Today I set out to figure out how to get outbound IPv6 connectivity working with the Docker setup for Mastodon.
An overview of OS support for IPv6 resolver distribution methods
In this post I will be going over the various levels of support for IPv6 resolver distribution for popular operating systems. Focus on desktop and mobile versions of OSes as those are the ones where we are usually automatically distributing resolver information. Dual stack is implied but IPv6 only functionality can be gleaned from said information as well.
Continue reading “An overview of OS support for IPv6 resolver distribution methods”
Ubuntu 14.04 Server and IPv6 Temporary Addresses
So, as we all know Ubuntu 14.04 was released today. I downloaded the server ISO to test in VirtualBox.
Let us see what we have here:
ss@trusty-testing:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04 LTS" ss@trusty-testing:~$ ip -6 addr show dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 2001:470:1d:96b:70bb:7393:2071:faa2/64 scope global temporary dynamic valid_lft 597675sec preferred_lft 78675sec
Wait what? Am I going blind or is that an IPv6 temporary address [0] on a supposedly server image?
Investigating further:
ss@trusty-testing:~$ sudo sysctl -a | grep tempaddr net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2 net.ipv6.conf.eth0.use_tempaddr = 2 net.ipv6.conf.lo.use_tempaddr = 2
What the hell? Not only did they leave temporary addresses turned on, they set the sysctl value at 2 which means that the system will prefer temporary addresses over standard ones for making connections. [1]
I asked around and apparently this is the case on Ubuntu 12.04 server as well.
ss@ubuntu-testing:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS" ss@ubuntu-testing:~$ sudo sysctl -a | grep tempaddr net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2 net.ipv6.conf.eth0.use_tempaddr = 2 net.ipv6.conf.lo.use_tempaddr = 2
So that is two LTS server releases with IPv6 temporary addresses turned on and set to 2.
Why are temporary addresses bad on a server?
Unpredictability – anything depending on source address validation. Even SLAAC addresses are more predictable because they can be calculated given the MAC address of the NIC.
Ideally, you should be configuring your server’s addresses statically. Leaving temporary addresses turned on on a server image is just a bad default.
References:
[0] – https://tools.ietf.org/html/rfc4941
[1] – http://ipv6int.net/systems/linux-ipv6.html#privacy
Transitioning to a fully functional home IPv6 network
I recently obtained a new router, a Mikrotik RB751G-2HnD and wanted to test the IPv6 capabilities in their operating system. My previous router, a Linksys Cisco WRT160N (revision 1) running DD-WRT had an issue where IPv6 connectivity would randomly die even though all routes and interface settings were correct.
Continue reading “Transitioning to a fully functional home IPv6 network”