Summary: | net-misc/netifrc-0.1: bridge interfaces shouldn't keep their ipv6 address | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sven <sven.koehler> |
Component: | [OLD] Core system | Assignee: | netifrc Team <netifrc> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | kfm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | netifrc:bridge | ||
Package list: | Runtime testing required: | --- |
Description
Sven
2014-05-08 14:32:03 UTC
Does the link-local address actually harm anything? It's not routable from outside the link, and my testing seems to indicate that traffic bound for eth0's link-local address is handled properly by the bridge. After setting up a bridge, the computer should only respond to the link local address that corresponds to the MAC of the bridge interface (it could be different from the MAC of any interface in the bridge). The reason is that logically, from a network topology point of view, the computer that is running the bridge only has one network interface (namely the bridge interface itself). Unless we disable IPv6 for bridge interfaces, a computer with 3 bridged network cards has 4 link local IPv6 address in the worst case: one for the MAC of each network interface and one for the MAC of the bridge interface. Does that seem OK to you? Would it be possible for a process to reach computers attached to interface eth1 via the link-local address corresponding to the MAC of interface eth0? Note that packets sent via eth0 and eth1 don't go through the bridging layer. I don't think this will work. And if it works, I would accuse someone of black magic. (It really shouldn't work!) But if it helps, disabling IPv6 selectively per interface should be a feature of general use, beyond bridging. Maybe I just want IPv4 but no IPv6 on an interface. Having no IPv4 address is totally possible (simply but not setting one) but the kernel currently forced IPv6 link local address on us for no good reason. The reason that I don't want an IPv6 address could be that I don't have or want an IPv6 firewall for example. Hello, After many hours struggling to understand why I was getting a fe80:: ipv6 on my disabled eth0, I stumbled upon this great bug report. I have the exact same configuration, so I added the function and no more trouble now. ---- config_eth0="null" preup() { echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6 return 0 } bridge_br0="eth0" config_br0="dhcp" bridge_forward_delay_br0=0 bridge_hello_time_br0=1000 ---- I don't know if that's the right way to do it, I tried the sysctl.conf method but for some reason, it didn't work. Anyway, thanks Sven. Hi David, you may want to switch to systemd-networkd. I am using the following config: # cat 00-br0.netdev [NetDev] Name=br0 Kind=bridge MACAddress=XX:XX:XX:XX:XX:XX # cat 20-wired.network [Match] Name=enp[56]s0* [Network] Bridge=br0 ConfigureWithoutCarrier=yes # cat 21-bridge.network [Match] Name=br0 [Network] DHCP=yes Adjust that to your needs. The enp?s0* interfaces do not have IPv4 or IPv6 enabled with that config. I don't remember that I had to do anything special for that. It worked properly out of the box. |