Wrong prefix length is advertised

Sten Carlsen stenc at s-carlsen.dk
Thu Mar 24 17:21:22 UTC 2016 

Just to point out that while in IP4 the DHCP gives all info needed, in
IP6 both DHCP and RADV are needed to have the full picture.

It is between the lines in Simon's description below, but is one point
that took me some time to realise.


On 24/03/2016 14:50, Simon Hobson wrote:
> Juergen Bachsteffel <juebac at web.de> wrote:
>
>> subnet6 fda0:65da:e55a:1::/64 {
>> 	range6 fda0:65da:e55a:1::0010 fda0:65da:e55a:1::0100;
>> }
>>
>>
>> My problem is. The clients (Windows 7 and Linux) get a IPv6-Address, but
>> when I ping between them, nothing happens.
>>
>> Reason:
>>
>> If if type 'ip -6 addr' on Linux, I can see that the prefix length is
>> /128. Same effect on Windows.
>>
>> e.g fda0:65da:e55a:1::20/128
> What do "ip -f inet6 route" and "ip -f inet6 neigh" show ?
>
> At the risk of starting off the whole "discussion" again, IPv6 needs some of the "old rules" to be un-learned - especially in terms of what constitutes a neighbour ! You might want to sit down with a fresh cup of tea while you try and get your head round it - it took me a while and after having been in the "that's nuts" camp, it suddenly turned into one of those "ah, that makes sense" moments.
>
> In IPv4, who is a "neighbour" is intimately linked with subnets and subnet masks (prefix lengths). So if your address is 192.168.1.57/24 and my address is 192.168.1.123/24, then we are neighbours (assuming we are on the same physical network of course).
> Of course, you may also have the address 192.168.1.69/24 - so now we have duplicate information stored.
> And we are used to every IP address having an associated subnet mask.
>
> I don't know if you've ever worked with a multi-subnet network (where, usually because one got filled up, there are two IP subnets sharing one "bit of wire"), but if you have then you'll know that for hosts in the two subnets to communicate then they either have to be told explicitly about the "other" subnet(s), or they have to communicate via a router.
>
>
> With IPv6 things are different. IP addresses are distinctly separated from routing and the concept of who is a neighbour. An IP address does not have a prefix length, it is just an address. But, because of the way the network code (at least in the Linux world) has been built with this intimate linking of IP address and subnet mask - the IPv6 code "needs" a prefix length to be specified so that the value can be filled in in the internal data structures. In principle, whatever value is supplied, /128 should be used internally.
>
> You're probably, like I was, thinking this is nuts - so how does a host determine what else is on the network ?
> This is where routing advertisements come into play. A router will advertise to nodes a number of key information. There are some flags (such as whether nodes should auto-configure or look to something else such as a DHCP server for addressing), but one key thing is a list of prefixes used on the local network that should be considered local.
>
> So, taking your example address above, the host has obtained the address fda0:65da:e55a:1::20 (ignore the /128, that's just there because of this historical baggage in the code). That tells it nothing about what hosts it can talk to.
> The router should have sent out an advertisement stating that the prefix fda0:65da:e55a:1::/64 is in use AND that hosts can use neighbour discovery to find others in this subnet. It should be immediately obvious at this point that the router could advertise more than one prefix, and then hosts could automatically find and talk directly to neighbours in the other prefix(es).
>
> Why this emphasis on whether neighbour discovery can be used by the host ?
> For those brought up with broadcast networks like ethernet then it's probably a good question. There are some network types which from an addressing POV look the same, but don't support "broadcast" between different clients - AIUI many radio systems are like this. So if the host fda0:65da:e55a:1::20 wants to talk to fda0:65da:e55a:1::21 it cannot do so directly. So even though fda0:65da:e55a:1::20 and fda0:65da:e55a:1::21 are in the same prefix, they cannot directly talk to each other - instead they must send the packets up to the router.
>
> So while in the IPv4 world we (without configuration fudges) have only two combinations of same|different subnet and neighbours|not-neighbours. In the IPv6 world we have all 4 combinations possible - as well as the two obvious combination we can have hosts that are in the same prefix but are not neighbours, and hosts that are in different prefixes which are neighbours.
>
> Hope that helps a bit !
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20160324/64d5c387/attachment.html>

More information about the dhcp-users mailing list