Configuring an ipv6 link-local address, Static domain name resolution, Dynamic domain name resolution – H3C Technologies H3C S12500-X Series Switches User Manual
Page 128
117
To fix the vulnerability, you can configure the temporary address function. With this function, an IEEE 802
interface generates the following addresses:
•
Public IPv6 address—Includes the address prefix in the RA message and a fixed interface ID
generated based on the MAC address of the interface.
•
Temporary IPv6 address—Includes the address prefix in the RA message and a random interface
ID generated through MD5.
You can also configure the interface to preferentially use the temporary IPv6 address as the source
address of sent packets. When the valid lifetime of the temporary IPv6 address expires, the interface
removes the address and generates a new one. This function enables the system to send packets with
different source addresses through the same interface. If the temporary IPv6 address cannot be used
because of a DAD conflict, the public IPv6 address is used.
The preferred lifetime and valid lifetime for a temporary IPv6 address are determined as follows:
•
The preferred lifetime of a temporary IPv6 address takes the smaller of the following values:
{
The preferred lifetime of the address prefix in the RA message.
{
The preferred lifetime configured for temporary IPv6 addresses minus DESYNC_FACTOR (a
random number ranging from 0 to 600 seconds).
•
The valid lifetime of a temporary IPv6 address takes the smaller of the following values:
{
The valid lifetime of the address prefix.
{
The valid lifetime configured for temporary IPv6 addresses.
To configure the temporary address function:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable the system to generate
a temporary IPv6 address.
ipv6 temporary-address
[ valid-lifetime preferred-lifetime ]
By default, the system does not
generate any temporary IPv6
address.
3.
Enable the system to
preferentially use the
temporary IPv6 address as the
source address of the packet.
ipv6 prefer temporary-address
By default, the system does not
preferentially use the temporary
IPv6 address as the source
address of the packet.
To generate a temporary address, an interface must be enabled with stateless address autoconfiguration.
Temporary IPv6 addresses do not overwrite public IPv6 addresses, so an interface can have multiple IPv6
addresses with the same address prefix but different interface IDs.
If an interface fails to generate a public IPv6 address because of a prefix conflict or other reasons, it does
not generate any temporary IPv6 address.
Configuring an IPv6 link-local address
Configure IPv6 link-local addresses using one of the following methods:
•
Automatic generation—The device automatically generates a link-local address for an interface
according to the link-local address prefix (FE80::/10) and the link-layer address of the interface.
•
Manual assignment—Manually configure an IPv6 link-local address for an interface.
An interface can have only one link-local address. To avoid link-local address conflicts, use the automatic
generation method.