On Wed, 2 May 2001, Peter Bieringer wrote:
> But is it possible to rename/replace the switches to avoid confusion with
> the existing (and still longer living IPv4 switches).
>
> Suggestions:
> 1) Global (and one and only) IPv6 forwarding control
> - /proc/sys/net/ipv6/conf/all/forwarding
> + /proc/sys/net/ipv6/forwarding
>
> Avoids also headache about why the same named switch in the "conf/all"
> directory has a different behavior than the "conf/$device" directory.
Am I correct in assuming that _some_ configuration options in
/proc/sys/net/ipv6/conf/all/ (actually almost all except forwarding), are
not special cases but control how ALL devices react (ie. IPv4 way)?
Ie. is forwarding the only special case here? If so, something would
probably have to be done about it.
Removing options, or defining them, could cause pain for some people as
the interfaces would change (update all scripts etc..); if that is
necessary, now it would cause small amount of hassle.
> 2) Perhaps renaming the "conf/$device/forwarding" to a better name. Looks
> like it was taken from BSD/KAME, but it can be misunderstood by IPv4 to
> IPv6 migrators...
>
> -- 8<-- (itojun on usagi-users)
> in KAME stack, the only legal combination is:
> accept_rtadv=0, forwarding=1 router
> accept_rtadv=1, forwarding=0 autoconfigured host
> accept_rtadv=0, forwarding=0 manually configured host
>
>
> 3) Let "conf/all/forwarding-renamed" control all
> "conf/$device/forwarding-renamed" at one time. Pleaes update this for
> others, too ("mtu" is also not working).
> This is a different behavior to the IPv4 tree, too.
> Or was the IPv4 solution not a good one?
These two issues are mostly caused by missing documentation. If these
aren't either changed (so that people will realize the difference) or
documented, these questions _will_ pop up more and more often. That's not
in anyone's interests, I hope.
I'm hoping to be able to decipher the most important settings and create a
patch to ip-sysctl.txt for it, but as noticed this is a tricky business.
[ from earlier mail; by Alexey ]
>> Per-device enabling/disabling forwarding in IPv6 simply does not exist.
>> This switch is global only: either the whole node is router or it is not
>> a router. Per-device "forwarding" switch controls only
>> autoconfiguration/ndisc aspects.
Isn't being able to set ndisc/ra settings on device-specific manner a bit
contradictory to "either whole node is router or it is not"? If a node is
a router, should it be a router on all interfaces it has (thus modifying
also ndisc/ra)?
Sure this adds some flexibility (but also makes it possible for you to
muck up badly), but may also create complications.
Consider a system where SERVER wants to have a shortcut into LAN1 (but not
forward traffic from it):
LAN0 --- eth0 SERVER sit1 - - - ROUTER2 ----> Internet
eth1 |
| |
LAN1 --------------^
(this is a scenario where server acts as a router for LAN0, and uses
LAN1 to e.g. mount NFS shares off a server there ("nfs interface"))
If LAN0 is the primary network you want to interconnect, in SERVER you set
1) all/forwarding to 1 (naturally)
2) eth0/forwaring to 1 (at least)
Now comes the difficult part. If router is a router is a router, and you
_don't_ want to forward LAN1 through eth1 <-> sit1 or eth1 <-> eth0 under
any circumstance, you must have eth1/forwarding at 0 (or similar other
toggles) so the interface doesn't answer to router solicitations etc. In
addition, you probably have to add a netfilter rule to block the actual
forwarding (ipv4 sense) from happening.
Also, if you set sit1/forwarding to 1, ROUTER2 will see SERVER as having
IsRouter flag on. I guess this is expected.
My point being: if all/forwarding = 1, then */forwarding should probably
also default to = 1, with the above analogy. Else the router will try to
autoconfigure using RA all of its links (which a good router should not
do by default?, the 1/1 KAME scenario) which haven't been explicitly
configured not to.
Most of these are user-space decisions. Global "all"/forwarding (in
ndisc/ra sense) toggle might help in a few scenarios though.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
|