[GLLUG] radvd and vlans

[Tim Woodall]

Hi all,

I'm getting some very bizarre behaviour from radvd when I try to add
vlan interfaces.

The possibly unusual feature is that the eth0 vlans share a common
subnet with eth0. Most people have one subnet per vlan.

Radvd is sitting there ticking nicely advertising on eth0. radvdump also
shows I've got some announcements coming in on eth2 but they don't have
any useful information in them and I'm not using eth2 for IP (and can
disable ipv6 on the interface)

I bring up the two vlans: ifup eth0.100; ifup eth0.102

And suddenly my RA that were going out on eth0 are going out on eth2
instead! Adding RA stanzas for eth0.100 and eth0.102 and they all go out
on eth2!


What I want to do is have radvd advertising on eth0, eth0.100 and
eth0.102.

eth0.100 and eth0.102 are intended for global traffic but not
local traffic so would have AdvOnLink off.
eth0 is intended for local traffic but not global traffic so would have
AdvRouteLifetime 0 for the default route. (This is the only way I could
find to stop a default route being added for the interface)

I then need to do some jiggerypokery with ip rules and iptables CONNMARK
to get all the reply traffic working - but I'm failing at the first
hurdle as radvd stops advertising what I've got configured on the
interfaces.

Disabling ipv6 on eth2 just causes ALL of the announcements to switch to
another (single) interface.

Stopping and restarting radvd doesn't fix things.


Perhaps someone has a better way to do what I'm trying to do?

I want privacy addressing turned on but I want to do *outbound* traffic
filtering at the firewall. So I'm giving each host a vlan so that then
the firewall can filter based on the vlan the traffic is arriving on.

(In the IPv4 world I've filtered by source addressing - and at the
moment I've disabled privacy addressing and am doing the same thing for
IPv6 but it bugs me that the *only* ipv6 IP that allows any inbound
traffic to the host is being made visible to everyone the host connects
to)

Tim.