blob: 0c222d807b80495058b0a1aa3bbbe6eaf649fd1c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} ipv6 address autoconf
:abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts
can configure themselves automatically when connected to an IPv6 network using
the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message
Protocol version 6)` router discovery messages. When first connected to a
network, a host sends a link-local router solicitation multicast request for
its configuration parameters; routers respond to such a request with a router
advertisement packet that contains Internet Layer configuration parameters.
.. note:: This method automatically disables IPv6 traffic forwarding on the
interface in question.
Example:
.. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address autoconf
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} ipv6 address eui64 <prefix>
:abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in
:rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address.
Example:
.. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address eui64 2001:db8:beef::/64
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} ipv6 address no-default-link-local
Do not assign a link-local IPv6 address to this interface.
Example:
.. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address no-default-link-local
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} ipv6 disable-forwarding
Configure interface-specific Host/Router behaviour. If set, the interface will
switch to host mode and IPv6 forwarding will be disabled on this interface.
Example:
.. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 disable-forwarding
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} ipv6 adjust-mss <mss | clamp-mss-to-pmtu>
As Internet wide PMTU discovery rarely works, we sometimes need to clamp our
TCP MSS value to a specific value. This is a field in the TCP options part of
a SYN packet. By setting the MSS value, you are telling the remote side
unequivocally 'do not try to send me packets bigger than this value'.
.. note:: This command was introduced in VyOS 1.4 - it was previously called:
``set firewall options interface <name> adjust-mss6 <value>``
.. hint:: MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in
1432 bytes on a 1492 byte MTU.
Instead of a numerical MSS value `clamp-mss-to-pmtu` can be used to
automatically set the proper value.
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} ipv6 accept-dad <1-3>
Whether to accept DAD (Duplicate Address Detection).
- 0: Disable DAD
- 1: Enable DAD (default)
- 2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found.
Example:
.. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 accept-dad 2
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} ipv6 dup-addr-detect-transmits <n>
The amount of Duplicate Address Detection probes to send.
Default: 1
Example:
.. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 dup-addr-detect-transmits 5
|
