Monday, November 21, 2016

IPv6 & Systemd, another look

by Craig Miller

Lennart Poettering on systemd*

Systemd is coming to a computer near you. All the major linux distributions have adopted it. Systemd is a replacement for init, PID 1, and if the developers had stopped their, there would be no real impact. But the developers have expanded the influence of systemd to include many other aspects of how your linux workstation operates.
  • networkd - Controls the aspects of networking, including DHCPv6 Client, RA processing, SLAAC address assignment, IPv6 route insertion, etc
  • resolved - Acts like DNSMasq (but more limited) in resolving Domain Names. It gets pointed to DNS servers via networkd.
  • Other aspects of the linux host, including logind, hostnamed, locald, timedated, machined, importd to name a few.
The systemd daemons will also process IPv4 information, but that is beyond the scope of this blog.

Another Look at systemd

It has been six months since I took a good look at systemd and IPv6. You may remember that there were some clear issues which may cause one to pause before deploying a systemd host in an IPv6 production network.

A recap of IPv6 issues with systemd

The devs at systemd (and Redhat) have decided to re-implement functionality already in the kernel code. Therefore there are a few things which worked just fine in a non-systemd system, but do not in a modern system. Retesting with systemd version 231, we see there are improvements (below).
Description Issue Status
IPv6 RA flood (THC flood_router6) causes network disconnection even after flood ceases#2977FIXED
Temporary addresses (RFC 4941) are broken from version 224 to 228#2242FIXED
nterface disable/enable IPv4 will reaquire and address, but IPv6 will not (other than link-local), and will remain address-less until restarting networkd#2912Still broken
Fails to send Router Solicitation#2365Still broken
Unable to view DUID (DHCPv6 Identifier) on host#2952Closed but Still broken
Bridged Interfaces get IPv6 SLAAC addresses#2572FIXED
Systemd in a VM failed to start due to RA parsing error#2228FIXED
IPv6 incorrectly not enabled on Virtuozzo containers#2059FIXED
IPv6cceptRouterAdvertisements=yes or unset accepts too many prefixes#2004FIXED
Does not support DHCPV6-PD#1080Still broken
Does not support SLAAC RDNSS#1079FIXED

A few more issues have been added in the past 6 months

networkd does not support DNS List option in RA#4590            Open
Semantically Opaque Interface Identifiers with IPv6 SLAAC RFC 7217#4625Open
networkd: handle MTU field in IPv6 RA#4464Open
RFC 7084 support in networkd (automatic ipv6 prefix delegation)#4073Open

Time will improve systemd

It is unfortunate that the systemd team has decided to re-implement existing functionality (e.g. in the kernel, dnsmasq, odhcpd). But like fine wine, it is improving. Be sure to check the details of the issues which may impact your testing/deployment and save yourself a bunch of time. As always, taking the time to plan your IPv6 deployment will save you time in the end.

*Lennart Poettering T Shirt 

Tuesday, November 1, 2016

IPv6 in the palm of your hand

by Craig Miller

With the all of the major wireless providers in the US, and large service providers, like Sky, in Europe now offering native IPv6 service (see Glass Half Full), there is no time like the present to learn the new protocol, IPv6.

No IPv6 here
And yet even with all this new IPv6 access available, there are still many who's first reaction to a problem is to turn off IPv6. Like ostriches, it seems like they would rather stick their head in the sand, and hope that IPv6 will go away.

A new IPv6 device

I recently bought a new Android cell phone. Alas, in Canada there is only one provider, Telus, who offers IPv6 wireless service. And I am not their customer. Fortunately, I do have an IPv6 WLAN. While re-installing my useful apps on the new phone, I took a look at the Android IPv6 apps that are out there. And I was surprised and disappointed  to see the abundance of "disable IPv6" apps out there. Seriously, there has got to be a better way.
Step into the future, rather than disable IPv6

Helpful apps

But there were other apps as well, to help one learn IPv6. There is an excellent Hurricane Electric* IPv6 Network Tools, which can tell you a lot about your network.

There are even an IPv6 subnet calculators, which of course, aren't really required, since IPv6 does not have variable subnet masking (see Simplifying Subnetting), making things much easier than IPv4.

IPv6 in the palm of your hand

With Apple pushing in iOS 10 for full IPv6-only networking in their apps, and Android IPv6 helpful apps, you can now learn IPv6 on your phone while waiting for your coffee at Starbucks. Ah, good coffee, and the future of the internet in your hand,  it is a good time to explore IPv6.

*Hurricane Electric is an excellent IPv6 service provider, and offers free IPv6 tunnels for those who do not have native IPv6 service.