[libvirt] Proposal: no dnsmasq (no dhcp and no dns) and no radvd option
gene at czarc.net
Mon Nov 26 20:40:39 UTC 2012
On 11/26/2012 11:19 AM, Gene Czarcinski wrote:
> On 11/26/2012 10:40 AM, Gene Czarcinski wrote:
>> I understand that you can define multiple IPv4 and multiple IPv6
>> gateway addresses on a network interface but only one IPv4 DHCP and
>> one IPv6 DHCP. I can see the need for both IPv4 and IPv6 protocols
>> on a single network "fabric" but I am not sure how many real network
>> "fabrics" have multiple subnetworks on them. Yes, it could be done
>> but I am not certain why you would do that (and I am also sure that
>> someone has a very valid reason for doing that).
> Oops! There may be a problem here with radvd!.
> I have difficulty in understanding why one would define multiple IPv6
> (or even IPv4) subnetworks on a single interface. Well, I guess the
> radvd authors did also: the AdvManagedFlag on/off applies to the
> entire interface and no a specific network.
> I am verifying this but there is a chance that dsnmasq could support
> both for different subnetworks.
> I guess that dnsmasq could be used to support one and radvd used to
> support the other but ???
> I believe this may need more discussion from others. I would like to
> have someone other than the two of us chime in on this.
The answer is not good. Both radvd and dnsmasq are the same and you
must choose state-full (DHCPv6) or state-less (SLAAC):
As Simon Kelley says:
"OK, you prompted me to look at the code, which makes radvd's behavior
more understandable. The Managed flag is in the header of the
route-advertisement packet so it has, logically, to apply at all the
prefixes contained therein. The dnsmasq implementation sets the managed
flag if any of the prefixes has DHCPv6 available, but clients will take
is applying to them all."
So, for IPv6 on a virtual network you either have one IPv6 subnetwork
with state-full DHCPv6 or you can have multiple IPv6 subnetworks with
1. Ignore the true situation and keep going. I believe some users might
not like this and I certainly do not like this.
2. Start a separate radvd (or dnsmasq) to support state-full DHCPv6 and
another radvd to support additional SLAAC subnetworks. [Personally, I do
not like this solution.] /// The problem is that this solution may not
work. /// I just checked and now I remember ... it will not work. Only
one RA server per network fabric (think virtual network interface) since
ff02:: addresses are being used.
3. If an IPv6 DHCP range is specified, then any additional IPv6
subnetworks are a configuration error. I believe that this is the only
reasonable thing to do. So, if you want to define two IPv6 subnets, do
it on two different interfaces. I believe there is not much choice in
this ... it is just the way IPv6 was defined and works.
[Aside: I sure would like to know of a real-world need for multiple
IPv4 or multiple IPv6 subnetworks on a single network "fabric." The
only possible thing I could think of is the need for a data network and
a separate control network. But, from a security perspective, you
really need to use either networks with encryption separation or real
More information about the libvir-list