[Bug 1068756] Re: IPv6 Privacy Extensions enabled on Ubuntu Server by default

Neil Wilson neil at aldur.co.uk
Wed Jun 4 10:44:24 UTC 2014 

The metadata request on IPv6 should ask to use the global address on
outgoing connection. If it did, then the firewall rule would work, the
metadata obtained and that can turn off the temporary address
mechanism if that is what you want.

Badly coded applications should be fixed to work properly with IPv6
*as IPv6 is designed*, and then temporary addresses would work quite
happily.

The problem here is primarily coding applications to use IPv6 as
though it is IPv4.

There is no need to cripple the UEC images. There is a need to fix the
software so it works with IPv6 properly.


On 4 June 2014 11:13, Alex Bligh <ubuntu at alex.org.uk> wrote:
> In my view this is NOT a software bug, its an OS bug.
>
> Here's a completely different why this causes problems.
>
> We use Ubuntu UEC images. There are no meaningful privacy considerations
> here because we generate both the MAC address and the IP address of the
> servers concerned. IE, if the machine is mobile and changes IP address,
> it changes MAC address too.
>
> We build firewall rules automatically for the machine. These are applied
> outside of the machine (on the router). In order to write the rules
> correctly, we need to know the IPv6 address the machine will have, and
> use EUI-64 addressing to do this.
>
> Equally, for the server to get metadata on a boot, both the IP address
> needs to be correct (and no, that's not the only thing that is checked).
> On UEC randomisation of addresses thus prevents getting metadata over
> IPv6. This is only 'not a killer problem' as most people have IPv4 too.
>
> In a server environment (particularly on cloud images) there is no need
> whatsoever to have RFC4941 turned on by default.
>
> As Brian Candler wrote, the RFC says this should be disabled by default.
> It also says:
>
>    Devices implementing this specification MUST provide a way for the
>    end user to explicitly enable or disable the use of temporary
>    addresses.  In addition, a site might wish to disable the use of
>    temporary addresses in order to simplify network debugging and
>    operations.  Consequently, implementations SHOULD provide a way for
>    trusted system administrators to enable or disable the use of
>    temporary addresses.
>
> On a cloud image, the user can't even administer his own machine until
> it has booted, which in a full IPv6 environment requires it to get
> metadata. For the reasons above, this prevents that from working.
> Therefore at least on UEC images, RFC4941 should be turned off by
> default and EUI-64 addresses only should be used.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1068756
>
> Title:
>   IPv6 Privacy Extensions enabled on Ubuntu Server by default
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1068756/+subscriptions


-- 
Neil Wilson

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1068756

Title:
  IPv6 Privacy Extensions enabled on Ubuntu Server by default

Status in “procps” package in Ubuntu:
  Confirmed

Bug description:
  Ubuntu 12.04 LTS and Ubuntu 12.10 server images both ship with the
  IPv6 Privacy Extensions enabled (as defined in RFC 4941[0]). Not only
  are they enabled, but these addresses are preferred over addresses
  obtained using SLAAC. While is may be considered a reasonable default
  on an image being used on a personal computer, it's not something that
  is sane to have enabled by default in a server environment. Having
  this extension enabled can wreak havoc if you are expecting a specific
  IPv6 address when you know the MAC addresses of your systems
  beforehand.

  The file that is responsible for causing this to be defaulted to
  enabled is: "/etc/sysctl.d/10-ipv6-privacy.conf". This file appears to
  be part of the procps package (as per the output of 'dpkg -S') and
  contains the following:

      # IPv6 Privacy Extensions (RFC 4941)
      # ---
      # IPv6 typically uses a device's MAC address when choosing an IPv6 address
      # to use in autoconfiguration. Privacy extensions allow using a randomly
      # generated IPv6 address, which increases privacy.
      #
      # Acceptable values:
      #    0 - don’t use privacy extensions.
      #    1 - generate privacy addresses
      #    2 - prefer privacy addresses and use them over the normal addresses.
      net.ipv6.conf.all.use_tempaddr = 2
      net.ipv6.conf.default.use_tempaddr = 2

  In short, IPv6 privacy extensions should not be enabled by default
  when deploying an Ubuntu server image. In a server environment you
  should be able to reliably determine your IPv6 address based on the
  MAC address of the system.

  Thank you for taking the time to look in to this as well as consider
  changing the default behavior of Ubuntu server.

  -Tim Heckman

  [0] http://tools.ietf.org/html/rfc4941

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1068756/+subscriptions

More information about the foundations-bugs mailing list