IPv6 Privacy Addresses

Introduction

CDRouter has support for IPv6 privacy extensions for autoconf addresses on the LAN as specified by RFC 4941. The RFC aims to reduce the ability of attackers to track an IPv6 node using the interface identifier found in autoconf addresses:

Addresses generated using stateless address autoconfiguration
[ADDRCONF] contain an embedded interface identifier, which remains
constant over time.  Anytime a fixed identifier is used in multiple
contexts, it becomes possible to correlate seemingly unrelated
activity using this identifier.

To solve this problem, RFC 4941 introduces IPv6 “privacy addresses” which are autoconf addresses generated using a random interface identifier rather than the typical EUI-64 identifier which is derived from a node’s MAC address.

Configuration

IPv6 privacy addresses can be enabled on a per-LAN interface level by setting ipv6LanPrivacyAddresses to yes:

testvar ipv6LanPrivacyAddresses yes

When enabled, CDRouter will use a randomly generated interface identifier when configuring privacy addresses for all link-local, unique-local (when ipv6LanULAMode is autoconf) and global addresses (when ipv6LanMode is autoconf) configured using autoconf on the given LAN interface. At the start of each test case, CDRouter will reconfigure each privacy address using a new randomly generated interface identifier. Below is an example of the logs produced by this event:

INFO(cdr-mp-2847): 13:27:09.207| Starting test icmpv6_6 (2847)
INFO(lan): 13:27:09.226| IPv6 privacy addresses are enabled on interface lan
INFO(lan): 13:27:09.226| Generating new link-local privacy address for interface lan
O>>>(lan): 13:27:09.226| :: ff02::1:ffbc:3030 ICMPv6 Neighbor Solicitation
INFO(lan): 13:27:09.227| Generating new global privacy address for interface lan
O>>>(lan): 13:27:09.227| :: ff02::1:ffbc:3030 ICMPv6 Neighbor Solicitation
INFO(lan): 13:27:09.227| Autoconf is generating a new IPv6 privacy address
INFO(lan): 13:27:09.227| Setting IPv6 address to 3001:dddd:0:1:6d2f:9418:17bc:3030
INFO(lan): 13:27:09.227| Announcing new IPv6 address 3001:dddd:0:1:6d2f:9418:17bc:3030
O>>>(lan): 13:27:09.227| fe80::6d2f:9418:17bc:3030 ff02::1 ICMPv6 Neighbor Advertisement

Limitations

Although RFC 4941 specifies that a separate random identifier should be generated for each privacy address, CDRouter only generates a single random identifier at the start of each test case and uses it to reconfigure each privacy address. Furthermore, RFC 4941 specifies that privacy addresses should be reconfigured with a new random interface identifier after a given period of time has elapsed. CDRouter instead chooses to reconfigure privacy addresses only at the start of each test case. Both of these choices were made to prevent errors from occurring during testing.