An IPv6 temporary address includes a randomly generated 64-bit number as the interface ID instead of an interface's MAC address. You can use temporary addresses for any interface on an IPv6 node that you want to keep anonymous. For example, you might want to use temporary addresses for the interfaces of a host that needs to access public web servers. Temporary addresses implement IPv6 privacy enhancements. These enhancements are described in RFC 3041, which is available at “Privacy Extensions for Stateless Address Autoconfiguration in IPv6” (http://www.rfc-editor.org/rfc/rfc3041.txt).
You enable a temporary address in the /etc/inet/ndpd.conf file for one or more interfaces, if needed. However, unlike standard, autoconfigured IPv6 addresses, a temporary address consists of the 64-bit subnet prefix and a randomly generated 64-bit number. This random number becomes the interface ID segment of the IPv6 address. A link-local address is not generated with the temporary address as the interface ID.
Be aware that temporary addresses have a default preferred lifetime of one day. When you enable temporary address generation, you can also configure the following variables in the /etc/inet/ndpd.conf file:
Time span in which the temporary address exists, after which the address is deleted from the host.
Elapsed time before the temporary address is deprecated. This time span should be shorter than the valid lifetime.
Duration of time before the expiration of the preferred lifetime, during which the host should generate a new temporary address.
You express the duration of time for temporary addresses as follows:
n number of seconds, which is the default
n number of hours (h)
n number of days (d)
Refer to How to Configure a System For IPv6.
To configure temporary addresses on all of the interfaces of a host, add the following line to the /etc/inet/ndpd.conf file:
ifdefault TmpAddrsEnabled true
To configure a temporary address for a specific interface, add the following line to the /etc/inet/ndpd.conf file:
if interface TmpAddrsEnabled true
ifdefault TmpValidLifetime duration
This syntax specifies the valid lifetime for all of the interfaces on a host. The value for duration should be in seconds, hours, or days. The default valid lifetime is 7 days. You can also use TmpValidLifetime with the if interface keywords to specify the valid lifetime for a temporary address of a particular interface.
if interface TmpPreferredLifetime duration
This syntax specifies the preferred lifetime for the temporary address of a particular interface. The default preferred lifetime is one day. You can also use TmpPreferredLifetime with the ifdefault keyword to specify the preferred lifetime for the temporary addresses on all of the interfaces of a host.
ifdefault TmpRegenAdvance duration
This syntax specifies the lead time in advance of address deprecation for the temporary addresses of all of the interfaces on a host. The default is 5 seconds.
# pkill -HUP in.ndpd # /usr/lib/inet/in.ndpd
The command output displays the t flag on the CURRENT field of temporary addresses.
The following example shows the output of the ipadm show-addr command after temporary addresses are created. Note that only IPv6–related information is included in the sample output.
# ipadm show-addr -o all ADDROBJ TYPE STATE CURRENT PERSISTENT ADDR CID-TYPE CID-VALUE BEGIN EXPIRE RENEW VRRP-ROUTER lo0/v4 static ok U------ U-- 127.0.0.1/8 -- -- -- -- -- -- net0/v4 dhcp ok U----D- U-- 203.0.113.225/24 other -- Mon Oct 20 11:38:58 2014 Tue Oct 21 11:38:57 2014 Mon Oct 20 23:48:52 2014 -- lo0/v6 static ok U------ U-- ::1/128 -- -- -- -- -- -- net0/v6 addrconf ok U------ U-- 2001:db8:214:4fff:fef9:b1a9/32 -- -- -- -- -- -- net0/v6 addrconf ok U--t--S --- 2001:db8:414:60bb:815c:f4f7:8487:95c2/32 -- -- -- -- -- --
Note that for the address object net0/v6, the t flag is set under the CURRENT field, indicating that the corresponding address has a temporary interface ID. Note also that two new address flags have been added to the CURRENT column of the ipadm show-addr –o command output. The D flag indicates an IP address that was configured as a result of DHCP negotiation, while the S flag indicates an address that was configured as a result of IPv6 stateless address autoconfiguration.
See Also
To set up name service support for IPv6 addresses, see Administering Naming and Directory Services on an Oracle Solaris Client.
To configure IPv6 addresses for a server, see How to Configure a User-Specified IPv6 Token.
To monitor activities on IPv6 nodes, see Chapter 1, Administering TCP/IP Networks in Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle Solaris 11.3.