Not Creating Routes Received from IPv6 RA

Started by sifrmoja, Today at 05:29:13 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 05:29:13 AM
I have 2 downstream servers (Linux) that have a /64 network each on a bridge for VMs/LXC containers. I have configured them to advertise the route to the /64 and the servers add each other as a route to their respective /64. I know the RAs are working.

My OPNsense router can see those Route Advertisements but are not adding a route into their routing table. I am still learning IPv6 but have a solid understanding of routing. I can manually add these routes but I was hoping to have it working auttomatically.

The radvd.conf on each of the servers is as follows.

Code Select
interface eth0
{
    AdvSendAdvert on;
    AdvManagedFlag off;
    AdvOtherConfigFlag off;
    AdvReachableTime 0;
    AdvRetransTimer 0;
    AdvCurHopLimit 64;
    AdvDefaultLifetime 0;
    AdvHomeAgentFlag off;
    AdvDefaultPreference medium;
    AdvSourceLLAddress on;

    route 2001:db8:0:b33f::1/64
    {
        AdvRoutePreference medium;
        AdvRouteLifetime 3600;
    }; # End of route definition

}; # End of interface definition

On the router I can see this RA is received on the LAN interface using radvdump.

Code Select
interface igc0
{
    AdvSendAdvert on;
    # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
    AdvManagedFlag off;
    AdvOtherConfigFlag off;
    AdvReachableTime 0;
    AdvRetransTimer 0;
    AdvCurHopLimit 64;
    AdvDefaultLifetime 0;
    AdvHomeAgentFlag off;
    AdvDefaultPreference medium;
    AdvSourceLLAddress on;

    route 2001:db8:0:b33f::1/64
    {
        AdvRoutePreference medium;
        AdvRouteLifetime 3600;
    }; # End of route definition

}; # End of interface definition

Why is OPNsense not adding a route based on this RA?
Today at 07:27:27 AM #1
Routers like a firewall are not supposed to accept RAs, only hand them out. RAs are sent by routers for the benefit of hosts.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 07:33:06 AM #2 Last Edit: Today at 08:34:48 AM by Monviech (Cedrik)
An IPv6 capable router should also accept RAs on the upstream interface since otherwise it cannot learn where the LLA of the default IPv6 gateway is (sending LLA and SLLA option inside the RA). DHCPv6 does not contain that information.

Though an interface must have the "accept_rtadv" flag to accept and process RAs.
Hardware:
DEC740
Today at 09:02:34 AM #3
How do I go about adding this "accept_rtadv" flag?
Today at 09:43:02 AM #4
If you set an interface to "IPv6: SLAAC" it will add that flag, but you would also generate an address if the RA bits are wrong, and if a default route is advertised it would also be installed. Your other RA daemon should only advertise an on-link prefix I guess.
Hardware:
DEC740
Today at 12:25:00 PM #5
Most systems ignore explicit routes advertised in RAs, even if they do accept RAs and use them for SLAAC, setting the default route etc. I don't think FreeBSD / OPNsense is an exception (let me know if I'm wrong).

That's where reality differs from the RFCs. While it seems like a good idea to autoconfigure specific routes from information in RAs, most vendors have decided not to implement this.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1
User actions