For a while, Linux has had support for IP tokens, meaning, you could do the following ...
ip token set ::10 dev eth0
and no matter what IPv6 prefixes the machine receives, it will always use ::10 for the interface ID without me having to hardcode a prefix:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff
inet6 fd00:1234:5678::10/64 scope global dynamic mngtmpaddr
valid_lft 7173sec preferred_lft 3573sec
inet6 2001:db8::10/64 scope global dynamic mngtmpaddr
valid_lft 2213sec preferred_lft 2213sec
inet6 fe80::1322:33ff:fe44:5566/64 scope link
valid_lft forever preferred_lft forever
What I'm looking for is a way to do this with multiple tokens.
For example, if I want to run two different web servers both on port 80 on this machine, I'd like the machine to have the IPv6 addresses 2001:db8::10/64 and 2001:db8::11/64, and have that automatically update if prefixes are added, removed or changed on the router.
So basically I'm looking for a command like ip set tokens eth0 ::10 ::11 ::12 that would result in a network configuration like this:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff
inet6 fd00:1234:5678::10/64 scope global dynamic mngtmpaddr
valid_lft 7173sec preferred_lft 3573sec
inet6 fd00:1234:5678::11/64 scope global dynamic mngtmpaddr
valid_lft 7173sec preferred_lft 3573sec
inet6 fd00:1234:5678::12/64 scope global dynamic mngtmpaddr
valid_lft 7173sec preferred_lft 3573sec
inet6 2001:db8::10/64 scope global dynamic mngtmpaddr
valid_lft 2213sec preferred_lft 2213sec
inet6 2001:db8::11/64 scope global dynamic mngtmpaddr
valid_lft 2213sec preferred_lft 2213sec
inet6 2001:db8::12/64 scope global dynamic mngtmpaddr
valid_lft 2213sec preferred_lft 2213sec
inet6 fe80::1322:33ff:fe44:5566/64 scope link
valid_lft forever preferred_lft forever
Looking at the manpage for IP tokens, it looks like an interface can only have one IP token.
I also tried the old "IPv4 trick" of adding a subinterface like this:
auto eth0
iface eth0 inet6 auto
auto eth0:2
iface eth0:2 inet6 auto
hoping to be able to set different IP tokens for the main interface and the sub interface, but that seems to be ignored, too.
Searching through the internet I found a bunch of instructions on how to add another static IPv6 address to an interface, but nothing for dynamic IPs.
If I'd like a machine to have like 5 different IPv6 addresses for different services, what's the best way to implement that so that that works when prefixes are added or removed in the route advertisements?
I was playing around with the idea of having a script or something that would be executed upon prefix change and could automatically add and remove the necessary additional IPs, but that sounds like a terrible hack; and I'd need to find a reliable trigger for when a new prefix is announced or an old one is dropped. I could use ip monitor inside a bash script but then I'd need to make sure that script is running all the time and doesn't crash; a hook like in if-pre-up.d would be way more reliable ...
What would be the proper way to do something like that? Is there a proper way to do that?
It's a bit annoying, IPv6 has A) route advertisements to automatically make everything handle a changing prefix without issues, and B) a way to add dozens of IPs to each machine so every service can get their own IP, but it has no easy-to-configure way to have both A) and B)? Or is there, and I just can't find it?
