I'm not 100% sure but I don't think you can do what you are asking.
Typically you send a dhcpv6 request upstream and request a delegated
prefix, and then you assign one of those addresses to your LAN interface
and use the DP as the address block for the RA.

The RA you receive from upstream is in the same subnet as your WAN so it's
sort of weird to use that internally unless you are just bridging traffic.
I've never done this so it's possible I'm completely wrong. :)

-john

Yes if you're bridging multiple interfaces on the lan side, then you would
assign the address the bridge interface.

Hi Aaron,

I am guessing you are right
 the prefix would need to be assigned to br0 so the constructor and delegations work correctly.

In our router, we would be routing IPv6 traffic from br0 to eth0, and vice versa. At least in IPv4, this results in an IP address assigned to the eth0 address (ie. 172.25.20.90) which is in the service provider space and a private network would be established on the LAN br0 (ie 192.168.1.1). For IPv6, it would be my expectation to route traffic from br0 to eth0 in the same way. When we receive the RA on the WAN interface, the prefix in the RA is only applied to the WAN interface generating its IPv6 Global address there via PD. Unfortunately, the PD does not get applied to the br0 interface. I am assuming that in other routers this prefix is also used by PD to configure the br0 interface (LAN side)? Otherwise, not sure how the constructor:br0 would work.

It is kinda like chicken and the egg problem
 how does br0 get its prefix established without the RA being seen on that interface
 while with dnsmasq, how does it do RA without the underlying interface (br0) having a prefix? If dnsmasq sends advertises RA on br0, I am pretty sure the prefix contained in the RA would also configure the br0?

John

From: Aaron Wood [mailto:***@gmail.com]
Sent: Tuesday, March 07, 2017 4:19 PM
To: John Knight
Cc: John Newlin; dnsmasq-***@lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Cannot get IPv6 RA to occur

John,

Doesn't the prefix need to be assigned to br0, and not to eth0, so that the constructor and delegations work correctly?

-Aaron

On Tue, Mar 7, 2017 at 3:33 PM, John Knight <***@belkin.com<mailto:***@belkin.com>> wrote:
Thanks John for the info on the RA interval.

My main problem however is that dnsmasq is not advertising the RA. I think I don’t understand how the constructor works. In my case, the WAN interface receives the RA from the upstream router. I then want to use this same prefix of the WAN interface and have dnsmasq send to LAN interface. How do I do this?

If I specify constructor:eth0, it does indeed find the prefix used to create IPv6 Global address on WAN interface
 but dnsmasq then assumes I want to do RA advertisements on eth0! Which I do not
 I want dnsmasq to use the same prefix on the LAN interface (br0). So this seems to be wrong:

enable-ra

dhcp-range=net:br0,::1,::400,constructor:eth0,ra-names,64,12h

ra-param=br0,60


And results in the following logged messages:
ar 2 12:10:40 dnsmasq-dhcp[6026]: DHCPv6, IP range ::1 -- ::400, lease time 12h, template for eth0
Mar 2 12:10:40 dnsmasq-dhcp[6026]: DHCPv4-derived IPv6 names on eth0
Mar 2 12:10:40 dnsmasq-dhcp[6026]: router advertisement on eth0
Mar 2 12:10:40 dnsmasq-dhcp[6026]: DHCPv6, IP range 2001:db8:100:5555::1 -- 2001:db8:100:5555::400, lease time 12h, con
Mar 2 12:10:40 dnsmasq-dhcp[6026]: DHCPv4-derived IPv6 names on 2001:db8:100:5555::, constructed for eth0
Mar 2 12:10:40 dnsmasq-dhcp[6026]: router advertisement on 2001:db8:100:5555::, constructed for eth0
Mar 2 12:10:40 dnsmasq-dhcp[6026]: IPv6 router advertisement enabled

If I specify constructor:br0, then it does not find the prefix as there is prefix on the LAN interface. It seems that dnsmasq assumes that there is already a prefix applied to the LAN interface. The question I have then, is how does the LAN interface get configured? The RA is only seen on the WAN interface
 how is SLACC applied to the br0 interface? I am trying to understand how this is supposed to work. I presume that once the LAN interface is configured and I use the constructor:br0 in my configuration, then I am guessing I will start seeing the RA being advertised. Am I right?

Comments anyone?

John
From: John Newlin [mailto:***@google.com<mailto:***@google.com>]
Sent: Tuesday, March 07, 2017 12:37 PM
To: John Knight
Cc: dnsmasq-***@lists.thekelleys.org.uk<mailto:dnsmasq-***@lists.thekelleys.org.uk>
Subject: Re: [Dnsmasq-discuss] Cannot get IPv6 RA to occur

I think you need an:
ra-param=${internal_iterface},60

The 60 is send an RA every 60 seconds.



On Tue, Mar 7, 2017 at 11:57 AM, John Knight <***@belkin.com<mailto:***@belkin.com>> wrote:
Hi,

I am trying to get dnsmasq to send out IPv6 RAs to my LAN interface (br0), but can’t seem to get it to work. I have tried various configurations I have found on the internet, but to no avail.

I am using dnsmasq 2.76. My router has WAN interface (eth0) that has an IPv6 global address that was configured via PD from RAs received from upstream router. I am trying to use dnsmasq to service the LAN clients on br0, and to do this I want to enable dnsmasq router advertisements (RA).

Here is my current attempt at configuration:
dhcp-range=::a,constructor:br0,ra-names,1d
enable-ra

I have also tried this:
dhcp-range=tag:br0,::1,::FFFF:FFFF:FFFF:FFFF,constructor:br0,ra-names,1h
enable-ra

And many other variants of the above.

The dnsmasq.log file shows the following:
DHCPv4-derived IPv6 names on br0
Router advertisement on br0
IPv6 router advertisement enabled

However, my LAN client attached to br0 does not receive an RA. It never establishes a global IPv6 address. I have also verified this using “tcpdump –I br0 | grep advert”. I see no advertisements on the br0 interface.

This does raise a few questions for me:

1) How does dnsmasq learn of the prefix to use for the RA? I want it to use the prefix received on the WAN interface (eth0) for the RA on the LAN interface (br0). It is not clear to me how to configure this.
You have to request this from the upstream dhcpv6 server, it's called prefix delegation.



2) The dnsmasq log file indicates “Router advertisement on br0”. Does this mean that it sent out the Router advertisement on br0? I thought so, but alas, I do not see the RA on br0.

3) With radvd, there are controls to determine the frequency of advertisements. Are there any controls for dnsmasq? What is the default frequency of RA advertisement?

4) I only have the man page for dnsmasq. Is there a User guide with more details on using dnsmasq?

5) I am currently using radvd in the router, and I am thinking if I can get this to work, I will stop using radvd. Are there any compelling reasons to use dnsmasq RA over radvd?

6) What is the preferred/expected syntax for the dhcp-range? I have seen a number of different variations and find it very confusing... even the two examples abover have different syntax. Both seem to be accepted by dnsmasq.

I appreciate your help with this. I hope to get this to work soon.

Thanks,

John Knight
***@belkin.com<mailto:***@belkin.com>

__________________________________________________________________ Confidential This e-mail and any files transmitted with it are the property of Belkin International, Inc. and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipients or otherwise have reason to believe that you have received this e-mail in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. Pour la version française: http://www.belkin.com/email-notice/French.html<http://www.belkin.com/email-notice/French.html> FÃŒr die deutsche Übersetzung: http://www.belkin.com/email-notice/German.html<http://www.belkin.com/email-notice/German.html> __________________________________________________________________

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-***@lists.thekelleys.org.uk<mailto:Dnsmasq-***@lists.thekelleys.org.uk>
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss<http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss>

__________________________________________________________________ Confidential This e-mail and any files transmitted with it are the property of Belkin International, Inc. and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipients or otherwise have reason to believe that you have received this e-mail in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. Pour la version française: http://www.belkin.com/email-notice/French.html<http://www.belkin.com/email-notice/French.html> FÃŒr die deutsche Übersetzung: http://www.belkin.com/email-notice/German.html<http://www.belkin.com/email-notice/German.html> __________________________________________________________________

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-***@lists.thekelleys.org.uk<mailto:Dnsmasq-***@lists.thekelleys.org.uk>
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss<http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss>

__________________________________________________________________ Confidential This e-mail and any files transmitted with it are the property of Belkin International, Inc. and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipients or otherwise have reason to believe that you have received this e-mail in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. Pour la version française: http://www.belkin.com/email-notice/French.html FÃŒr die deutsche Übersetzung: http://www.belkin.com/email-notice/German.html __________________________________________________________________