Find the answer to your Linux question:
Results 1 to 6 of 6
I'm looking for a full solution of ND Proxy (NEIGHBOR Discovery Proxy - RFC 4389), which includes proxing of 4 IPCMv6 messages: NEIGHBOR Solicitation, NEIGHBOR Advertisement, Router Advertisement and Redirect. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4

    ND Proxy (ipv6) full support in Linux


    I'm looking for a full solution of ND Proxy (NEIGHBOR Discovery Proxy - RFC 4389), which includes proxing of 4 IPCMv6 messages: NEIGHBOR Solicitation, NEIGHBOR Advertisement, Router Advertisement and Redirect. I need such a solution as an IPv6 tethering solution for a mobile device.
    As far as I understand
    "ip -6 neigh add proxy <ip> dev <if>" proxes only NEIGHBOR Solicitation, NEIGHBOR Advertisement (and only for a predefined host and not an entire subnet).
    I've also found ndppd - NDP Proxy Daemon, which does the same for the entire subnet.
    Is there any solution for Router Advertisement and Redirect proxing in Linux? I.e. how to distribute the IPv6 prefix via Router Advertisement with a proxy bit set?

    Thanks in advance,
    Elena

  2. #2
    Just Joined!
    Join Date
    Sep 2007
    Location
    Silver Spring, MD
    Posts
    95

    IPv6 network

    Before we go into detail about a potential solution, can you describe your network for us so we can get an idea of the type of network you have and explain how it is laid out.

    Diagrams would be nice or stick figures will work just as well?

    Todd

  3. #3
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4
    Thanks for your intrest for my question.
    I'm talking about the mobile device on an LTE network, which shall provide IPv6 connectivity to several (more than 1) tethered devices.
    LTE provides the device globaly routable IPv6 address with a unique prefix. If we want the tethering to work without additional manual configuration, the device shall distribute this prefix to its tethered devices as an ND Proxy (forward Router Advertisement from the LTE Router, with Proxy bit set and with link-layer address subsituted by the device's link layer address).

    device_ND_Proxy2.jpg



    Thanks in advance,
    ElenaL
    Last edited by ElenaL; 09-05-2012 at 12:31 PM.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4
    This is a kindly reminder.
    Does anybody know the Linux solution for ND-Proxy of Router Advertisement according to RFC 4389?

    local hosts ------|br0 ND-Proxy device lte0|---- lte link ----- |router on LTE|-----rest of network,

    where br0 - interface on the device, which receives all the data from the local network, lte0 - the interface on the device, connected to the LTE Router.

    Thanks in advance,
    ElenaL

  6. #5
    Just Joined!
    Join Date
    Sep 2007
    Location
    Silver Spring, MD
    Posts
    95
    Ok,

    I am in the process of reviewing the RFC4518, it sounds like you want forward packets to a centralized device (ND Proxy) and then from there it sends the data to a router to be routed to the internet.

    As I am researching the information, there are two applications that you will need to download, install and configure in order to make this work you want.

    1. wide-dhcps6-server (distributes the ip addresses as requested), if the file dhcps6.conf does not exist, you have to create it, but the attachment below tells you how to configure it.
    2. radvd (configures the prefixes, what is being advertised - router, etc and it has the ability to configure mobility settings. If the files are not there, then do a search using find / -name radvd.conf.examples -print

    One question are you natting your internal IP address, if you are, then the way to do that would be to create a 6to4 tunnel using companies like Hurricane Electric. Use the machine you have as a centralized routing device. Forwarding needs to be enabled on the Router (Linux machine) and you have find out which interface you want to enable forwarding, since it is wireless device (wlan0) I would assume.

    Please review Hurricane Electric setup to help you with your process - Hurricane Electric IPv6 Certification and create a 6to4 tunnel. However, you stated you wanted your ip addresses to be allocated to the other devices, that means you may need a dhcpv6 and dns (using AAAA records) server configured with standard settings, dns just provides a better way to handle the long strings.

    That would give you the ability to distribute the ip address to the other machines, then you could enable "forwarding", "neighbor discovery" and "store persistent", this can be done at the dhcpv6 server level.

    The first thing would be to get IP addresses from hurricane electric, configure you dhcpv6 linux server, then configure dns with AAAA records, this can be done at the Linux server and then you control that at the dhcpv6 (forwarding, neighbor discovery, etc) .

    Follow the steps in this document - http://lacnic.net/documentos/lacnicx...and_dhcpv6.pdf

    It seems to be pretty straight forward. I am looking into it a little more because you are looking for mobility and there is another section of IPv6 mobility that is slightly different from the way this is setup.

    Todd
    Last edited by tdsan; 09-09-2012 at 05:17 PM.

  7. #6
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4
    Thanks a lot for your answer.

    I'm looking for a solution of IPv6 end-to-end connectivity wihout NATing or IPv4 in the middle.
    Globally routable IPv6 address should be assigned to the connected host (tethered device) and to the ND-Proxy device (both IPv6 addresses with the same prefix distributed by the LTE Router), and the ND-Proxy device should provide the IPv6 connectivity of the connected host to the LTE IPv6 router.

    In a meanwhile the LTE system neither supports DHCPv6 for stateless autoconfiguration nor supports DHCPv6 stateful autoconfiguration (including Prefix delegation).

    My issue is how to define the ND Proxy device to distribute LTE Network prefix locally (to allow the local PC-s stateless autoconfiguration with the LTE system Router distributed prefix). As far as I understand, radvd is a router advertisement daemon, but it is not configurable to distribute the RA messages with the P (Proxy) bit set.
    From RFC 4389:
    A new "Proxy" bit is defined in the existing Router Advertisement flags field as follows:
    +-+-+-+-+-+-+-+-+ |M|O|H|Prf|P|Rsv| +-+-+-+-+-+-+-+-+ where "P" indicates the location of the Proxy bit, and "Rsv" indicates the remaining reserved bits.

    Thanks in advance,
    ElenaL

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •