[Kea-users] Specifying the lifetimes for ipv6 temporary addresses

Ede Wolf listac at nebelschwaden.de
Mon Jun 30 19:03:20 UTC 2025 

Am 29.06.25 um 12:31 schrieb Darren Ankney:
> Hi,
> 
> Are you sure the IA_TA are coming from Kea?
> https://kea.readthedocs.io/en/kea-2.6.3/arm/dhcp6-srv.html#supported-dhcpv6-standards

At least the lifetimes are identical to those of the main interface, are 
getting reset at the same time to the same values, are not remotely 
similar to the settings reportet by sysctl and when manually reducing 
f.e. the valid lifetime, a new temporary ipv6 address is being generated 
after it has timed out. Unless of course, the lease times for the main 
ipv6 address have expired before.

 From there on, the lifetimes are identical to the main ipv6 address 
again, once the lifetimes of the main IP have been renewed.

And, reading section 13.2 and 21.5 of above RFC, they state (and recommend):

13.2
The lifetime of the assigned temporary address is set in the IA
    Address option (see Section 21.6) encapsulated in the IA_TA option.
    It is RECOMMENDED to set short lifetimes, typically shorter than
    TEMP_VALID_LIFETIME and TEMP_PREFERRED_LIFETIME (see Section 5 of
    [RFC4941]).


21.5.  Identity Association for Temporary Addresses Option

    The Identity Association for Temporary Addresses (IA_TA) option is
    used to carry an IA_TA, the parameters associated with the IA_TA, and
    the addresses associated with the IA_TA.  All of the addresses in
    this option are used by the client as temporary addresses, as defined
    in [RFC4941].  The format of the IA_TA option is:

Does not sound too deprecated to me, desipte the claims from the very 
same RFC.  However, I will admint, that I am not to sure about my 
comprehension of these sections. But they where the reason for asking.

Anyway, if there is any indication, that this synchronisation is due to 
the way  systemd-networkd behaves, I will happily try to dive into that.

Thanks


> - "Dynamic Host Configuration Protocol for IPv6 (DHCPv6), RFC 8415:
> This new DHCPv6 protocol specification obsoletes RFC 3315, RFC 3633,
> RFC 3736, RFC 4242, RFC 7083, RFC 7283, and RFC 7550. All features,
> with the exception of the RECONFIGURE mechanism and the now-deprecated
> temporary addresses (IA_TA) mechanism, are supported."
> 
> - "Temporary addresses are not supported. There is no intention to
> ever implement this feature, as it is deprecated in RFC 8415."
> 
> Thank you,
> Darren Ankney
> 
> On Sat, Jun 28, 2025 at 11:43 AM Ede Wolf <listac at nebelschwaden.de> wrote:
>>
>> Hello,
>>
>> Currently, when the main ipv6 address lifetimes gets renewed, the
>> temporary ones do also.
>>
>> And I would like to change that behavior globally - at least for all of
>> the prefix delegated addresses.
>>
>> So far, I am having trouble, finding any information on that.
>> It is most likely handled by the iaadr option, but currently I am out of
>> luck finding any hints on the proper syntax.
>>
>> I suspect something like this:
>>
>> "option-data": [
>> {
>>       "code": 5,
>>       "name": "iaadr",
>>       "data": "ia-ta",
>>       "valid-lifetime": "12345"
>>
>> } ]
>>
>> But, obviously, was out of luck so far. And maybe I am even completely
>> wrong. Does anyone have any examples on this? Or can point me to the
>> proper documentation
>>
>> Thanks
>> --
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users

More information about the Kea-users mailing list