Page MenuHomeVyOS Platform
Create Task
Maniphest T7380

Implement auto-ignore-prefix syntax for router advertisements
Closed, ResolvedPublic
Actions

Description

radvd released a new feature, "auto ignore prefixes", which will be critically important for enterprise IPv6 deployments, or anywhere where internal ULAs are in use.

You can read all about how this functionality works in this merged PR conversation: https://github.com/radvd-project/radvd/pull/189

But to prevent link rot, I'll also explain its use case here:

When router advertisements are configured on an interface with multiple IPv6 prefixes, it is recommended that you configure your interface with the special wildcard prefix "::/64". The wildcard prefix will generate RAs for all prefixes including dynamic ones obtained from the ISP via DHCPv6-PD.

The downside is that RAs for all prefixes will have the same configuration. That is, they'll have the same flags and preferred/valid lifetimes. If you attempt to override these configuration settings for a specific prefix, the RA will contain a duplicate of the prefix - one with the general settings from the wildcard, and the other with your changes. This results in unpredictable client behavior.

"Auto ignore prefixes" solves this problem by allowing you to exclude certain prefixes from being auto-generated from the wildcard. This is useful for when you want to set different configuration options for different prefixes, or when you want to prevent the router from advertising a specific prefix altogether.

This type of granular configuration ability will be super important as IPv6 is increasingly adopted and becoming more mainstream, especially in the enterprise and SMB space.

I'll be implementing configuration syntax in VyOS for this.

Consider the following example - suppose interface eth1 has two prefixes:

  • 2001:db8::1/64 - this is dynamically obtained from your ISP
  • fd00::1/64 - this is an internal ULA you have manually configured

The admin sets the wildcard prefix on eth1:

set service router-advert interface eth1 prefix ::/64

Without the new "auto ignore prefixes", a single RA packet would be sent containing both prefixes with the same configuration flags and lifetimes.

With this new syntax, the admin would be able to configure:

set service router-advert interface eth1 auto-ignore-prefix fd00::/64

After this change, the wildcard will only broadcast the 2001:db8::/64 prefix. And then the administrator can separately configure:

set service router-advert interface eth1 prefix fd00::/64 preferred-lifetime XXX
set service router-advert interface eth1 prefix fd00::/64 valid-lifetime XXX
...etc...

After configuring these settings manually for the prefix, the RA packet will now contain the 2 prefixes, but this time it will only contain the fd00 prefix once, with the static configuration supplied by the administrator.

Details

Version
-
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects