Ipv6 default route

fransking · June 27, 2023, 11:17am

Hi,

I’m migrating from an EdgeRouter 4 to VyOS 1.3 and I have everything working except IPv6 - specifically the default route. My previous working EdgeOS config was

set interfaces ethernet eth0 dhcpv6-pd pd 0 no-dns
set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length 56
set interfaces ethernet eth0 dhcpv6-pd rapid-commit disable
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 prefix-id ':1'
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 service slaac

And with this I get given a default link local route of fe80::ca8d:83ff:feb7:f6b.

My VyOS config is

set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 address dhcpv6
set interfaces ethernet eth0 description Internet
set interfaces ethernet eth0 hw-id 64:62:66:21:e4:4f
set interfaces ethernet eth0 dhcpv6-options pd 0 length 56
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address 1
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id 1
set interfaces ethernet eth0 ring-buffer rx 4096
set interfaces ethernet eth0 ring-buffer tx 4096
set interfaces ethernet eth0 dhcpv6-options rapid-commit
set interfaces ethernet eth0 ipv6 address autoconf
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1
set system sysctl custom net.ipv6.conf.eth0.forwarding value 1
set system sysctl custom net.ipv6.conf.eth0.accept_ra value 2

and I get a WAN IP and can successfully delegate /64 prefix out to the LAN. The problem is that no default route entry is being added.

ip -6 route show returns

::1 dev lo proto kernel metric 256 pref medium
2a01:....:f61f dev eth0 proto kernel metric 256 pref medium
2a01:....::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev lo proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium

I can see the upstream router with

show ipv6 neighbors | match eth0

fe80::ca8d:83ff:feb7:f6b dev eth0 lladdr c8:8d:83:b7:0f:6b router STALE

and manually setting this as the default route works

set protocols static route6 ::/0 next-hop fe80::ca8d:83ff:feb7:f6b interface eth0

however this link local address could change which would make my config somewhat brittle. Any ideas how to debug this and / or fix?

Thanks,

Frans

acosgrove · June 27, 2023, 5:54pm

Default route should be assumed from the RA when eth0 grabs its /128 (net.ipv6.conf.eth0.accept_ra_defrtr = 1)

What do you see in a tcpdump? Try this: tcpdump -vn -i eth0 icmp6 and ip6[40] == 134

vyos@vyos:~$ tcpdump -vn -i eth0 icmp6 and ip6[40] == 134
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:26:05.443677 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 144) fe80::201:5cff:fe7e:fe46 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 144
        hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 3600000ms, retrans timer 1000ms
          prefix info option (3), length 32 (4): 2001:558:4011:21::/64, Flags [none], valid time 604800s, pref. time 302400s
          prefix info option (3), length 32 (4): 2001:558:5001:32::/64, Flags [none], valid time 604800s, pref. time 302400s
          prefix info option (3), length 32 (4): 2001:558:6011:21::/64, Flags [none], valid time 604800s, pref. time 302400s
          prefix info option (3), length 32 (4): 2001:558:8000:49::/64, Flags [none], valid time 604800s, pref. time 302400s

Also I think by default forwarding and accept_ra settings are already configured and all of that works out of the box, no need to fiddle with sysctl. Here’s my eth0 config and it just works. (1.4-rolling-202306190317)

eth0 conf

ethernet eth0 {
     address dhcp
     address dhcpv6
     description "Comcast 1.25Gb/40Mb"
     dhcpv6-options {
         pd 0 {
             interface eth1.200 {
                 address 1
                 sla-id 0
             }
             length 56
         }
     }
     hw-id 00:21:70:d8:fa:51
 }

[edit]
vyos@vyos# run sh int ethernet eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:21:70:d8:fa:51 brd ff:ff:ff:ff:ff:ff permaddr 1c:83:41:32:d3:ba
    inet 76.97.***.***/21 brd 255.255.255.255 scope global dynamic eth0
       valid_lft 294060sec preferred_lft 294060sec
    inet6 2001:558:6011:21:****:****:****:****/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::221:70ff:fed8:fa51/64 scope link
       valid_lft forever preferred_lft forever
    Description: Comcast 1.25Gb/40Mb

    RX:        bytes   packets  errors  dropped  overrun       mcast
         34751309079  83863617       0        0        0       81579
    TX:        bytes   packets  errors  dropped  carrier  collisions
         35267762818  73055710       0        0        0           0
[edit]
vyos@vyos# ip -6 r | match default
default via fe80::201:5cff:fe7e:fe46 dev eth0 proto ra metric 1024 expires 1797sec pref medium
default via fe80::ea9f:80ff:fea5:6a2f dev eth1 proto ra metric 1024 expires 1774sec hoplimit 64 pref medium
default via fe80::ea9f:80ff:fea5:6a2f dev eth1.100 proto ra metric 1024 expires 1719sec hoplimit 64 pref medium
[edit]

sysctl partial dump

vyos@vyos# sysctl -a | grep 'ipv6.*eth0\.'
sysctl: permission denied on key 'kernel.cad_pid'
sysctl: permission denied on key 'kernel.usermodehelper.bset'
sysctl: permission denied on key 'kernel.usermodehelper.inheritable'
net.ipv6.conf.eth0.accept_dad = 1
net.ipv6.conf.eth0.accept_ra = 2
net.ipv6.conf.eth0.accept_ra_defrtr = 1
net.ipv6.conf.eth0.accept_ra_from_local = 0
net.ipv6.conf.eth0.accept_ra_min_hop_limit = 1
net.ipv6.conf.eth0.accept_ra_mtu = 1
net.ipv6.conf.eth0.accept_ra_pinfo = 1
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.eth0.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
net.ipv6.conf.eth0.accept_redirects = 0
net.ipv6.conf.eth0.accept_source_route = -1
net.ipv6.conf.eth0.accept_untracked_na = 0
net.ipv6.conf.eth0.addr_gen_mode = 1
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.eth0.dad_transmits = 1
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_policy = 0
net.ipv6.conf.eth0.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.eth0.drop_unsolicited_na = 0
net.ipv6.conf.eth0.enhanced_dad = 1
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth0.force_tllao = 0
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth0.hop_limit = 64

fransking · June 27, 2023, 7:38pm

Thanks Anthony - I upgraded to 1.4-rolling-202306190317 and that’s fixed it.

system · June 30, 2023, 3:08pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.