Hello,

I'm setting up an IPv6-only virtual platform on a debian wheezy, with complex networking setup and net namespaces.
For doing this, i run a radvd on one of the virtual networks. I experimented on this platform a use case where the constraint of enforcing ipv6 forwarding when radvd starts is harmful.

The network where radvd runs is configured with Unique Local Addresses and is not supposed to be used for sending packets outside of the system.
This looks like the following:

VM1 [ fd00:dead:beef::<EUI64> ] \
VM2 [ fd00:dead:beef::<EUI64> ] --- [ fd00:dead:beef::1 ] Host (forwarding disabled)
VM3 [ fd00:dead:beef::<EUI64> ] /

This setup is perfectly valid and it is possible to specify in Router Advertisements that the "router" (in the sense of the node that sends router advertisements) should not be considered as a default route. In radvd, it is performed by setting the option "AdvDefaultLifetime" to "0".

The hosts are still able to perform SLAAC on this prefix and knows that it is not to be used for default route:
root@test:~# ip -6 a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
   inet6 fd00:dead:beef::5054:ff:fe12:3456/64 scope global dynamic
      valid_lft 86341sec preferred_lft 14341sec
   inet6 fe80::5054:ff:fe12:3456/64 scope link
      valid_lft forever preferred_lft forever
root@test:~# ip -6 r
fd00:dead:beef::/64 dev eth0  proto kernel  metric 256  expires 86285sec
fe80::/64 dev eth0  proto kernel  metric 256

The RFC is consistent with this behaviour. It states that a node may send Router Advertisements while having its forwarding capabilities disabled, as soon as it sets the Router Lifetime field (AdvDefaultLifetime) to zero.
RFC 4861 section 6.2.5:
  Note that system management may disable a router's IP forwarding
  capability (i.e., changing the system from being a router to being a
  host), a step that does not necessarily imply that the router's
  interfaces stop being advertising interfaces.  In such cases,
  subsequent Router Advertisements MUST set the Router Lifetime field
  to zero.


As a conclusion, i kindly ask you to consider relaxing the constraint of having net.ipv6.conf.all.forwarding enabled. It breaks some use cases were disabling forwarding is intended and legal.

Regards.
Emmanuel Thierry


PS: See below my full radvd configuration

interface virbr1 {
       IgnoreIfMissing off;
       AdvSendAdvert on;
       AdvDefaultLifetime 0;

       prefix fd00:dead:beef::1/64 {
               AdvOnLink on;
               AdvAutonomous on;
       };

       RDNSS fd00:dead:beef::1 {
       };
};

Hi,


While preparing release  2.21

Jun 10 15:29:15 aantje systemd[1]: Starting radvd.service - Router advertisement daemon for IPv6...
Jun 10 15:29:15 aantje radvd[1073]: config file, /etc/radvd.conf, syntax ok
Jun 10 15:29:15 aantje radvd[1075]: version 2.21 started
Jun 10 15:29:15 aantje radvd[1075]: IPv6 forwarding setting is: 0, should be 1 or 2
Jun 10 15:29:15 aantje radvd[1075]: IPv6 forwarding seems to be disabled, but continuing anyway
Jun 10 15:29:15 aantje systemd[1]: Started radvd.service - Router advertisement daemon for IPv6.


Hence the To: 701928-done@bugs.debian.org



Groeten
Geert Stappers
Debian Developer
Maintainer of radvd