Multiple IPv6 addresses with different scopes

This is the output of my computers ip addr command:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 70:85:c2:cc:c2:4d brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic noprefixroute enp8s0
       valid_lft 568337sec preferred_lft 568337sec
    inet6 2a02:8109:9cc0:3090:a99a:ec1e:b598:facd/128 scope global dynamic noprefixroute 
       valid_lft 568305sec preferred_lft 568305sec
    inet6 2a02:8109:9cc0:3090:7b53:da6c:4e19:580c/64 scope global dynamic noprefixroute 
       valid_lft 86399sec preferred_lft 43199sec
    inet6 fe80::3c15:8b76:5ba7:4f87/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Using the ip route get command it seems to me that all packages I send from the computer have src set to 2a02:8109:9cc0:3090:a99a:ec1e:b598:facd (the /128 address). I have multiple questions to understand this output.

Does anyone know why I have two scope global IPv6 addresses? And shouldn’t both be /64 since the netmask is clearly only the first 64 bytes, not all 128?

Both of my Manjaro boxes have this kind of IP configuration.

Because both addresses are valid for this network. Also there are not that many other options. Scope host is for localhost address only and scope link is only valid for this adapter. (scope site is a little bit special, but does not apply here. )

Well, it is a little bit weird. Which software do you use to set up your Network on your Manjaro system and which options do you use? Also how do you set up your IPv6 address in your local network? Anything special like DHCPv6 for more than just the DNS?

Because it looks a little bit like a mix of SLAAC and a assigned IPv6 form a DHCPv6 Server. And the privacy extension on top of them.

1 Like

Thank you for the reply. Both Manjaro boxes are running Manjaro KDE with no changes to the network configuration. The router is unfortunately the one that my provider delivered and gives me nearly no options to see anything in its interface (stay away from Vodafone if you’re in Germany). Therefore I cannot see which method is used there. Can I somehow infer that on my system?

This is what my network tab in the settings shows:

The first thing you can check is the journal. All logs form NetworkManager (NM) can be found there.

For example, you can use

journalctl -b -u NetworkManager.service --no-hostname --no-pager

The command is case sensitive. The -b option means, just messages form the current boot.

NM isn’t that chatty, about what happens. You might need use debug logging, if you really want to see what’s going one.

Thanks to “Routerfreiheit”, this isn’t a big problem. I use my own Fritzbox with Vodafone Cable.

1 Like

NM didn’t help much. I restarted my link and used wireshark to see what the Router is doing. The router is setting the /128 address via DHCPv6. I do not know why Manjaro thinks that the the netmask is /128 (the router correctly advertises the /64 prefix earlier), and I do not know where Manjaro is getting the second (the /64 address) from.
The NetworkManager.service did not show anything helpful unfortunately (also just that it set the /128 address via DHCP). It does not even mention the /64 address.

By default NM will listen to the DHCPv6 Server. The address that a DHCPv6 Server sends will be used. NM will not change it, since the DHCPv6 is responsible for giving out that address. Usually DHCPv6 is only responsible for the addresses it gives away and informs the client about DNS server. In better networks DHCPv6 is only used for the DNS Server.
A DHCPv6 Server often does not provide any routing information. However a DHCPv6 can give out prefixes and provide routing information. In this case the RA(router advertising) should tell a client to not use SLAAC for this specific prefix. Not all do this, since the DHCPv6 is not responsible for the RA. And it is not forbidden.

From SLAAC. And this is not a problem, SLAAC and DCHPv6 can be used simultaneously.

As I wrote above, you will need to switch logging to the debug level to see whats really going on. But if you use wireshark, you should see packages for the Neighbor Discovery Protocol (NDP). Which is used heavily in SLAAC.

1 Like