net/ndproxy: Add ndproxy manual #641
Conversation
…ighlight the dynamic routing manual.
| -------------------------------------------------- | ||
|
|
||
| - **Promiscuous Mode**: | ||
| The listening interface (WAN) must be set to promiscuous mode. |
There was a problem hiding this comment.
If the WAN is a VLAN you need to assign a parent and set promisc mode there. May be worth a note?
| Otherwise the router can not join multicast groups to respond to solicitations for hosts in the LAN. | ||
|
|
||
| - **Link-Local Address**: | ||
| The listening interface (WAN) requires at least a link-local IPv6 address. |
There was a problem hiding this comment.
This requirement is true but in 99% of cases that is a given (unless somebody wedges WAN on a bridge where link-local option was not set -- but the text here will not help those either)
|
|
||
| - **Link-Local Address**: | ||
| The listening interface (WAN) requires at least a link-local IPv6 address. | ||
| If you want to add a GUA (Global Unicast Address) to WAN, it must be with /128 Prefix. |
There was a problem hiding this comment.
Only if it is in the same /64 being proxied.
|
|
||
| .. Attention:: | ||
|
|
||
| If WAN and LAN both have a GUA configured with the same /64 Prefix, this setup will not work. The network stack will not be able |
There was a problem hiding this comment.
Yep, circling back to the other sentence before this, maybe this can be condensed.
|
|
||
| - **Switch configuration**: | ||
|
|
||
| If there is a switch between the PE and CPE router, ensure there is no MLD snooping or Multicast (IGMP) snooping configured |
| Prefix Delegation: /56 | | ||
| | | | ||
| fe80::1/64 fe80::1/64 | ||
| 2001:db8::/56 2001:db8::3/64 |
There was a problem hiding this comment.
Not sure if 2001:db8::3/64 is strictly necessary, especially with a shifting prefix this is impractical. But in the dynamic case a track interface setting works anyway?
There was a problem hiding this comment.
The setup here is just to "grasp" how a working setup can look like. It has to make sense from a routing perspective after all.
If I just put "Track Interface" there, it is not clear.
In the actual tutorial section, track interface is used to make everything dynamic.
| ============================================== ==================================================================== | ||
| **Enable** ``X`` | ||
| **Range** from: ``2001:db8::2`` to: ``2001:db8::2`` | ||
| **Prefix Delegation Range** from: ``2001:db8::`` to: ``2001:db8::`` |
There was a problem hiding this comment.
Ah ok you need the GUA for the DHCPv6. For SLAAC/RA I think you can do without the GUA
There was a problem hiding this comment.
The GUA is not strictly needed for DHCPv6 to work here. The range can also be left empty.
But getting a /128 on the WAN can be important, e.g. for IPv6 VPN tunnels.
|
|
||
| .. Note:: | ||
|
|
||
| `Request Prefix Only` is optional, but needed if your WAN interface would autoconfigure a /64 GUA. |
There was a problem hiding this comment.
Don't understand this. SLAAC is a separate range and /64. IA-NA is /128 -- IA-PD is /64 but not directly assigned to WAN so LAN could already use it?
There was a problem hiding this comment.
Im not sure here either. It works with this enabled, and also disabled.
But if Router Advertisements would be set to Assisted on the Upstream Router, there could be a DHCPv6 /128 and a SLAAC /64 configured at the same time. I saw that happen, maybe it was a weird one time thing on my side but it wrecked my routing until I found that out.
Sounds like a good plan, I appreciate the help. :) |
For opnsense/plugins#4348