search

sshambar / nmutils

Network Manager Utility Scripts
GNU General Public License v3.0
19 stars 1 forks source link

So, getting this working for FIOS (PD_EXCLUDE) #11

Open rshutt opened 10 months ago

rshutt commented 10 months ago

So, here's my story :). Disclaimer - I formerly worked for Red Hat as a consultant and a solutions architect.

I worked with these scripts back in the day when I was a Comcast Broadband customer and it all worked great with IA_NA and IA_PD requests for my ipv6. I then switched to FIOS for bandwidth (Yeah, go figure, I live in Philly which is Comcast HQ and the "gigabit" was not close to "gigabit") and price. Unfortunately, FIOS did not have ipv6 deployed at the time in Philadelphia, so I switched back to Hurricane Electric for a short time which was a huge mess because in the years since I had used them back in 2010 and earlier, they were not "blacklisted" as a "proxy" service by netflix etc... Anyway, fast forward and lo and behold, FIOS now supports IPv6 in Philly.

UNFORTUNATELY, they do not respond to DHCP6 IA_NA requests. Rather, they want you to make the IA_PD request and then use PD_EXCLUDE to number the wan interface (if necessary).

Well, this broke a bunch of stuff with these scripts.

Thankfully I've fixed the problem!

Firstly, I needed a way to make nmutils consider the WAN interface as a LAN interface too for numbering purposed.

# cat /etc/nmutils/conf/ipv6-prefix-${WAN}.conf
WAN_DHCLIENT_OPTIONS="--prefix-len-hint 56"
WAN_LAN_INTFS="${WAN} ${LAN1} ${LAN2} ${LANN}"
WAN_PREFIX_LEN="128"
WAN_SITE="0"

Secondly, I needed a ${WAN}-from-${WAN}:

# cat /etc/nmutils/conf/ipv6-prefix-${WAN}-from-${WAN}.conf
LAN_PREFIX_LEN=128
LAN_SITE=0

Finally, I had to make the following change in the NetworkManager dispatcher scripting

# diff -u /etc/NetworkManager/dispatcher.d/08-ipv6-prefix*
--- 08-ipv6-prefix      2023-12-30 20:36:33.552575054 -0500
+++ 08-ipv6-prefix.orig 2023-12-30 20:36:10.765302046 -0500
@@ -172,8 +172,7 @@
 # set to 1 to spawn dhclient even if NetworkManager method=auto
 NMDH6_IGNORE_METHOD_AUTO=${NMDH6_IGNORE_METHOD_AUTO-}
 # by default, request addresses and prefixes... (cleared if method=auto)
-#NMDH6_DHCLIENT_ARGS=("-N")
-NMDH6_DHCLIENT_ARGS=()
+NMDH6_DHCLIENT_ARGS=("-N")

 ########## SCRIPT START

Now, obviously this would bed a horrible patch, but at the end of the day I suppose I could add a flag for disabling the IA_NA flag on dhclient. For me, this current hackery works fine, but if there were any interest I could bang a real patch out quickly?

Thoughts?

oh and thanks again, @sshambar! There's about a -1% chance that I could have gotten this working using ipv6 "shared" configuration with NetworkManager and wide-dhcp6c seems to have not had any updates since 2015 and doesn't seem to understand PD_EXCLUDE either?

sshambar commented 10 months ago

You can just use the /etc/nmutils/conf/ipv6-prefix-${WAN}.conf file to override the NMDH6_DHCLIENT_ARGS option (no script editing required :).

Also, unless you specifically need to assign the PD excluded prefix on the WAN, just assign a free delegated prefix to the WAN as you've already configured (adding ${WAN} to WAN_LAN_INTFS, the ipv6-prefix-${WAN}-from-${WAN}.conf is only needed if you want to specify overrides, like assigning a /128 address).

WAN_PREFIX_LEN and WAN_SITE aren't actually recognized in the current code - so they won't do anything...

If you are restricted in your prefix delegations, and need to assign a prefix on ${WAN} that's already allocated in another ${LANx}, then I might need to patch the code... as anything assigned (even a /128) consumes the delegated /64 prefix -- I could make /128 not consume the prefix, and then that prefix may appear on more than one interface - which works :)

Please let me know if that answers what you're asking, and if it works for you!

Thanks, Scott

rshutt commented 6 months ago

Thanks for cluing me in that I could just override NMDH6_DHCLIENT_ARGS in the ipv6-prefix-${WAN}.conf.

Beyond that, I am not certain if I am using the correct PD Excluded subnet on my wan interface... That said, if I wasn't, it would be unlikely that packets from the gateway itself wouldn't route so well to the ipv6 internet but it does.

It would be super awesome if we could pick the proper /128 or whatever size is issued based on DHCPv6 packet which contains the Option PD_EXCLUDE, but for now this is working fine, thankfully.

Anyway, thanks again for your work on the tooling/scripts. They are well written and documented! I mean I've been using them for the better part of 10 years almost!