PD broken in v4.3.2? prefix6 start prefix is outside the subnet

Shawn Routhier sar at isc.org
Wed Jul 15 05:17:15 UTC 2015 

> On Jul 14, 2015, at 2:34 PM, Chris Buechler <cmb at pfsense.org> wrote:
> 
> DHCPv6 PD configurations that worked in 4.3.1, 4.2.x, and earlier
> versions have stopped working in 4.3.2. For instance, this
> configuration will no longer work.
> https://kb.isc.org/article/AA-01093/0/Adding-class-support-for-DHCPv6-in-ISC-DHCP-4.3.html
> 
> every instance of 'prefix6' I found in this list's archives will no
> longer work, examples all over the Internet like this no longer work.
> http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-isc-dhcp.html
> 
> You end up getting "prefix6 start prefix is outside the subnet".
> 
> That's a result of this change noted in the release notes:
> 
> - Added checks in range6 and prefix6 statement parsing to ensure addresses
>  are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
>  bug report and patch.
>  [ISC-Bugs #32453]
>  [ISC-Bugs #17766]
>  [ISC-Bugs #18510]
>  [ISC-Bugs #23698]
>  [ISC-Bugs #28883]
> 
> 
> range6 I can understand. prefix6 seems to be a mistake though. Of
> course it's outside the subnet, that's the nature of PD. There has
> never been a requirement previously for prefix6 to be within the
> declared subnet, and it worked fine. Now I can't find a conf file
> anywhere that actually works with PD, across a variety of
> circumstances that worked on 4.3.1 and earlier.
> 
> Is there something I'm missing here, or is PD actually broken?

We did make a change to restrict prefix6 to be within the subnet.
We are re-consdiering this change and would be interested in hearing
peoples comments.  Note that we are in the process of wrapping up
the current work on the releases so comments should be sent to the
list soon.

The argument for requiring the PD to be within
the subnet is that the subnet describes the topology of the network
and that it should map the routing of the network.  So to get to
a PD one would route to the given subnet.  

However I do think you are confused about the configuration file
showing class support from the KB article.  I have tried the three
configuration files in that kb article and all of them seem to work
correctly for me with the prefixes being within the subnet.  

The second example you give would appear to have issues though
they could be fixed by changing the subnet length from 64 to 56.

> 
> Thanks!
> Chris
> _______________________________________________

regards,
Shawn

More information about the dhcp-users mailing list