Slaac and static ipv6

caywin · October 7, 2024, 6:37pm

Hello

I am a beginner with ipv6
But I have a simple question, is it possible with openwrt to have fixed IPv6 retrieved by SLAAC?

openwrt allocates me IPv6 but I would like to have fixed ipv6 for some services.
Is it possible with SLAAC?

Thank you

_bernd · October 7, 2024, 7:27pm

If you don't chance the Mac address of that interface every now and then then the host part is stable aka static... And no, slaac can not assign an address. If a host is configured to use slaac then it assigns the address all by itself. That's the point of slaac. Only the prefix is announced, and the life time, resolver address, and so on...

mk24 · October 7, 2024, 8:05pm

SLAAC is based on the principle that when an autonomous system chooses a large random number, it is very unlikely that another system will choose the same number. Also it was supposed to enable security by obscurity.

efahl · October 8, 2024, 3:51am

Sure.

Many (most?) clients do both SLAAC and DHCPv6 address acquisition at the same time. The most prominent exception is Android, which is SLAAC-only, but since you're talking about servers, that's not an issue. In LuCI, go to Network -> DHCP and DNS, click the Static Leases tab. Try adding a host there, paying specific attention to the DUID field. If you pull that down and see the host of interest listed, you can easily give it an "IPv6-Suffix", which should result in both a DHCPv6 GUA and ULA with that suffix (be sure to use an even number of digits when specifying the suffix).

For example, my main all-purpose server gets an IPv4 assigned "10.1.1.200" and then I use "0200" as the IPv6-Suffix (yeah, it's hex, but really who cares?). On that host, I do this (I starred the two DHCPv6 static addresses):

$ ip a
...
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 10.1.1.200/24 metric 100 brd 10.1.1.255 scope global dynamic enp2s0
       valid_lft 15228sec preferred_lft 15228sec
*   inet6 2600:blah:b600::200/128 scope global dynamic noprefixroute
       valid_lft 19309sec preferred_lft 19309sec
*   inet6 fd0a:bad:dad::200/128 scope global dynamic noprefixroute
       valid_lft 19309sec preferred_lft 19309sec
    inet6 fd0a:bad:dad:0:d63d:blah:blah:9bb5/64 scope global mngtmpaddr noprefixroute
       valid_lft forever preferred_lft forever
... more SLAAC addresses ...

caywin · October 8, 2024, 10:58am

Thanks for your reply.

But I can't add the hosts in static via Luci because as the host retrieves the IPv6 via SLAAC I don't see any DUID in Luci.
If I'm not mistaken, we only see the DUIDs of the hosts that retrieve the IPv6 via DHPDv6

Thanks for your help

_bernd · October 8, 2024, 11:03am

Btw about what client OS are we talking about?

caywin · October 8, 2024, 11:54am

Hello @_bernd
openbsd

_bernd · October 8, 2024, 12:43pm

I'm still puzzled what you want to achieve. (And I assume you have a dynamic prefix..., if not please state so.)

I see at least the following options:

Use the mac and the calculated ULA and may add it to dnsmasq but be aware that most often ipv4 is preferred over ULA
Configure an dhcpv6 client on the OpenBSD and get automatic DNS entries for the dhcpv6 lease

Do you need the address be reachable from the Internet or just from your LAN?

caywin · October 8, 2024, 1:56pm

I will explain the situation better.

I have on my wan6 interface in prefix-pd.

I have 3 vlans on which I have configured: ip6assign: '60'
so on my 3 vlans I have a block of ipv6/60.

My openbsd hosts retrieve an ipv6 via SLAAC in the ipv6 subnet as it should depending on the vlan I use.

Everything works perfectly.

The only problem is that for some hosts, I would like the assigned ipv6 to be static. Otherwise how to do for example for a web server if the ipv6 is dynamic?
currently if I restart a host, the ipv6 is different since it is dynamic.

or else I have to configure the hosts with dhcpv6 and not slaac

Thanks for your help

krazeh · October 8, 2024, 2:14pm

There's no reason you can't do both. Or just assign a static IP directly on the host machine.

greem · October 8, 2024, 2:43pm

That's what I was going to say - my current best practice is that servers are configured with static addresses in their own network configuration. Nobody can then attempt to change that via MITM/competing advertising trickery.

caywin · October 8, 2024, 3:20pm

Ok thank you, I will configure fixed ipv6.
I have one last question.
Via luci we can see the dhcpv6 leases
Is it possible to see the same information for slaac?
Thanks

Cthulhu88 · October 8, 2024, 3:56pm

SLAAC has no leases, as the name implies, stateless. If you just want a MAC/IP association, your best take is probably the neighbour table.

caywin · October 8, 2024, 4:00pm

Ah ok

How to configure this neighbor table please?

Cthulhu88 · October 8, 2024, 4:02pm

The neighbour tables are automatically managed by the kernel. You can view them in LuCI by going to Status -> Routing.

caywin · October 8, 2024, 4:07pm

ah yes nice thank you

_bernd · October 10, 2024, 7:28pm

ip -6 neigh show [dev ${interface}]