Thursday 7 November 2013

VLAN's on linux

A quick search for VLAN setup on Linux brings up a few old docs which suggest the use of the 'vconfig' utility. But these days one can use the very versatile 'ip' command as explained here. For example one can create a VLAN interface on the eth0 hardware interface with VLAN ID 2 like this:
sudo ip link add link eth0 name eth0.2 type vlan id 2
One can assign an address to the interface like a normal interface:
sudo ip addr add 192.168.2.2/24 dev eth0.2
And to delete the address:
sudo ip link del dev vlan0  type vlan id 2
To show list full details of the interfaces (including VLAN id):
ip -d link

Tuesday 5 November 2013

iOS7 uses IPv6 privacy address extensions

I got a curious warning from Google about a 'Suspicious sign in prevented' which turned out to be a connection over IPv6 from my iPhone to Gmail. I'm aware that I've been using IPv6 for a while now - it's been in iOS since iOS4 I think - so either Google has recently started warning people about changing IPv6 logins, or iOS7 has updated their implementation to include IPv6 privacy extensions (Specified in RFC4941). Either way it seems iOS7 is definitely using IPv6 privacy addressing (and possibly older versions of iOS also) which means that the IPv6 address of your iPhone/iPad will change over time and will not reflect the underlying Ethernet hardware MAC address (as it does for the basic stateless autoconfiguration).

It seems that privacy addressing is becoming the default as a number of OSes have adopted them (Linux, OSX, Windows) a while ago. Overall I think it's a good thing as I'm not sure I want my device to potentially be tracked by its hardware address (which is largely contained in a normal autoconfigured IPv6 address).