How to Wiki Database (change log)
http://[222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c]
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
2.1 KiB
30 lines
2.1 KiB
9 months ago
|
====== Advertising a Prefix ======
|
||
|
|
||
|
While it is generally encouraged that nodes run the software locally, to provide end-to-end cryptographic sessions and participate in routing, this is not always practical. Some network devices will inevitably be unable to run user code, but may still provide IPv6 connectivity. Users may also prefer to avoid running the software on an otherwise compatible system, perhaps to provide guest access or to avoid any overhead to battery powered devices. To that end, it is each node is assigned a /64 prefix in parallel to their address. A node acting as a router may advertise this prefix just as they would any other ordinary IPv6 network.
|
||
|
|
||
|
This may be best illustrated by example. Suppose a node has generated the address: 200:1111:2222:3333:4444:5555:6666:7777. Then the node may also use addresses from the prefix: 300:1111:2222:3333::/64 (note the 200 changed to 300, a separate /8 is used for prefixes, but the rest of the first 64 bits are the same).
|
||
|
|
||
|
On Linux, something like the following should be sufficient to advertise a prefix and a route to 200::/7 using radvd to a network attached to the eth0 interface:
|
||
|
|
||
|
Enable IPv6 forwarding (e.g. sysctl -w net.ipv6.conf.all.forwarding=1 or add it to sysctl.conf).
|
||
|
|
||
|
ip addr add 300:1111:2222:3333::1/64 dev eth0 or similar, to assign an address for the router to use in that prefix, where the LAN is reachable through eth0.
|
||
|
|
||
|
Install/run radvd with something like the following in /etc/radvd.conf:
|
||
|
|
||
|
<code json> interface eth0
|
||
|
{
|
||
|
AdvSendAdvert on;
|
||
|
AdvDefaultLifetime 0;
|
||
|
prefix 300:1111:2222:3333::/64 {
|
||
|
AdvOnLink on;
|
||
|
AdvAutonomous on;
|
||
|
};
|
||
|
route 200::/7 {};
|
||
|
};</code>
|
||
|
|
||
|
Note that a /64 prefix has fewer bits of address space available to check against the node’s ID, which in turn means hash collisions are more likely. As such, it is unwise to rely on addresses as a form of identity verification for the 300::/8 address range.
|
||
|
|
||
|
====== Links ======
|
||
|
|
||
|
Configuration, Advertising a Prefix: https://yggdrasil-network.github.io/configuration.html
|