rtadvd resets default gateway to link-local address in OS X 10.6.5

[cholzhauer]

FWIW.  I was doing RA on my tunnel machine for a couple of months (FreeBSD) and everything was working fine. The gateway was set to the fe80 address of em0 on my tunnel server and the tunnel server knew where to send it from there.  Maybe it's a bug in OSx?

[jollino]

It may very well be, because I pretty much used the same commands I used on FreeBSD (as they're very similar — the main difference being that it was called rl0 instead of en0), and OS X choked on it.
I actually found someone having the very same problem... in 2007: http://discussions.apple.com/thread.jspa?threadID=1008547&tstart=1996
Let's just say that OS X's implementation of IPv6 is a bit flaky. There's a strange bug that hasn't been addressed yet, that makes the internal resolver prefer IPv4 over IPv6 depending on the order that the responses are received from the DNS.

My plan is to ultimately get a tiny machine like an Asus Eeebox, installing FreeBSD on it, and have it do tunneling and a few other things. v4 routing is handled by my DSL router and is fine like that, but I wouldn't mind a decent and cheap machine to take care of a few things.
(I had originally considered getting an Apple Airport Extreme access point as several machines of mine are 802.11n capable, but it feels a bit like a waste compared to an actual mini-server.)

[jdh]

Actually 10.6.5 has "fixed" that resolver issues -- now OS X always prefers IPv4 over IPv6 when both A and AAAA responses are received, except in edge cases where one of the responses takes an abnormally long time to be returned.  There's a difference of opinion on whether the 10.6.5 change is good or bad, as early adopters and those experimenting with IPv6 will see it as a flaw while the bulk of the Internet at large presently sees it as a good thing due to sites becoming unreachable due to botched IPv6 configurations -- the same reason that Google refuses to hand out its AAAA records to DNS servers that haven't specifically been approved for "Google over IPv6" (as HE has).

As to the original question, the autoconf in my ifconfig output was an error as I was actually pasting two pieces together -- I've been using a combination of a tunnelled connection and an automatic 6to4 gateway via my Time Capsule, since I can't configure the HE 6in4 tunnel through that (seems a manual 6in4 configuration doesn't work when using a PPPoE connection ::) ).  At any rate, in my case OS X seems to handle rtadvd just fine as long as I'm configuring manually, regardless of whether I script it through ifconfig or use the System Preferences.  I think the key is the net.inet6.ip6.accept_rtadv setting, which I leave OFF (0) for the HE tunnel machine, and I've noticed that setting up my IPv6 configuration manually in System Preferences actually toggles that setting off automatically as part of the process.  I suspect when rtadvd starts up it may be looping back the link-local assignment to the local RA listener, which causes the default route to get updated inadvertently.  Obviously running rtadvd and listening for RA's would be mutually exclusive in most cases. :)

[jollino]

I had thought so too, but I even tried explicitly setting net.inet6.ip6.accept_rtadv to 0 (which yielded "0 -> 0"). Anyway it seems to work now, even though, like your Time Capsule situation, it's a bit of a mystery. :D As I said I hope this is just temporary, I eventually plan on getting a mini-server to handle a few other tasks too.
Are you sure about 10.6.5 preferring A over AAAA?? If I head on to sites like http://testmyipv6.com/, I am greeted by "Excellent! You are using the snappy new IPv6!"
Speaking of which, how would I proceed to have OS X use my en0 address for outgoing connections by default, rather then the gif0? I imagine I'd have to fiddle with the route command...

[jdh]

With regard to 10.6.5, I get my plain-old IPv4 when surfing to testmyipv6.com.  There's an article over at ArsTechnica discussing the change (http://arstechnica.com/apple/news/2010/11/apple-fixes-broken-ipv6-by-breaking-it-some-more.ars).  I've overridden this in my case by specifying the IPv6 addresses explicitly in my /etc/hosts file for those sites that I want to ensure I'm visiting over IPv6 (ie, ipv6.he.net, mail.google.com, etc).

I haven't bothered tackling the address issue with regard to outgoing connections. My machines that are behind the tunnel gateway on the local LAN all use their respective routed /64 addresses without any issues -- it's only the tunnel machine itself that's defaulting to the gif0 address, since that of course is technically the uplink interface.  It's the same concept as in IPv4 routing -- the "public" or "nearest" address is always used, and it's not really anything I've ever bothered to ponder much as it's the normal state of affairs in the IPv4 world. :)

Update: Actually, it seems that when using a manually configured tunnel through he.net (6in4 vs 6to4) it sometimes works.  The AAAA/A prioritization bug may still be the issue here - haven't tested it enough to be certain.  In looking at the 10.6.5 changes in more detail it seems they only prioritize IPv4 traffic when using a 6to4 (automatic) gateway.  Toredo and 6in4 tunnels are still otherwise prioritized, although it seems it's not quite working flawlessly yet, or there are other issues involved...

[jollino]

For some reason, the automatic script stopped working again. I'm about to smash my head against the desk. The default route went back to being the wrong one:

Code Select Expand

Internet6:
Destination                             Gateway                         Flags         Netif Expire
default                                 2001:470:1f0a:1393::1           UGSc            en0

Simply running:

Code Select Expand

route -n delete -inet6 default
route -n add -inet6 default 2001:470:1f0a:1393::1
revers it to:

Code Select Expand

Internet6:
Destination                             Gateway                         Flags         Netif Expire
default                                 2001:470:1f0a:1393::1           UGSc           gif0
and all's good and great again.

I'm almost tempted to just go and get a secondhand nettop...

[cholzhauer]

Or to switch to a real OS?

;)

Just Kidding.

[jollino]

Ah, come on. This is the only issue I've had with OS X in nine years. :)

[nbrand]

BTW, I have been running into the same issue.  I have just been manually resetting the default route, as rtadvd seems to overwrite it.  I then let the link-local address be advertised out as I only have a single network at home and that works fine. While I would like to figure this out, it does seem that rtadvd config is a bit of a black art and I have not been able to grok it in my spare time. If I make any progress I will re-post.

[jollino]

I would like to hear if you come up with a solution. It's been extremely frustrating to me, to the point that I ended up reducing my v6 connectivity. If I need v6 on more than one machine, I'll boot up the old freebsd 'sandbox' pc, curse under my breathe, do what I have to do, and shut it down.

Have you tried using radvd? I just noticed it's available through macports, I wonder if it works any better. I'm a bit short on time these days, but if you can't manage to give it a try, I will do it in a week or so.


radvd @1.6 (net)
Variants:             universal

Description:          The router advertisement daemon (radvd) is run by Linux or
                      BSD systems acting as IPv6 routers. It sends Router
                      Advertisement messages, specified by RFC 2461, to a local
                      Ethernet LAN periodically and when requested by a node
                      sending a Router Solicitation message. These messages are
                      required for IPv6 stateless autoconfiguration.
Homepage:             http://www.litech.org/radvd/

Platforms:            darwin
License:              unknown
Maintainers:          lars.rasmusson@sics.se