configure IPv6 address on interface with static IID

mcr asked:

I’m looking for a tool, very much like rdisc6, that will, having received the RA, will configure the v6 address(es) on an interface using a static IID. This is a server that needs to be at a known address within a ULA. (No, I can’t use mDNS and SLAAC, as there are certificates bound to names involved, and mDNS may not even work until this interface is configured).
If I have to, I’ll extend rdisc6, but I’m hoping not to replicate something someone already did.
This will be running on Linux (armv7) inside an LXC container.

My answer:

You should be able to use an IPv6 token for this. The IPv6 token is a manually set IID which remains the same regardless of the IPv6 prefix assigned via SLAAC. Use of IPv6 tokens requires SLAAC.

You can configure the token persistently by setting interface properties in NetworkManager.

# nmcli c mod enp4s0 ipv6.addr-gen-mode eui64
# nmcli c mod enp4s0 ipv6.token ::deca:fbad:c0:ffee

Now with a subnet prefix of 2001:db8:dead:beef::/64 the interface will have the IPv6 address 2001:db8:dead:beef:deca:fbad:c0:ffee.

To remove the token, set it to an empty value. You can then reset the addr-gen-mode to its default.

# nmcli c mod enp4s0 ipv6.token ''
# nmcli c mod enp4s0 ipv6.addr-gen-mode stable-privacy

With systemd-networkd, set the IPv6Token= property in the [Network] section of your configuration.

You can also run the ip token command manually. For use in configuring a container, this is probably what you will end up doing.

If you need multiple IIDs on a single interface, then you’re going to have to set them up manually. Nothing else will help you.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.