Re: ipv6_enable

From: John Hay <jhay_at_meraka.org.za>
Date: Mon, 5 Apr 2010 10:30:56 +0200
On Mon, Apr 05, 2010 at 02:42:52PM +0900, Hiroki Sato wrote:
> Doug Barton <dougb_at_FreeBSD.org> wrote
>   in <4BB7E224.6020508_at_FreeBSD.org>:
> 
> do> As we've discussed previously, you and I have a lot of disagreement on
> do> some of these principles. I'm going to outline my responses in some
> do> detail, however I'm also interested in what others have to say since I'd
> do> ultimately like to see some consensus from the community on how this
> do> should be configured.
> 
>  Yes, I agree that it is good to have discussion with more people.
> 
> do> I'm just about the biggest rc.d purist there is, and even I don't agree
> do> with this. :)  I also disagree with your idea that "the original design
> do> of rc.d scripts" didn't intend for concepts like this.
> 
>  Sorry for the noise.  This involves my preference and was a different
>  story.  Please ignore this for IPv6 discussion for the moment.
> 
> do> >  Second, if people need a way to disable IPv6 protocol, they have
> do> >  already the way; no IPv6 configuration in /etc/rc.conf.  If you need
> do> >  a handy way for on-and-off, separating the IPv6 configuration from
> do> >  rc.conf to rc.conf.ipv6 and putting a line ". /etc/rc.conf.ipv6" into
> do> >  /etc/rc.conf should be enough, for example.
> do>
> do> Even if I agreed with this idea (and I don't necessarily have strong
> do> DISagreement with it) the knob has existed since the beginning of IPv6
> do> support in FreeBSD, and shouldn't be removed lightly. Personally I find
> do> it handy to be able to configure things in rc.conf and turn them on and
> do> off with one knob without having to comment or uncomment a bunch of stuff.
> 
>  I didn't removed it *lightly*.  My motivation for that is I want to
>  enable IPv6 by default without making trouble for IPv4-only people.
>  I also committed several kernel-level measures for people who want
>  IPv4-only, IPv6-only, and the both to live without the knob at that
>  time.
> 
>  Enabling/disabling IPv6 by using rc.d script was quite complex and
>  the switching will be incomplete with no kernel support.  My
>  conclusion for integration of the network_ipv6->netif changes was
>  "depend on if adding an GUA or not" and it works fine for
>  asynchronous invocation of rc.d/netif as well as needs no reboot for
>  the switch (see another email for the whole story).  Some processing
>  which were in network_ipv6 (calculating $rtsol_interface and so on)
>  are intentionally removed thanks to this assumption.  If you want to
>  go back to the old days and enable receiving RA by default, we must
>  look into the whole process carefully again.
> 
>  If people want to disable IPv6 GUA assignment in per-AF manner, it
>  should be done by per-AF global knobs for $ifconfig_* because the GUA
>  assignment involves $ifconfig_* knobs only for the user as explained
>  in another email.
> 
>  Let me summarize what I agree and disagree again:
> 
>  a. I agree that it is useful to have a knob for disabling all of
>     ifconfig_IF_ipv6 handling.  However, I disagree with using the
>     name "ipv6_enable" just for the purpose.  ipv6_enable=NO never
>     means disabling IPv6 functionality in the kernel, and it will
>     cause people tend to think IPv6 is disabled completely.
> 
>     If we want to disable ifconfig_IF_AF lines in a handy manner,
>     implementing ifconfig_DEFAULT_AF is more consistent and where we
>     should go.  All of AF-specific parameters for an interface are in
>     $ifconfig_IF_AF, and having a global knob to define the default
>     for all interfaces are quite reasonable to me.  I do not want to
>     go back to AF-specific handling like ipv6_* wherever possible.
> 
>     I think this policy is compatible with David Horn's suggestions.
>     "ifconfig_DEFAULT_ipv6=DHCP" for DHCPv6 by default,
>     "ifconfig_DEFAULT_ipv6=accept_rtadv" for SLAAC by default,
>     "ifconfig_fxp0_ipv6=-accept_rtadv" for no-SLAAC for fxp0, for
>     example (note that I do not stick to these keywords.  "slaac"
>     would also be a good candidate).  No concern for
>     conflicting/confusing with IPv4; this is orthogonal among AFs.  We
>     can support another new method by just adding a keyword.
> 
>     Note that SLAAC and DHCPv6 are exclusive.  Combinations of
>     DHCPv6-NA + SLAAC, or DHCPv6-PD + SLAAC are not extreme (the
>     latter is rather popular).  This is one of the reasons I stick to
>     the per-IF/per-AF solution here.
> 
>  b. Disagree with disabling IPv6 by default.  I think there is no
>     technical and security reason to go back to the old days.
> 
> do> >  Also, we should not consider IPv6 as special.
> do>
> do> I wish that were so, but I disagree. I think we need to make it as easy
> do> as possible for users to take advantage of IPv6, but there are a lot of
> do> reasons why it is actually special. Primarily because unlike some of our
> do> other networking protocols it's "on the cusp" of being something that
> do> everyone will need someday, but isn't quite ready for prime time.
> 
>  IMO, at least for handling in rc.d scripts, it is not necessary to
>  consider IPv6 as a special AF after I added AF-specific $ifconfig_*
>  knobs, rc.d/netoptions changes, and so on.
> 
>  And, well, please let me suggest something for the further discussion
>  here.  Whether we have $ipv6_enable or not, whether we enable
>  $ipv6_enable by default or not, and whether receiving RA by default
>  or not, are separated topics from each other.  So, I would like
>  everyone's opinions for the following points separately:
> 
>  1. Do we need a knob to disable IPv6?  If so, which in the following
>     is expected for that knob?
> 
>     1-a) Disable ifconfig_IF_ipv6 processing only.  This means people
>          can still do manual configuration for IPv6.
> 
>     1-b) Disable IPv6 functionlity completely.
> 
>  2. If we have a knob described in 1, what should be the default
>     value?
> 
>  3. Do we go for "accept RAs by default"?  We can break down this in
>     the following way related to 2:
> 
>     3-a) Enable IPv6 functionality and accept RAs by default.
> 
>     3-b) Enable IPv6 functionality and not accept RAs by default
> 
>     3-c) Disable IPv6 functionality by default and accept RAs if one
>          enables IPv6 in rc.conf.
> 
>     3-d) Disable IPv6 functionality by default and not accept RAs even
>          if one enables IPv6 in rc.conf.
> 
>  My answers for them are:
> 
>  1. No objection for 1-a, but if so the name $ipv6_enable is wrong to
>     me.  If people needs 1-b, it should be $ipv6_enable.  I have no
>     strong opinion on whether we have one of or both of them.  If we
>     can reach a consensus to have 1-b, I am ready to implement the
>     necessary changes.
> 
>  2. I am for "enabled by default" regardless of 1-a or 1-b.
> 
>  3. I am for 3-b.

These questions actually start more questions for me. :-) Maybe we should
also think from the user perspective and list a few use cases and what a
user need to put in rc.conf to make that work?

Your normal desktop/notebook user on a ipv6 radv network, what does he
need to do to have his machine ipv6 usable?

A network server that does not accept radv, what should its ipv6 config
in rc.conf look like?

What about a server that accept radv (so that it can get router info)
and have fixed addresses for it services?

A router kind of box, what should it look like?

Maybe by stating these, and other, use-cases, it will make it easier to
work back to what should happen under the hood? :-) And maybe if we can
document this well in rc.conf(5) for instance, it would make it easier
for people to start with ipv6.

BTW I have been running an ipv6 network for 10+ years, but the SLAAC
acronym is still strange to me. :-)

BTW2 RA on the network has bitten us a few times on the network, but it
always turned out to be innocent mistakes. We have also had rogue DHCP 
servers, which also was innocent mistakes, so I doubt if just moving
from RA to DHCP6 will be the answer. :-)

John
-- 
John Hay -- jhay_at_meraka.csir.co.za / jhay_at_FreeBSD.org
Received on Mon Apr 05 2010 - 06:31:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:02 UTC