Adding global IPv6 addresses using SLAAC

Posted on

Adding global IPv6 addresses using SLAAC – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, ubuntu, networking, ipv6, .

Stateless Adress Autoconfiguration allows a node on the link to automatically configure global IPv6 addresses by appending its interface identifier (64 bits) to the prefix (64 bits) advertised by the router.

Lets assume I have a server with the global IPv6 Adress

2001:0db8:85a3:08d3:1319:8a2e:0370:7347

Now i want to add another global IPv6 address to the same interface by changing just the interface identifier and keeping the prefix. e.g.

2001:0db8:85a3:08d3:3315:2b5e:a320:3254
-------same--------|-----different-----                                

How can i do that using SLAAC, where the interface identifier is automatically appended to the network prefix? I am currently using Ubuntu.

(This is similar to what the IPv6 Privacy Extension does, but i want to control adding and removing temporary IPv6 addresses myself.)

Solution :

At the moment, I’m not aware of any method for manually causing the system to switch to a new temporary address.

However, you can tune the time period in which a temporary address is used and cause the system to create them more frequently.

From the kernel documentation:

temp_valid_lft - INTEGER
    valid lifetime (in seconds) for temporary addresses.
    Default: 604800 (7 days)

temp_prefered_lft - INTEGER
    Preferred lifetime (in seconds) for temporary addresses.
    Default: 86400 (1 day)

(Yes, the misspelling is intentional…)

So, let us say you want the system to start using a new temporary address every 10 minutes. You will then set:

sysctl net.ipv6.conf.all.temp_prefered_lft=600
sysctl net.ipv6.conf.default.temp_prefered_lft=600

The other sysctl, temp_valid_lft, allows some extra time for existing connections using a temporary address to finish up. You can also reduce this, especially if you don’t anticipate long running connections. Here I reduce it to 1 hour:

sysctl net.ipv6.conf.all.temp_valid_lft=3600
sysctl net.ipv6.conf.default.temp_valid_lft=3600

Privacy Extensions are exactly what you’re looking for. You just want to have some manual control over them. You can manipulate the expiration and generation by using the ip address command. The ip-address man page says:

mngtmpaddr (IPv6 only) make the kernel manage temporary addresses created from this one as template on behalf of Privacy Extensions (RFC3041). For this to become active, the use_tempaddr sysctl setting has to be set to a value greater than zero. The given address needs to have a prefix length of 64. This flag allows to use privacy extensions in a manually configured network, just like if stateless auto-configuration was active.

Leave a Reply

Your email address will not be published. Required fields are marked *