[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Proposal: no dnsmasq (no dhcp and no dns) and no radvd option



On 11/26/2012 11:19 AM, Gene Czarcinski wrote:
On 11/26/2012 10:40 AM, Gene Czarcinski wrote:
I understand that you can define multiple IPv4 and multiple IPv6 gateway addresses on a network interface but only one IPv4 DHCP and one IPv6 DHCP. I can see the need for both IPv4 and IPv6 protocols on a single network "fabric" but I am not sure how many real network "fabrics" have multiple subnetworks on them. Yes, it could be done but I am not certain why you would do that (and I am also sure that someone has a very valid reason for doing that).
Oops!  There may be a problem here with radvd!.

I have difficulty in understanding why one would define multiple IPv6 (or even IPv4) subnetworks on a single interface. Well, I guess the radvd authors did also: the AdvManagedFlag on/off applies to the entire interface and no a specific network.

I am verifying this but there is a chance that dsnmasq could support both for different subnetworks.

I guess that dnsmasq could be used to support one and radvd used to support the other but ???

I believe this may need more discussion from others. I would like to have someone other than the two of us chime in on this.
The answer is not good. Both radvd and dnsmasq are the same and you must choose state-full (DHCPv6) or state-less (SLAAC):

As Simon Kelley says:

"OK, you prompted me to look at the code, which makes radvd's behavior more understandable. The Managed flag is in the header of the route-advertisement packet so it has, logically, to apply at all the prefixes contained therein. The dnsmasq implementation sets the managed flag if any of the prefixes has DHCPv6 available, but clients will take is applying to them all."

So, for IPv6 on a virtual network you either have one IPv6 subnetwork with state-full DHCPv6 or you can have multiple IPv6 subnetworks with SLAAC addressing.

Options:

1. Ignore the true situation and keep going. I believe some users might not like this and I certainly do not like this.

2. Start a separate radvd (or dnsmasq) to support state-full DHCPv6 and another radvd to support additional SLAAC subnetworks. [Personally, I do not like this solution.] /// The problem is that this solution may not work. /// I just checked and now I remember ... it will not work. Only one RA server per network fabric (think virtual network interface) since ff02:: addresses are being used.

3. If an IPv6 DHCP range is specified, then any additional IPv6 subnetworks are a configuration error. I believe that this is the only reasonable thing to do. So, if you want to define two IPv6 subnets, do it on two different interfaces. I believe there is not much choice in this ... it is just the way IPv6 was defined and works.

[Aside: I sure would like to know of a real-world need for multiple IPv4 or multiple IPv6 subnetworks on a single network "fabric." The only possible thing I could think of is the need for a data network and a separate control network. But, from a security perspective, you really need to use either networks with encryption separation or real hardware separation.]

Gene


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]