Using Temporary Addresses for an Interface
An IPv6 temporary address includes a randomly generated 64-bit number as the interface ID, instead of an interface's MAC address. You can use temporary addresses for any interfaces on an IPv6 node that you want to keep anonymous. For example, you might want to use temporary addresses for the interfaces of a host that needs to access public web servers. Temporary addresses implement IPv6 privacy enhancements. These enhancements are described in RFC 3041, available at “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”.
You enable a temporary address in the /etc/inet/ndpd.conf file for one or more interfaces, if needed. However, unlike standard, autoconfigured IPv6 addresses, a temporary address consists of the 64-bit subnet prefix and a randomly generated 64-bit number. This random number becomes the interface ID segment of the IPv6 address. A link-local address is not generated with the temporary address as the interface ID.
Be aware that temporary addresses have a default preferred lifetime of one day. When you enable temporary address generation, you may also configure the following variables in the /etc/inet/ndpd.conf file:
- valid lifetime TmpValidLifetime
-
Time span in which the temporary address exists, after which the address is deleted from the host.
- preferred lifetime TmpPreferredLifetime
-
Elapsed time before the temporary address is deprecated. This time span should be shorter than the valid lifetime.
- address regeneration
-
Duration of time before the expiration of the preferred lifetime, during which the host should generate a new temporary address.
You express the duration of time for temporary addresses as follows:
- n
-
n number of seconds, which is the default
- n h
-
n number of hours (h)
- n d
-
n number of days (d)
How to Configure a Temporary Address
-
Log in to the IPv6 host as Primary Administrator or as superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
-
If necessary, enable IPv6 on the host's interfaces
Refer to How to Enable an IPv6 Interface for the Current Session.
-
Edit the /etc/inet/ndpd.conf file to turn on temporary address generation.
-
(Optional) Specify the valid lifetime for the temporary address.
ifdefault TmpValidLifetime duration
This syntax specifies the valid lifetime for all interfaces on a host. The value for duration should be in seconds, hours, or days. The default valid lifetime is 7 days. You can also use TmpValidLifetime with the if interface keywords to specify the valid lifetime for a temporary address of a particular interface.
-
(Optional) Specify a preferred lifetime for the temporary address, after which the address is deprecated.
if interface TmpPreferredLifetime duration
This syntax specifies the preferred lifetime for the temporary address of a particular interface. The default preferred lifetime is one day. You can also use TmpPreferredLifetime with the ifdefault keyword to specify the preferred lifetime for the temporary addresses on all interfaces of a host.
Note –Default address selection gives a lower priority to IPv6 addresses that have been deprecated. If an IPv6 temporary address is deprecated, default address selection chooses a nondeprecated address as the source address of a packet. A nondeprecated address could be the automatically generated IPv6 address, or possibly, the interface's IPv4 address. For more information about default address selection, see Administering Default Address Selection.
-
(Optional) Specify the lead time in advance of address deprecation, during which the host should generate a new temporary address.
ifdefault TmpRegenAdvance duration
This syntax specifies the lead time in advance of address deprecation for the temporary addresses of all interfaces on a host. The default is 5 seconds.
-
Change the configuration of the in.ndpd daemon.
# pkill -HUP in.ndpd # /usr/lib/inet/in.ndpd
-
Verify that temporary addresses have been created by running the ifconfig -a6 command, as shown in Example 7–5.
The output from ifconfig should have the word TEMPORARY in the same line as the interface definition.
Example 7–4 Temporary Address Variables in the /etc/inet/ndpd.conf File
The following example shows a segment of an /etc/inet/ndpd.conf file with temporary addresses enabled for the primary network interface.
ifdefault TmpAddrsEnabled true ifdefault TmpValidLifetime 14d ifdefault TmpPreferredLifetime 7d ifdefault TmpRegenAdvance 6s |
Example 7–5 ifconfig-a6 Command Output with Temporary Addresses Enabled
This example shows the output of the ifconfig command after temporary addresses are created.
# ifconfig -a6
lo0: flags=2000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2000841 <UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 8:0:20:b9:4c:54
inet6 fe80::a00:20ff:feb9:4c54/10
hme0:1: flags=2080841 <UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 2001:db8:3c4d:15:a00:20ff:feb9:4c54/64
hme0:2: flags=802080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6,TEMPORARY> mtu 1500 index 2
inet6 2001:db8:3c4d:15:7c37:e7d1:fc9c:d2cb/64
|
Note that the line following interface hme0:2 includes the word TEMPORARY. This designation indicates that the address 2001:db8:3c4d:15:7c37:e7d1:fc9c:d2cb/64 has a temporary interface ID.
See Also
-
To set up name service support for IPv6 addresses, see Configuring Name Service Support for IPv6.
-
To configure IPv6 addresses for a server, see How to Configure a User-Specified IPv6 Token.
-
To monitor activities on IPv6 nodes, see Chapter 8, Administering a TCP/IP Network (Tasks).
- © 2010, Oracle Corporation and/or its affiliates