Modifying an IPv6 Interface Configuration for Hosts and Servers

This section explains how to modify the configuration of IPv6-enabled interfaces on nodes that are hosts or servers. In most instances, you should use address autoconfiguration for IPv6-enabled interfaces, as explained in Stateless Autoconfiguration Overview. However, you can modify the IPv6 address of an interface, if necessary, as explained in the tasks of this section.

Modifying an IPv6 Interface Configuration (Task Map)

Task	Description	For Instructions
Turn off IPv6 address autoconfiguration.	Use this task if you need to manually configure the interface ID portion of the IPv6 address.	How to Turn Off IPv6 Address Autoconfiguration
Create a temporary address for a host.	Hide a host's interface ID by configuring a randomly created temporary address that is used as the lower 64 bits of the address.	How to Configure a Temporary Address
Configure a token for the interface ID of a system.	Create a 64-bit token to be used as the interface ID in an IPv6 address.	How to Configure a User-Specified IPv6 Token

Using Temporary Addresses for an Interface

An IPv6 temporary address includes a randomly generated 64-bit number as the interface ID, instead of an interface's MAC address. You can use temporary addresses for any interfaces on an IPv6 node that you want to keep anonymous. For example, you might want to use temporary addresses for the interfaces of a host that needs to access public web servers. Temporary addresses implement IPv6 privacy enhancements. These enhancements are described in RFC 3041, available at “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”.

You enable a temporary address in the /etc/inet/ndpd.conf file for one or more interfaces, if needed. However, unlike standard, autoconfigured IPv6 addresses, a temporary address consists of the 64-bit subnet prefix and a randomly generated 64-bit number. This random number becomes the interface ID segment of the IPv6 address. A link-local address is not generated with the temporary address as the interface ID.

Be aware that temporary addresses have a default preferred lifetime of one day. When you enable temporary address generation, you may also configure the following variables in the /etc/inet/ndpd.conf file:

valid lifetime TmpValidLifetime

Time span in which the temporary address exists, after which the address is deleted from the host.

preferred lifetime TmpPreferredLifetime

Elapsed time before the temporary address is deprecated. This time span should be shorter than the valid lifetime.

address regeneration

Duration of time before the expiration of the preferred lifetime, during which the host should generate a new temporary address.

You express the duration of time for temporary addresses as follows:

n

n number of seconds, which is the default

n h

n number of hours (h)

n d

n number of days (d)

How to Configure a Temporary Address

1. Log in to the IPv6 host as Primary Administrator or as superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. If necessary, enable IPv6 on the host's interfaces

   Refer to How to Enable an IPv6 Interface for the Current Session.

3. Edit the /etc/inet/ndpd.conf file to turn on temporary address generation.

   • To configure temporary addresses on all interfaces of a host, add the following line to /etc/inet/ndpd.conf:

     ifdefault TmpAddrsEnabled true

   • To configure a temporary address for a specific interface, add the following line to /etc/inet/ndpd.conf:

     if interface TmpAddrsEnabled true 

4. (Optional) Specify the valid lifetime for the temporary address.

   ifdefault TmpValidLifetime duration

   This syntax specifies the valid lifetime for all interfaces on a host. The value for duration should be in seconds, hours, or days. The default valid lifetime is 7 days. You can also use TmpValidLifetime with the if interface keywords to specify the valid lifetime for a temporary address of a particular interface.

5. (Optional) Specify a preferred lifetime for the temporary address, after which the address is deprecated.

   if interface TmpPreferredLifetime duration

   This syntax specifies the preferred lifetime for the temporary address of a particular interface. The default preferred lifetime is one day. You can also use TmpPreferredLifetime with the ifdefault keyword to specify the preferred lifetime for the temporary addresses on all interfaces of a host.

   ---

   Note - Default address selection gives a lower priority to IPv6 addresses that have been deprecated. If an IPv6 temporary address is deprecated, default address selection chooses a nondeprecated address as the source address of a packet. A nondeprecated address could be the automatically generated IPv6 address, or possibly, the interface's IPv4 address. For more information about default address selection, see Administering Default Address Selection.

   ---

6. (Optional) Specify the lead time in advance of address deprecation, during which the host should generate a new temporary address.

   ifdefault TmpRegenAdvance duration

   This syntax specifies the lead time in advance of address deprecation for the temporary addresses of all interfaces on a host. The default is 5 seconds.

7. Change the configuration of the in.ndpd daemon.

   # pkill -HUP in.ndpd
   # /usr/lib/inet/in.ndpd

8. Verify that temporary addresses have been created by running the ifconfig -a6 command, as shown in Example 7-5.

   The output from ifconfig should have the word TEMPORARY in the same line as the interface definition.

Example 7-4 Temporary Address Variables in the /etc/inet/ndpd.conf File

The following example shows a segment of an /etc/inet/ndpd.conf file with temporary addresses enabled for the primary network interface.

ifdefault TmpAddrsEnabled true

ifdefault TmpValidLifetime 14d

ifdefault TmpPreferredLifetime 7d

ifdefault TmpRegenAdvance 6s

Example 7-5 ifconfig-a6 Command Output with Temporary Addresses Enabled

This example shows the output of the ifconfig command after temporary addresses are created.

# ifconfig -a6
lo0: flags=2000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 1 
     inet6 ::1/128
hme0: flags=2000841 <UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2 
     ether 8:0:20:b9:4c:54
     inet6 fe80::a00:20ff:feb9:4c54/10
hme0:1: flags=2080841 <UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2 
     inet6 2001:db8:3c4d:15:a00:20ff:feb9:4c54/64
hme0:2: flags=802080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6,TEMPORARY> mtu 1500 index 2 
      inet6 2001:db8:3c4d:15:7c37:e7d1:fc9c:d2cb/64

Note that the line following interface hme0:2 includes the word TEMPORARY. This designation indicates that the address 2001:db8:3c4d:15:7c37:e7d1:fc9c:d2cb/64 has a temporary interface ID.

See Also

• To set up name service support for IPv6 addresses, see Configuring Name Service Support for IPv6.

• To configure IPv6 addresses for a server, see How to Configure a User-Specified IPv6 Token.

• To monitor activities on IPv6 nodes, see Chapter 8, Administering a TCP/IP Network (Tasks).

Configuring an IPv6 Token

The 64-bit interface ID of an IPv6 address is also referred to as a token, as introduced in IPv6 Addressing Overview. During address autoconfiguration, the token is associated with the interface's MAC address. In most cases, nonrouting nodes, that is IPv6 hosts and servers, should use their autoconfigured tokens.

However, using autoconfigured tokens can be a problem for servers whose interfaces are routinely swapped as part of system maintenance. When the interface card is changed, the MAC address is also changed. Servers that depend on having stable IP addresses can experience problems as a result. Various parts of the network infrastructure, such as DNS or NIS, might have stored specific IPv6 addresses for the interfaces of the server.

To avoid address change problems, you can manually configure a token to be used as the interface ID in an IPv6 address. To create the token, you specify a hexadecimal number of 64 bits or less to occupy the interface ID portion of the IPv6 address. During subsequent address autoconfiguration, Neighbor Discovery does not create an interface ID that is based on the interface's MAC address. Instead, the manually created token becomes the interface ID. This token remains assigned to the interface, even when a card is replaced.

---

Note - The difference between user-specified tokens and temporary addresses is that temporary addresses are randomly generated, rather than explicitly created by a user.

---

How to Configure a User-Specified IPv6 Token

The next instructions are particularly useful for servers whose interfaces are routinely replaced. They also are valid for configuring user-specified tokens on any IPv6 node.

1. Assume the Primary Administrator role or become superuser on the node.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Verify that the interface you want to configure with a token is plumbed.

   An interface must be plumbed before you can configure a token for its IPv6 address.

   # ifconfig -a6

   qfe0: flags=2000841 <UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
           ether 0:3:ba:13:14:e1 
           inet6 fe80::203:baff:fe13:14e1/10

   This output shows that the network interface qfe0 is plumbed and has the link-local address fe80::203:baff:fe13:14e1/10. This address was automatically configured during installation.

3. Create one or more 64-bit hexadecimal numbers to be used as tokens for the node's interfaces. For examples of tokens, refer to Link-Local Unicast Address.
4. Configure each interface with a token.

   Use the following form of the ifconfig command for each interface to have a user-specified interface ID (token):

   ifconfig interface inet6  token address/64

   For example, you would use the following command to configure interface qfe0 with a token:

   # ifconfig qfe0 inet6 token ::1a:2b:3c:4d/64 

   Repeat this step for every interface that will have a user-specified token.

5. (Optional) Make the new IPv6 address persist across reboots.
   1. Edit or create an /etc/hostname6.interface file for each interface you configured with a token.
   2. Add the following text at the bottom of each /etc/hostname.6interface file:

      token ::token-name/64

      For example, you might add the following text to the bottom of an/etc/hostname6.interface file:

      token ::1a:2b:3c:4d/64

   After the system reboots, the token that you configured in an /etc/hostname6.interface file is applied to the interface's IPv6 address. This IPv6 address remains persistent across subsequent reboots.

6. Update the IPv6 daemon with your changes.

   # pkill -HUP -in.ndpd

Example 7-6 Configuring a User-Specified Token on an IPv6 Interface

In the following example, the interface bge0:1 has an autoconfigured IPv6 address. The subnet prefix 2001:db8:3c4d:152:/64 is advertised by a router on the node's local link. The interface ID 2c0:9fff:fe56:8255 is generated from bge0:1's MAC address.

# ifconfig -a6
lo0: flags=2002000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128
bge0: flags=2100801 <UP,MULTICAST,IPv6> mtu 1500 index 5
        inet6 fe80::2c0:9fff:fe56:8255/10
        ether 0:c0:9f:56:82:55
bge0:1: flags=2180801 <UP, MULTICAST,ADDRCONF,IPv6>mtu 1500 index 5
        inet6 2001:db8:3c4d:152:c0:9fff:fe56:8255/64
# ifconfig bge0 inet6 token ::1a:2b:3c:4d/64
# vi /etc/hostname6.bge0
token ::1a:2b:3c:4d/64
# pkill -HUP -in.ndpd
# ifconfig -a6
lo0: flags=2002000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128
bge0: flags=2100801 <UP,MULTICAST,IPv6> mtu 1500 index 5
        inet6 fe80::2c0:9fff:fe56:8255/10
        ether 0:c0:9f:56:82:55
bge0:1: flags=2180801 <UP, MULTICAST,ADDRCONF,IPv6>mtu 1500 index 5
        inet6 2001:db8:3c4d:152:1a:2b:3c:4d/64

After the token is configured, the global address on the second status line of bge0:1 now has 1a:2b:3c:4dconfigured for its interface ID.

See Also

• To update the name services with the IPv6 addresses of the server, see Configuring Name Service Support for IPv6.

• To monitor server performance, see Chapter 8, Administering a TCP/IP Network (Tasks).

Administering IPv6-Enabled Interfaces on Servers

When you plan for IPv6 on a server, you must make a few decisions as you enable IPv6 on the server's interfaces. Your decisions affect the strategy to use for configuring the interface IDs, also known as tokens, of an interface's IPv6 address.

How to Enable IPv6 on a Server's Interfaces

Before You Begin

The next procedure assumes the following:

• Solaris 10 OS is already installed on the server.

• You enabled IPv6 on the server's interfaces either during Solaris OS installation or later, using the procedures in Configuring an IPv6 Interface.

If applicable, upgrade the application software to support IPv6. Note that many applications that run on the IPv4 protocol stack also successfully run on IPv6. For more information, refer to How to Prepare Network Services for IPv6 Support.

1. On the server, assume the Primary Administrator role or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Ensure that an IPv6 subnet prefix is configured on a router on the same link as the server.

   For more information, refer to Configuring an IPv6 Router.

3. Use the appropriate strategy for the interface ID for the server's IPv6-enabled interfaces.

   By default, IPv6 address autoconfiguration uses the MAC address of an interface when creating the interface ID portion of the IPv6 address. If the IPv6 address of the interface is well known, swapping one interface for another interface can cause problems. The MAC address of the new interface will be different. During address autoconfiguration, a new interface ID is generated.

   • For an IPv6-enabled interface that you do not plan to replace, use the autoconfigured IPv6 address, as introduced in IPv6 Address Autoconfiguration.

   • For IPv6-enabled interfaces that must appear anonymous outside the local network, consider using a randomly generated token for the interface ID. For instructions and an example, refer to How to Configure a Temporary Address.

   • For IPv6-enabled interfaces that you plan to swap on a regular basis, create tokens for the interface IDs. For instructions and an example, refer to How to Configure a User-Specified IPv6 Token.