Configuring and Managing Network Components in Oracle^® Solaris 11.4

Using Temporary Addresses for an IPv6 Interface

Temporary addresses cause interfaces to become anonymous, such as the interfaces of a host that needs to access public web servers. Temporary addresses implement IPv6 privacy enhancements as described in Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (http://www.rfc-editor.org/rfc/rfc3041.txt).

Unlike a standard, autoconfigured IPv6 address, a temporary address consists of a 64-bit subnet prefix and a randomly generated 64-bit number. This random number becomes the interface ID segment of the IPv6 address. A link-local address is not generated with the temporary address as the interface ID.

You enable temporary addresses by configuring variables in the /etc/inet/ndpd.conf file, as shown in the following procedure.

How to Configure a Temporary IPv6 Address

The /etc/inet/ndpd.conf file contains statements that define values for the different time variables for the temporary addresses. Follow these general rules when adding statements in the file:

• To apply a definition to all the interfaces in the system, use this statement syntax:

  ifdefault variable value

• To apply a definition to a specific interface, use this statement syntax:

  if interface variable value

• For the variables, the default unit of time is seconds. Simply provide the numeric value. To specify time in hours and days, use nh (40h) and nd (30d), respectively.

Before You Begin

Ensure that your role has the appropriate rights profile to perform this procedure. See Using Rights Profiles to Perform Network Configuration.

1. Edit the /etc/inet/ndpd.conf file by configuring variables related to temporary addresses.
   1. Enable generation of temporary addresses.

      ifdefault|if interface TmpAddrsEnabled true

   2. (Optional) Specify the valid lifetime for the temporary address.

      ifdefault|if interface TmpValidLifetime duration

      The default valid lifetime is 7 days (7d).

   3. (Optional) Specify a preferred lifetime for the temporary address, after which the address is deprecated.

      ifdefault|if interface TmpPreferredLifetime duration

      The default preferred lifetime is one day (1d).

      ---

      Note -  Default address selection gives a lower priority to deprecated IPv6 addresses than non-deprecated addresses. A non-deprecated address could be the automatically generated IPv6 address or possibly the interface's IPv4 address. See Administering Default Address Selection.

      ---

   4. (Optional) Specify the lead time in advance of address deprecation, during which the host should generate a new temporary address.

      ifdefault|if interface TmpRegenAdvance duration

      The default value is 5 seconds (5).

2. Enable the svc:/network/routing/ndp:default SMF service.

   $ svcadm restart ndp:default

3. Verify that temporary addresses have been created.

   $ ipadm show-addr -o all

Example 5  Displaying Whether Temporary Addresses Are Enabled

The following example shows the output of the ipadm show-addr command after temporary addresses are created. The sample output here is an extract and only IPv6-related information is included.

$ ipadm show-addr -o all
ADDROBJ           TYPE     STATE        CURRENT PERSISTENT ADDR                                    
lo0/v4            static   ok           U------ U--        127.0.0.1/8                             
net0/v4           dhcp     ok           U----D- U--        203.0.113.225/24                        
lo0/v6            static   ok           U------ U--        ::1/128                                 
net0/v6           addrconf ok           U------ U--        2001:db8:214:4fff:fef9:b1a9/32          
net0/v6           addrconf ok           U--t--S ---        2001:db8:414:60bb:815c:f4f7:8487:95c2/32

Temporary addresses are flagged with t under the CURRENT column. The D flag indicates an IP address that was configured as a result of DHCP negotiation. The S flag indicates an address that was configured as a result of IPv6 stateless address autoconfiguration.

See Also

• To set up name service support for IPv6 addresses, see Administering Naming and Directory Services on an Oracle Solaris System.

• To configure IPv6 addresses for a server, see How to Configure a User-Specified IPv6 Token.

• To monitor activities on IPv6 nodes, see Chapter 1, Administering TCP/IP Networks in Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle Solaris 11.4.