Is using net.ipv6.conf.all.forwarding correct?

[squeed]

Enabling ipv6 forwarding has some interesting side-effects. According to the kernel docs:

If local forwarding is enabled, Router behaviour is assumed.
This means exactly the reverse from the above:

1. IsRouter flag is set in Neighbour Advertisements.
2. Router Solicitations are not sent unless accept_ra is 2.
3. Router Advertisements are ignored unless accept_ra is 2.
4. Redirects are ignored.

We almost certainly do not want to do this globally. As the kernel docs say,

It is recommended to have the same setting on all interfaces; mixed router/host scenarios are rather uncommon.

However, that's exactly the scenario we might find ourselves in.

So, if we want to support a host with a SLAAC uplink and, say, host-local masqueraded link, I think we'll be in trouble. I need to do some experimenting and test this out.

[squeed]

So, I did some investigation. Fortunately, we're mostly OK.

The IsRouter flag is set on Neighbor Advertisement messages - it does not cause Router Advertisement messages to be sent. This is good.

However, administrators will probably want to set accept_ra to 2 on their uplink interface. We should probably not set this by default, but it will be necessary for hosts using SLAAC for their uplink.

[squeed]

Next TODO: can we get away with setting forward only on the host-side interface?

[squeed]

Another interesting discovery: If you want to do Masquerading (i know, i know), then net.ipv6.conf.all.forwarding must be 1. Even enabling it on every interface, but not for all, isn't sufficient.

[squeed]

Closing this; there's nothing to do here.