IPv6 in my LAN

After enabling IPv6 in my WLAN router, I also enabled IPv6 in my FreeB­SD sys­tems. I have to tell that the IPv6 chap­ter in the FreeB­SD hand­book does not con­tain as much infor­ma­tion as I would like to have about this.

Con­fig­ur­ing the inter­faces of my two 9‑current sys­tems to also car­ry a spe­cif­ic IPv6 address (an easy one from the ULA I use) was easy after read­ing the man-page for rc.conf. After a lit­tle bit of exper­i­ment­ing it came down to:

ifconfig_rl0_ipv6=“inet6 ::2:1 pre­fixlen 64 accept_rtadv”
ipv6_defaultrouter=”<router address>”

Apart from this address (I chose it because the IPv4 address ends in “.2”, this way I can add some easy to remem­ber address­es for this machine if need­ed), I also have two auto­mat­i­cal­ly con­fig­ured address­es. One is with the same ULA and some not so easy to remem­ber end (con­struct­ed from the MAC address), and one is from the offi­cial pre­fix the router con­struct­ed out of the offi­cial IPv4 address from the ISP (+ the same end than the oth­er end).

Addi­tion­al­ly I also have all my jails on this machine with an IPv6 address now (yes, they are like “…:2:100” with the :100 because the IPv4 address ends in “.100”). Still TODO is the con­ver­sion of all the ser­vices in the jails to also lis­ten on the IPv6 address.

I already changed the con­fig of my inter­nal DNS to have the IPv6 address­es for all sys­tems, lis­ten on the IPv6 address (when I add an IPv6 net­work to allow-query/allow-query-cache/allow-recursion bind does not want to start). And as I was there, I also enabled the DNSSEC ver­i­fi­ca­tion (but I get a lot of error mes­sages in the logs: “unable to con­vert errno to isc_result: 42: Pro­to­col not avail­able”, one search result which talks exact­ly about this error tells it is a “cos­met­ic error”…).

I noticed that an IPv6 ping between two phys­i­cal machines takes a lit­tle bit more time than an IPv4 ping (no IPsec enabled). It sur­prised me that this is such a notice­able dif­fer­ence (not with­in the std-dev at all):

— m87.Leidinger.net ping statistics —
10 pack­ets trans­mit­ted, 10 pack­ets received, 0.0% pack­et loss
round-trip min/avg/max/stddev = 0.168÷0.193÷0.220÷0.017 ms

— m87.Leidinger.net ping6 statistics —
10 pack­ets trans­mit­ted, 10 pack­ets received, 0.0% pack­et loss
round-trip min/avg/max/std-dev = 0.207÷0.325÷0.370÷0.047 ms

The infor­ma­tion I miss in the FreeB­SD hand­book in the IPv6 chap­ter is what those oth­er IPv6 relat­ed ser­vices are and when/how to con­fig­ure them. I have an idea now what this rad­vd is, but I am not sure what the inter­ac­tion is with the accept_rtadv set­ting for ifcon­fig (and I do not think I need it, as my WLAN router seems to do it already). I know that I get the IPv6-friendly net­work neigh­bor­hood dis­played with ndp(8). I did not have a look at enabling IPv6 mul­ti­cast sup­port in FreeB­SD, and I do not know what those oth­er IPv6 options for rc.conf do.

One thought on “IPv6 in my LAN”

  1. Lapo says:

    Route Adver­tise­ment allows zero-configuration, i.e. auto­mat­ic address set­up with the cor­rect pre­fix and a suf­fix tak­en from the MAC.
    OTOH rtad­vd is the serv­er part and you cor­rect­ly stip­u­lat­ed that you do not need it; not unless the that FreeB­SD host is also an IPv6 router, e.g. one of his inter­faces act as gate­way to anoth­er local net­work in a dif­fer­ent (or longer) prefix.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.