- 1 Current status
- 2 Proposal
- 3 DISCONNECTED state considerations
- 4 Related bug reports
- Automatic link-local addresses
- Manual addresses
- Automatic global address
- Gateway/DNS for other hosts (IPv4 only)
- IPv6: Automatic global address needs link-local address
- Gateway needs a manual address (at least a default one), conflicts with dynamic address
IPv4/IPv6 methods broken down to features
- Even when IPv4 is in the disabled state, the network interface communicates on the L2 level.
- There's no disable method for IPv6 and its semantics is unclear (whether disable means the same as link-local, or it also applies to the link-local address which is unaffected in all other methods).
- The usage of IPv4 and IPv6 link-local addresses substatially differs. While IPv6 uses link-local addresses for *all* methods, IPv4 only uses it for the special link-local method.
- The IPv4 disable and IPv4/manual methods only differ in the number of addresses (0 versus >=1), therefore one of them is redundant.
- The IPv6 link-local and IPv6/manual methods only differ in the number of addresses (0 versus >=1), therefore one of them is redundant.
- The IPv6 dhcp method is currently defunct.
- There's no IPv6 shared method, yet.
All possible feature combinations
|no||no||no||no||method=disabled||unsupported||kernel's disable_ipv6 buggy|
|no||no||no||yes||invalid||invalid||missing manual address|
|no||no||yes||no||method=auto||invalid||missing IPv6 link-local address|
|no||no||yes||yes||invalid||invalid||missing manual address|
|no||yes||no||no||method=manual||unsupported||missing kernel feature|
|no||yes||no||yes||method=shared||unsupported||missing kernel feature|
|no||yes||yes||no||method=auto||unsupported||missing kernel feature|
|no||yes||yes||yes||invalid||invalid||both sides of dynamic configuration|
|yes||no||no||yes||invalid||invalid||missing manual address|
|yes||no||yes||yes||invalid||invalid||missing manual address|
|yes||yes||no||yes||method=shared||unsupported||IPv6 connection sharing is not implemented|
|yes||yes||yes||yes||invalid||invalid||both sides of dynamic configuration|
- L: Automatic link-local addresses
- M: Manual addresses
- A: Automatic global address
- G: Gateway/DNS for other hosts
- There's a bug in the kernel (found by Dan Winship) that once setting IFF_UP with disable_ipv6=1 affects future state. But we shouldn't need disable_ipv6 just as we don't need disable_ipv4, see the next note.
- Kernel doesn't support turning link-local addressing on/off (without affecting other features). Some people may view it as a good thing, others as an undue limitation.
Use one configuration directives per feature whenever possible, use multiple configuration directives per feature where further tweaking is needed.
|link-local||enabled||configure LL address as soon as possible|
|fallback||configure a LL address when other configuration methods failed|
|disabled||default for IPv4|
|undefined||default for IPv6, use system default|
|disabled||skip directly to DHCP (if enabled)|
|ignored||a compatibility option to implement current method=ignore|
|disabled||don't use DHCP|
|router||enabled||provide connection sharing facilities|
- Manual address configuration would be turned on by configuring at least one manual address.
Consequences on IPv6 configuration
|yes||no||yes||broken||link-local and DHCPv6 (without rdisc)|
|yes||yes||no||unsupported||link-local and rdisc only|
|yes||yes||yes||method=auto||link-local and rdisc, DHCPv6 if requested by router|
- For any valid combination of the above directives, you can optionally add one or more manually specified addresses.
- The DHCP only method is not properly implemented and it never worked.
Consequences on IPv4 configuration
|no||yes||method=auto||classic DHCP configuration|
|yes||no||unsupported||link-local method doesn't allow manual addresses|
|yes||yes||unsupported||immediate link-local, follow-up DHCP|
|fallback||yes||unsupported||DHCP with fallback to link-local}|
DISCONNECTED state considerations
Interpretations of the DISCONNECTED state
The strictest and most secure interpretation of DISCONNECTED state would require the device to behave as if there was no physical connection, i.e. as if the cable was unplugged. That would mean *no* communication on the wire at all. Simplest way to implement it is to unset IFF_UP.
- We can't wait for link carrier as that requires L1 communication, at the least.
- It would break non-IP protocols and IPv6 zeroconf networking
No IPv4/IPv6 communication
A hybrid interpretation of DISCONNECTED state is that L1 and L2 communication is allowed but the IP layer must be turned off.
- It would break IPv6 zeroconf networking
A relaxed interpretation that integrates well with zeroconf configuration. A kernel IPv6 link-local address is never removed unless a connection is activated whose configuration explicitly requests that.
No size fits all. The best way to choose between those policies whould IMO be a sysctl used for turning link-local addresses on/off. That's not implemented in the kernel. Reversed value of disable_ipv6 could be theoretically used instead, as we don't expect any other configuration during the DISCONNECTED phase but it would have to be fixed in the kernel.
An alternative would be to add a global configuration directive to NetworkManager but that sounds redundant to me as people already use sysctls for stuff like that.
Zeroconf-friendly workflow example
1) The administrator allows IPv6 link-local addresses for all interfaces in
/etc/sysctl.conf and ensures the file is committed into kernel's runtime configuration. Currently he doesn't have to do anything as link-local addresses are enabled by default and there's no separate directive for link-local addresses.
2) Optional: Some of the wired interfaces are set up to be available using zeroconf. The kernel assings link-local IPv6 addresses to them.
3) NetworkManager is started and wants to manage an interface. It sets its IFF_UP flag if necessary. It sees that link-local addresses are enabled on the interface (from sysctl) and it doesn't perform any action that would result in removing the link-local address.