IPv6 Static Addresses using Tokens

Default kernel IPv6 address creation mechanism
In an IPv6 network, addresses are usually self-assigned (constructed) by the kernel using both PREFIX: information provided by a router and :SUFFIX information from hardware (MAC address). The router mechanism for this functionality is called "Router Advertisement" (RA). A machine usually has multiple IPv6 addresses for global, link or network scope. If the IPv6 Prefix can change (for example on a dialup connection), static addresses can not be assigned as easily as on IPv4.

goals of this article
Network admins often like static, simple IP addresses. The goal of this article is to assign a static IPV6 suffix to an interface without additional software while keeping full RA functionality from the router.

default dynamic adresses
Let's take a look at a simple example configuration with IPv6 addresses completely self-constructed with prefix information received by a router. Note that the IPv4 configuration is already static:

when the interface is started, the address configuration could like this:

Note that the Suffix part 9802:79ff:fe45:ced2 is constructed out of the MAC address.

Drawbacks on MAC-constructed addresses
There a couple drawbacks of MAC-constructed addresses, for example
 * complicated to read
 * change when the MAC address changes (hardware, VM setup etc)
 * not associated with their IPv4 counterpart

Static IPv6 addresses
The word "static IPv6 addresses" is a bit misleading. When on dialup, the Prefix may change and so does the global IPv6 address of the interface. If the machine needs access to the internet without an additional router or NAT, it needs a public IPv6 address with the same prefix as the IPv6 gateway.

Within a closed network, for example a LAN, that's not important. For DNS and connectivity within a closed network, the Link Local Address (or ULA) is important. This address can be fully fixed.

Since the Prefix can change, you cannot simply static addresses for all scopes. An easy solution is called IPv6 Tokenized Interface Identifiers: You tell the kernel with SUFFIX to use. All together this means: While Prefixes may change, the suffix will always stay the same. When combined with a fixed ULA Prefix (Unique Local Address Prefix) announced from the router, the site local address (usually fd00:...) will fully stay the same.

Unfortunately, IPV6 tokens are not supported by netifrc yet, which is gentoos default framework for configuring network when using OpenRC. Further more, tokens can not be configured using sysctl.

Tokens can only be set using the ip (or ifconfig) command.

Example: Let's say you want to assign the simple suffix ::35 to interface eth0, in order to match the IPv4 counterpart 192.168.0.35:

As soon as you restart the interface, the changes apply:

Notice the new ::35 suffix on all IPV6 addresses except fe80 (which can be ignored, it's just the interface itself). In this example, the Router additionally announces a fixed ULA Prefix (Unique Local Address Prefix) of fd00:a. The full global (Public, WAN side) address of this interface is now 2a02:810a:8240:a2c::35, while the LAN (network) scope is simply fd00:a::35.

fd00:a::35 can now be registered in local DNS - it will never change (unless the ULA Prefix would change).

We now have functional, easy to read and manage IPv6 addresses while keeping full RA functionality from the router. This means that the kernel will instantly re-configure the IPV6 address when for example the Prefix changes.

Putting it together: On boot
Since netifrc does not support tokens yet out of the box, you can not add simply add a parameter to /etc/conf.d/net.

The simple workaround is to call an ip command before launching an interface. This can easily be achieved by implementing a hook function directly in /etc/conf.d/net: