Mailinglist Archive: opensuse (686 mails)

< Previous Next >
Re: [opensuse] IPv6 - do you use SLAAC or DHCP ?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Wed, 03 Jul 2013 08:43:01 +0200
  • Message-id: <kr0h5l$oq8$1@saturn.local.net>
James Knott wrote:

Per Jessen wrote:
Yes, I do. Not all systems got both types though. When a system is
assigned both, which one is used for outgoing connections?

The random address.


When I started radvd on the router/firewall, most of my systems only
had one address, the MAC-based one. I would not want the random
address used for outgoing connections though. (for arbitrary clients
yes, but not for anything fixed). I mean, imagine a mailserver
delivering outgoing mail from a random address??

Think of outgoing as you using a browser and incoming, your servers.
It is only the incoming traffic that needs to know the address. So,
look up your MAC based address and use it for your DNS. For outgoing,
it really doesn't matter which you use. There's a way to turn off
random, but I don't recall the details at the moment.

For outgoing, at least for a mailserver, it does matter a lot which
address is being used. Using the random address would mean the
receiving server would have no way of identifying the sending server.

If using dhclient6 actually means not getting a random address assigned,
that's probably what I need to do.

It's possible that most of our systems are too old (pre 12.x) for the
random address to work, but with 13.1M2 I got this:


2: enp3s1f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq
state UP qlen 1000
link/ether 00:15:60:57:07:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.140/21 brd 192.168.7.255 scope global enp3s1f0
valid_lft forever preferred_lft forever
inet6 2001:db8:2010:1ff:a5e4:4fb7:2ef0:5d1b/64 scope global
temporary dynamic
valid_lft 557201sec preferred_lft 38201sec
inet6 2001:db8:2010:1ff:215:60ff:fe57:7f1/64 scope global dynamic
valid_lft 2550353sec preferred_lft 563153sec
inet6 fe80::215:60ff:fe57:7f1/64 scope link
valid_lft forever preferred_lft forever


"fe80::215:60ff:fe57:7f1/64 scope link" is your link local address.
That will never change, unless you replace the NIC.

Right.

"2001:db8:2010:1ff:215:60ff:fe57:7f1/64 scope global dynamic" is your
MAC based address. Use this in your DNS.

Right.

"inet6 2001:db8:2010:1ff:a5e4:4fb7:2ef0:5d1b/64 scope global temporary
dynamic" is your random number address. As you get more, all but the
lastest will say "temporary deprecated dynamic". I've got 3 of those.

Interesting.

Thanks James, I'll be back with more questions :-)


--
Per Jessen, Zürich (17.7°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >