My probe works fine on IPv4, obtaining IP address, router, and DNS servers via DCHP. The IPv6 capability has me curious with two questions... I statically configured the IPv6 address via the web interface. I gave the probe an IPv6 address from my prefix, a gateway address, and the IP address of a DNS recursive server provided by my tunnel vendor. The IPv6 address shows up OK on the web interface ("Internet Address") The AS Number also shows up fine. The Gateway is "Undetermined/Unknown" The IP addr of the DNS server is listed as shown below. In the text table below the configuration info, I see: ("V" is a check, "X" is an X) Static Enabled Probe Knows Probe Uses Last Static Address Given IPv6 V V V 2001:470:xxx:xxx::xxx DNS V V X 2001:470:20::2 Question #1: Why is there an "X" for DNS in the "Probe Uses" column? Is there something wrong with that DNS server? When I query DNS from another box on the same subnet as the Atlas probe I get valid results: ; <<>> DiG 9.8.3-P4 <<>> @2001:470:20::2 atlas.ripe.net any ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19739 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;atlas.ripe.net. IN ANY ;; ANSWER SECTION: atlas.ripe.net. 5922 IN AAAA 2a01:4f8:121:30a3::78:16 atlas.ripe.net. 5911 IN A 178.63.78.16 ;; Query time: 21 msec ;; SERVER: 2001:470:20::2#53(2001:470:20::2) ;; WHEN: Mon Jul 8 12:24:01 2013 ;; MSG SIZE rcvd: 76 I also noticed this sentence at the bottom of the https://atlas.ripe.net/doc/static-config page: "...As of now, we have no way of preventing the probe from accepting RAs. So if there is an IPv6 (rogue) RA on you network, it can/will override part of the static configuration. We're unsure if this will change in the future. ..." I do have RA support on the subnet, though I would not classify it as "rogue". :) The RA provides the IPv6 prefix, prefix length, and the IPv6 address of the recursive DNS server. This RA support has been used by another box on the subnet, and it seems to work fine. Question #2: Does the Atlas v3 probe use RA if they are present? Thanks.
Hi Mike, On 2013/07/16 17:23 , Mike. wrote:
Static Enabled Probe Knows Probe Uses Last Static Address Given IPv6 V V V 2001:470:xxx:xxx::xxx DNS V V X 2001:470:20::2
Question #1: Why is there an "X" for DNS in the "Probe Uses" column? Is there something wrong with that DNS server?
The probe constructs an /etc/resolv.conf from either DHCP or the statically configured DNS resolvers. In practice it means that DHCP will win. When the probe connects to a controller it reports which DNS resolvers it is using. So the 'X' means that the probe is not using the DNS resolver you configured but instead uses the ones from DHCP.
"...As of now, we have no way of preventing the probe from accepting RAs. So if there is an IPv6 (rogue) RA on you network, it can/will override part of the static configuration. We're unsure if this will change in the future. ..."
I do have RA support on the subnet, though I would not classify it as "rogue". :) The RA provides the IPv6 prefix, prefix length, and the IPv6 address of the recursive DNS server. This RA support has been used by another box on the subnet, and it seems to work fine.
Question #2: Does the Atlas v3 probe use RA if they are present?
Yes. If the probe receives a RA that directs the probe to configure an address then it will just do that even if it already has a statically configure IPv6 address. Philip
On 7/16/2013 at 5:38 PM Philip Homburg wrote: |Hi Mike, | |On 2013/07/16 17:23 , Mike. wrote: |> |> Static Enabled Probe Knows Probe Uses Last Static Address Given |> IPv6 V V V 2001:470:xxx:xxx::xxx |> DNS V V X 2001:470:20::2 |> |> |> |> Question #1: Why is there an "X" for DNS in the "Probe Uses" column? |> Is there something wrong with that DNS server? | |The probe constructs an /etc/resolv.conf from either DHCP or the |statically configured DNS resolvers. In practice it means that DHCP will |win. When the probe connects to a controller it reports which DNS |resolvers it is using. | |So the 'X' means that the probe is not using the DNS resolver you |configured but instead uses the ones from DHCP. That makes sense. |> |> "...As of now, we have no way of preventing the probe from accepting |> RAs. So if there is an IPv6 (rogue) RA on you network, it can/will |> override part of the static configuration. We're unsure if this will |> change in the future. ..." |> |> |> I do have RA support on the subnet, though I would not classify it as |> "rogue". :) The RA provides the IPv6 prefix, prefix length, and the |> IPv6 address of the recursive DNS server. This RA support has been |> used by another box on the subnet, and it seems to work fine. |> |> |> Question #2: Does the Atlas v3 probe use RA if they are present? | |Yes. If the probe receives a RA that directs the probe to configure an |address then it will just do that even if it already has a statically |configure IPv6 address. | ============= Excellent, that is what I wanted to occur (i.e., the probe using the prefix obtained via RA). So far, using the RA for configuration, the probe appears to be doing fine with IPv6 tasks. As a suggestion, maybe the fact that the probe can use RA to configure an IPv6 address could be mentioned in an appropriate area of the documentation or FAQ? In any case, thanks for the quick reply! Mike.
participants (2)
-
Mike. -
Philip Homburg