Setup static IPv6 address with DHCPv6 DUID and systemd-networkd

jonnybarnes · 2020-01-29 20:48:03

I was wondering if I could get a static IPv6 address working with my server. Its hosted with online.net who provide a /56 subnet, assigned with a DUID. (I’m not event sure thats the correct way to phrase it).

I have the following in my nftables rules:

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        ct state invalid counter drop comment "early drop of invalid packets"
        ct state {established, related} counter accept comment "accept all connections related to connections made by us"

        iif lo accept comment "accept loopback"

        ip protocol icmp counter accept comment "accept all ICMP types"
        ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } counter accept comment "Accept ICMPv6"
        # rules opening various porta
    }
}

And I have the following in my sysctl.d:

net.ipv6.conf.all.forwarding=1

net.ipv6.conf.all.accept_ra=2
net.ipv6.conf.default.accept_ra=2

Which I think should let IPv6 sort itself out.

My netwrokd conf is as follows:

[Match]
Name=enp0s20

[Network]
Address=a.b.c.d/24
Address=aaaa:bbbb:cccc:100::100/56
Gateway=a.b.c.1
DNS=127.0.0.1
DHCP=ipv6
IPv6AcceptRa=yes
IPv6PrefixDelegation=static

[DHCPv6]
DUIDType=vendor
DUIDRawData=00:03:...

Which gives the following result:

$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 aaaa:bbbb:cccc:100::100/56 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::207:cbff:fe0b:8532/64 scope link
       valid_lft forever preferred_lft forever
$ ip -6 route
::1 dev lo proto kernel metric 256 pref medium
aaaa:bbbb:cccc:100::/56 dev enp0s20 proto kernel metric 256 pref medium
fe80::/64 dev enp0s20 proto kernel metric 256 pref medium
default via fe80::235:1aff:fe3f:1b67 dev enp0s20 proto ra metric 1024 expires 1744sec mtu 1500 pref medium

But all my packets are lost when I `ping -6 ipv6.google.com`, oy any domain that has a AAAA record.

Does anyone know if what I‘m doing should work? What I’m missing?

Zod · 2020-01-29 20:58:59

https://wiki.archlinux.org/index.php/IPv6

jonnybarnes · 2020-01-30 20:49:10

So I’ve tried ammended my network conf to look like so:

[Match]
Name=enp0s20

[Network]
DNS=127.0.0.1
IPv6AcceptRa=yes

[Address]
Address=a.b.c.d/24
[Route]
Gateway=a.b.c.1

[Address]
Address=aaaa:bbbb:cccc:100::100/56

And I now have a dhclient systemd service like the online.net documentation suggests

The issue is the IPv6 address doesn’t get added at boot. And without it I don’t have any connectivity.

To get things working all I seem to need to do is manually run `ip -6 addr add aaaa:bbbb:cccc:100::100/56 dev enp0s20`

Does anyone know how I can get the ip address to stick at boot time?

Zod · 2020-01-30 22:00:42

jonnybarnes wrote:

Does anyone know how I can get the ip address to stick at boot time?

I think it's just a matter of properly identifying yourself to a DHCP server.

This seems to be the official way.

If using dhclient

/etc/dhcp/dhclient6.conf

Interface "enp0s20" {                        
   send dhcp6.client-id (provided DUID goes here);     # minus the parentheses

)

/etc/systemd/system/dhclient.service

[Unit]
Description=dhclient for sending DUID IPv6
Before=network-pre.target
Wants=network-pre.target

[Service]
Restart=always
RestartSec=10
Type=forking
ExecStart=/sbin/dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v enp0s20  
ExecStop=/sbin/dhclient -x -pf /var/run/dhclient6.pid

[Install]
WantedBy=network.target

Then enable and start dhclient.service.

But, I think there are options depending on the nature of the "DUID".

According to the provided documentation

provided documentation wrote:

On servers supporting IPv6 SLAAC, SLAAC has to be enabled in order to ensure that DHCPv6 works correctly. If disabled, a server will not be able to learn its IPv6 default route.

So, in the wiki page for IPv6 we see..
https://wiki.archlinux.org/index.php/IP … on_(SLAAC)

Wiki page for IPv6 wrote:

Stateless autoconfiguration (SLAAC)
The easiest way to acquire an IPv6 address as long as your network is configured is through Stateless address autoconfiguration (SLAAC for short). The address is automatically inferred from the prefix that your router advertises and requires neither further configuration nor specialized software such as a DHCP client.
For clients
If you are using netctl you just need to add the following line to your ethernet or wireless configuration.
IP6=stateless

To be clear on this point, a pure SLAAC config does not require a DUID, it (SLAAC) seems to be required to know the default gateway.

On my machine I dont have dhclient so in my dhcpcd.conf there is this..

dhcpcd.conf wrote:

# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private
noipv4ll

Edit: To summarize what I'm trying to say here...There seems to be more then one way to send a DUID to a DHCP server.

Last edited by Zod (2020-01-31 02:02:37)

loqs · 2020-01-30 22:12:23

@Zod is static IP6 address assignment not supported by systemd-networkd?

Zod · 2020-01-30 22:25:14

@ Loqs

This isn't really a static IP, the OP stated that he received a DUID from his provider, The DUID would be used to generate assign an IPv6 address/configuration that would work with the provider

Edit: Seems systemd-networkd specific..

https://www.freedesktop.org/software/sy … .conf.html

This should work..

man networkd.conf wrote:

DUIDRawData=
Specifies the DHCP DUID value as a single newline-terminated, hexadecimal string, with each byte separated by ":". The DUID that is sent is composed of the DUID type specified by DUIDType= and the value configured here.
The DUID value specified here overrides the DUID that systemd-networkd.service(8) generates from the machine ID. To configure DUID per-network, see systemd.network(5). The configured DHCP DUID should conform to the specification in RFC 3315, RFC 6355. To configure IAID, see systemd.network(5).
Example 1. A DUIDType=vendor with a custom value
DUIDType=vendor
DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00
This specifies a 14 byte DUID, with the type DUID-EN ("00:02"), enterprise number 43793 ("00:00:ab:11"), and identifier value "f9:2a:c2:77:29:f9:5c:00".

/etc/systemd/networkd.conf wrote:

[DHCP]
#DUIDType=vendor
#DUIDRawData=

Edit: More reading...

networkd.conf wrote:

DHCP Unique Identifier (DUID)
DHCPv6 client protocol sends the DHCP Unique Identifier and the interface Identity Association Identifier (IAID) to a DHCP server when acquiring a dynamic IPv6 address.

MAC and client address wrote:

DHCPv4 uses the MAC address and an optional Client ID to identify the client for purposes of assigning an address. Each time the same client arrives on the network, it gets the same address, if possible.
DHCPv6 uses basically the same scheme, but makes the Client ID mandatory and imposes structure on it. The Client ID in DHCPv6 consists of two parts: a DHCP Unique Identifier (DUID) and an Identity Association Identifier (IAID). The DUID identifies the client system (rather than just an interface, as in DHCPv4), and the IAID identifies the interface on that system.
As described in RFC 3315, an identity association is the means used for a server and a client to identify, group, and manage a set of related IPv6 addresses. A client must associate at least one distinct IA with each of its network interfaces, and then uses the assigned IAs to obtain configuration information from a server for that interface.

The DUID is used to identifiy the client to the DHCP server which I assume will then assign the correct IPv6 address.

RFC 8415 Sec 11 goes into more detail regarding DUID..
https://tools.ietf.org/html/rfc8415#section-11

Last edited by Zod (2020-01-31 02:09:02)

jonnybarnes · 2020-01-31 18:11:48

This seems to be fixed, I have IPv6 connectivity across multiple reboots. I’ve disabled the dhclient service and ammended the /etc/systemd/networkd.conf file as suggested.

I’ll keep an eye on it this weekend and see if I keep connectivity with upstream.

I’ve got IPv6 working before, or so I thought, only to find it stopped working, presumably after some DHCP lease timed out and my system wasn’t configured corectly.

Thanks for the help so far @Zod, much appreciated.

Arch Linux

#1 2020-01-29 20:48:03

Setup static IPv6 address with DHCPv6 DUID and systemd-networkd

#2 2020-01-29 20:58:59

Re: Setup static IPv6 address with DHCPv6 DUID and systemd-networkd

#3 2020-01-30 20:49:10

Re: Setup static IPv6 address with DHCPv6 DUID and systemd-networkd

#4 2020-01-30 22:00:42

Re: Setup static IPv6 address with DHCPv6 DUID and systemd-networkd

#5 2020-01-30 22:12:23

Re: Setup static IPv6 address with DHCPv6 DUID and systemd-networkd

#6 2020-01-30 22:25:14

Re: Setup static IPv6 address with DHCPv6 DUID and systemd-networkd

#7 2020-01-31 18:11:48

Re: Setup static IPv6 address with DHCPv6 DUID and systemd-networkd

Board footer