Overview - npd6/npd6 GitHub Wiki

Having just migrated this project from GoogleCode, for the moment this is just the original project title page from that...

npd6 - Neighbor Proxy Daemon IPv6

A Linux daemon to provide a proxy service for IPv6 Neighbor Solicitations received by a gateway routing device.

Summary

This Linux daemon will permit a device to respond to IPv6 Neighbor Solicitations based upon a configured address prefix, irrespective of whether or not those addresses are directly know or not.

Linux IPv6

There's agap in Linux's IPv6 support. For a Linux device acting as a router (as a gateway does by definition) before it will respond to Neighbor Solicitations for inside-devices, they must be statically configured into the box.

  • Typically, IPv6 addresses will be allocated by devices in an entirely non-static way. So knowing what addresses are in use in your private net is a non-trivial task to start with.
  • Configuring them in is fiddly, and a maintenance nightmare.
  • It doesn't scale. If you had a couple of IPv6 devices in the home-net, well maybe. But what happens when you have a few dozen? And their addresses change? And you have guest devices appearing and disappearing?
  • Linux support is still primitive, even for a static config. For example, you can configure IPv6 addresses for which we must act as a Neighbor Proxy, but, currently, you cannot inspect them to check. (No one believes this when they first hear it...)

Solution

What such a situation needs is, at its simplest, the gateway device to act as a simple proxy, answering Neighbor Solicitations for (potentially) any address with the assigned 64-bit prefix. In the simplest form I want my gateway, if it receives a Neighbor Solicitation for any address that starts with the prefix, to reply with a Neighbor Advertisement, irrespective of whether or not that device actually exists on my net: let the traffic arrive and have normal routing mechanisms decide if they can actually forward it.

And thus npd6 was born. There's more to it, of course, than that simple description. But, in essence, that's what npd6 does - answer Neighbor Solicitations for (potentially) any address with a defined prefix with a Neighbor Advertisement.

Key features

At the time of writing, npd6 is in a fairly advanced, usable state. Key aspects and features include:

  • Extensive optional debug output.
  • Very low usage of CPU and memory.
  • Logging to a file, or stdout/stderr or via syslog.
  • Ability to log a record of targets received.
  • Config via a text file.
  • Blacklisting or whitelisting if required.
  • Black/whitelisting based on static addresses or pattern matching.