Project

General

Profile

Actions

Bug #11105

closed

IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106

Added by Viktor Gurov 11 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPv6 Router Advertisements (RADVD)
Target version:
Start date:
11/26/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.4.5-p1
Affected Architecture:

Description

https://forum.netgate.com/topic/158615/pfsense-ipv6-ra-rdnss-lifetime-is-too-short-not-compliant-with-rfc8106:
Is there a way to configure the lifetime for IPv6 RA RDNSS fields (type 25 and 31) in the pfSense IPv6 RA server? It appears that the default behaviour with pfSense is too short, and does not comply with RFC8106.

pfSense only offers three configurable values in the "Router Advertisement" UI - the "Minimum RA interval" (default 5 seconds), "Maximum RA interval" (default 20 seconds), and "Router lifetime" (default 3 * maximum RA interval).

Using these defaults, RA packets it sends have a router lifetime of 60 seconds as expected. However, the RDNSS fields have a lifetime of only 20 seconds! This causes them to occasionally expire if an RA packet is lost or if there is any jitter on the network.

RFC6106 specified that the lifetime SHOULD be bounded as: MaxRtrAdvInterval <= Lifetime <= 2*MaxRtrAdvInterval

RFC8106 superceded this specifically to address this problem, and specifies that the value of Lifetime SHOULD by default be at least:
3 * MaxRtrAdvInterval

The pfSense behaviour (as tested with 2.4.5-RELEASE-p1) barely meets the RFC6106 recommendation, and is way below what RFC8106 considers the minimum for reliable operation.

Altering the MaxRtrAdvInterval in the pfSense UI doesn't help - pfSense appears to always set the lifetime of the RDNSS fields equal to MaxRtrAdvInterval.

Actions

Also available in: Atom PDF