11.6. Configuring IPv6 Tokenized Interface Identifiers
In a network, servers are generally given static addresses and these are usually configured manually to avoid relying on a
DHCPserver which may fail or run out of addresses. The
IPv6protocol introduced Stateless Address Autoconfiguration (SLAAC) which enables clients to assign themselves an address without relying on a
DHCPv6server. SLAAC derives the
IPv6address based on the interface hardware, therefore it should not be used for servers in case the hardware is changed and the associated SLAAC generated address changes with it. In an
IPv6environment, if the network prefix is changed, or the system is moved to a new location, any manually configured static addresses would have to be edited due to the changed prefix.
To address these problems, the IETF draft Tokenised IPv6 Identifiers has been implemented in the kernel together with corresponding additions to the
iputility. This enables the lower 64 bit interface identifier part of the
IPv6address to be based on a token, supplied by the administrator, leaving the network prefix, the higher 64 bits, to be obtained from router advertisements (RA). This means that if the network interface hardware is changed, the lower 64 bits of the address will not change, and if the system is moved to another network, the network prefix will be obtained from router advertisements automatically, thus no manual editing is required.
To configure an interface to use a tokenized
IPv6identifier, issue a command in the following format as
ip token set ::1a:2b:3c:4d/64 dev eth4
::1a:2b:3c:4d/64is the token to be used. This setting is not persistent. To make it persistent, add the command to an init script. See Section 11.3, “Interface Control Scripts”.
Using a memorable token is possible, but is limited to the range of valid hexadecimal digits. For example, for a
DNSserver, which traditionally uses port
53, a token of
::53/64could be used.
To view all the configured
IPv6tokens, issue the following command:
ip tokentoken :: dev eth0 token :: dev eth1 token :: dev eth2 token :: dev eth3 token ::1a:2b:3c:4d dev eth4
To view the configured
IPv6token for a specific interface, issue the following command:
ip token get dev eth4token ::1a:2b:3c:4d dev eth4
Note that adding a token to an interface will replace a previously allocated token, and in turn invalidate the address derived from it. Supplying a new token causes a new address to be generated and applied, but this process will leave any other addresses unchanged. In other words, a new tokenized identifier only replaces a previously existing tokenized identifier, not any other
Take care not to add the same token to more than one system or interface as the duplicate address detection (DAD) mechanism will not be able to resolve the problem. Once a token is set, it cannot be cleared or reset, except by rebooting the machine.