style="color: grey"
|- style="color: grey"
|fallback||no||method=manual/link-local||not so useful
|fallback||no||method=manual/link-local||not useful
|- style="color: brown"
|- style="color: brown"
|fallback||yes||unsupported||DHCP with fallback to link-local}
|fallback||yes||unsupported||DHCP with fallback to link-local}
|}
|}
== DISCONNECTED state considerations ==
=== Interpretations of the DISCONNECTED state ===
==== No communication ====
The strictest and most secure interpretation of DISCONNECTED state would require the device to behave as if there was no physical connection, i.e. as if the cable was unplugged. That would mean *no* communication on the wire at all. Simplest way to implement it is to unset IFF_UP.
Problems:
* We can't wait for link carrier as that requires L1 communication, at the least.
* It would break non-IP protocols and IPv6 zeroconf networking
==== No IPv4/IPv6 communication ====
A hybrid interpretation of DISCONNECTED state is that L1 and L2 communication is allowed but the IP layer must be turned off.
Problems:
* It would break IPv6 zeroconf networking
==== No IPv4/IPv6 configuration except kernel-created link-local addresses ====
A relaxed interpretation that integrates well with zeroconf configuration. A kernel IPv6 link-local address is never removed unless a connection is activated whose configuration explicitly requests that.
=== Possible solutions ===
No size fits all. The best way to choose between those policies whould IMO be a sysctl used for turning link-local addresses on/off. That's not implemented in the kernel. Reversed value of disable_ipv6 could be theoretically used instead, as we don't expect any other configuration during the DISCONNECTED phase but it would have to be fixed in the kernel.
An alternative would be to add a global configuration directive to NetworkManager but that sounds redundant to me as people already use sysctls for stuff like that.
==== Zeroconf-friendly workflow example ====
1) The administrator allows IPv6 link-local addresses for all interfaces in <code>/etc/sysctl.conf</code> and ensures the file is committed into kernel's runtime configuration. Currently he doesn't have to do anything as link-local addresses are enabled by default and there's no separate directive for link-local addresses.
2) Optional: Some of the wired interfaces are set up to be available using zeroconf. The kernel assings link-local IPv6 addresses to them.
3) NetworkManager is started and wants to manage an interface. It sets its IFF_UP flag if necessary. It sees that link-local addresses are enabled on the interface (from sysctl) and it doesn't perform any action that would result in removing the link-local address.
== Related bug reports ==
* [https://bugzilla.gnome.org/show_bug.cgi?id=682932 settings: harmonize IPv6 methods with IPv4]
* [https://bugzilla.gnome.org/show_bug.cgi?id=700414 Slaves get IPv6 configuration (add IPv6 DISABLED method)]
* [https://bugzilla.gnome.org/show_bug.cgi?id=707155 ipv6: wait for link-local address and/or ask the kernel to add it when appropriate]
* [https://bugzilla.gnome.org/show_bug.cgi?id=683206 maximize device availability (IFF_UP/IFF_LOWER_UP) for IPv6 link-local communication during runtime and after exit]

Latest revision as of 00:04, 18 December 2013

Current status

Features

  • Automatic link-local addresses
  • Manual addresses
  • Automatic global address
  • Gateway/DNS for other hosts (IPv4 only)

Feature dependencies

  • IPv6: Automatic global address needs link-local address
  • Gateway needs a manual address (at least a default one), conflicts with dynamic address

IPv4/IPv6 methods broken down to features

Method Protocol Link-local Manual Automatic Gateway
disabled IPv4 none forbidden none none
ignore IPv6 kernel forbidden kernel none
link-local IPv4 userspace forbidden none none
link-local IPv6 kernel forbidden none none
manual IPv4 none required none none
manual IPv6 kernel required none none
auto IPv4 none allowed dhcp none
auto IPv6 kernel allowed ra+dhcp none
dhcp IPv6 kernel allowed dhcp none
shared IPv4 none forbidden none dhcp+dns+NAT

Notes

  • Even when IPv4 is in the disabled state, the network interface communicates on the L2 level.
  • There's no disable method for IPv6 and its semantics is unclear (whether disable means the same as link-local, or it also applies to the link-local address which is unaffected in all other methods).
  • The usage of IPv4 and IPv6 link-local addresses substatially differs. While IPv6 uses link-local addresses for *all* methods, IPv4 only uses it for the special link-local method.
  • The IPv4 disable and IPv4/manual methods only differ in the number of addresses (0 versus >=1), therefore one of them is redundant.
  • The IPv6 link-local and IPv6/manual methods only differ in the number of addresses (0 versus >=1), therefore one of them is redundant.
  • The IPv6 dhcp method is currently defunct.
  • There's no IPv6 shared method, yet.

All possible feature combinations

L M A G IPv4 IPv6 notes
no no no no method=disabled unsupported kernel's disable_ipv6 buggy
no no no yes invalid invalid missing manual address
no no yes no method=auto invalid missing IPv6 link-local address
no no yes yes invalid invalid missing manual address
no yes no no method=manual unsupported missing kernel feature
no yes no yes method=shared unsupported missing kernel feature
no yes yes no method=auto unsupported missing kernel feature
no yes yes yes invalid invalid both sides of dynamic configuration
yes no no no method=link-local method=link-local
yes no no yes invalid invalid missing manual address
yes no yes no unsupported method=auto
yes no yes yes invalid invalid missing manual address
yes yes no no unsupported method=manual
yes yes no yes method=shared unsupported IPv6 connection sharing is not implemented
yes yes yes no unsupported method=auto
yes yes yes yes invalid invalid both sides of dynamic configuration
  • L: Automatic link-local addresses
  • M: Manual addresses
  • A: Automatic global address
  • G: Gateway/DNS for other hosts

Notes

  • There's a bug in the kernel (found by Dan Winship) that once setting IFF_UP with disable_ipv6=1 affects future state. But we shouldn't need disable_ipv6 just as we don't need disable_ipv4, see the next note.
  • Kernel doesn't support turning link-local addressing on/off (without affecting other features). Some people may view it as a good thing, others as an undue limitation.

Proposal

Use one configuration directives per feature whenever possible, use multiple configuration directives per feature where further tweaking is needed.

Configuration directives

name value proposed meaning
link-local enabled configure LL address as soon as possible
fallback configure a LL address when other configuration methods failed
disabled default for IPv4
undefined default for IPv6, use system default
rdisc enabled default
disabled skip directly to DHCP (if enabled)
ignored a compatibility option to implement current method=ignore
dhcp enabled default
disabled don't use DHCP
router enabled provide connection sharing facilities
disabled default

Notes

  • Manual address configuration would be turned on by configuring at least one manual address.

Consequences on IPv6 configuration

LL RD DHCP current status notes
no no no unsupported
no no yes invalid
no yes no invalid
no yes yes invalid
yes no no method=link-local/manual link-local
yes no yes broken link-local and DHCPv6 (without rdisc)
yes yes no unsupported link-local and rdisc only
yes yes yes method=auto link-local and rdisc, DHCPv6 if requested by router

Notes

  • For any valid combination of the above directives, you can optionally add one or more manually specified addresses.
  • The DHCP only method is not properly implemented and it never worked.

Consequences on IPv4 configuration

LL RD DHCP notes
no no method=disabled/manual
no yes method=auto classic DHCP configuration
yes no unsupported link-local method doesn't allow manual addresses
yes yes unsupported immediate link-local, follow-up DHCP
fallback no method=manual/link-local not useful
fallback yes unsupported DHCP with fallback to link-local}

DISCONNECTED state considerations

Interpretations of the DISCONNECTED state

No communication

The strictest and most secure interpretation of DISCONNECTED state would require the device to behave as if there was no physical connection, i.e. as if the cable was unplugged. That would mean *no* communication on the wire at all. Simplest way to implement it is to unset IFF_UP.

Problems:

  • We can't wait for link carrier as that requires L1 communication, at the least.
  • It would break non-IP protocols and IPv6 zeroconf networking

No IPv4/IPv6 communication

A hybrid interpretation of DISCONNECTED state is that L1 and L2 communication is allowed but the IP layer must be turned off.

Problems:

  • It would break IPv6 zeroconf networking

No IPv4/IPv6 configuration except kernel-created link-local addresses

A relaxed interpretation that integrates well with zeroconf configuration. A kernel IPv6 link-local address is never removed unless a connection is activated whose configuration explicitly requests that.

Possible solutions

No size fits all. The best way to choose between those policies whould IMO be a sysctl used for turning link-local addresses on/off. That's not implemented in the kernel. Reversed value of disable_ipv6 could be theoretically used instead, as we don't expect any other configuration during the DISCONNECTED phase but it would have to be fixed in the kernel.

An alternative would be to add a global configuration directive to NetworkManager but that sounds redundant to me as people already use sysctls for stuff like that.

Zeroconf-friendly workflow example

1) The administrator allows IPv6 link-local addresses for all interfaces in /etc/sysctl.conf and ensures the file is committed into kernel's runtime configuration. Currently he doesn't have to do anything as link-local addresses are enabled by default and there's no separate directive for link-local addresses.

2) Optional: Some of the wired interfaces are set up to be available using zeroconf. The kernel assings link-local IPv6 addresses to them.

3) NetworkManager is started and wants to manage an interface. It sets its IFF_UP flag if necessary. It sees that link-local addresses are enabled on the interface (from sysctl) and it doesn't perform any action that would result in removing the link-local address.

Related bug reports