Hello, could someone give me a hint how to configure routing for two IPv6 providers? I tried to follow "Routing for multiple uplinks/providers" of LARTC but seems I do something wrong because it does work (almost) for a host (router) but doesn't work for LAN hosts. My situation looks as the picture on https://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS PROVIDER1 -------------+ | +------+--------------+ +-----+ | | | | | Linux host (router) |------| LAN | | | | | +------+--------------+ +-----+ | PROVIDER2 -------------+ PROVIDER1 gives me stable /64 prefix. PROVIDER2 provides every time new /64 prefixes (seems they provide /47 network, see below). I want to configure the host (router) to use PROVIDER2 for any outgoing IPv6 connections (including traffic from LAN), except for addresses in PROVIDER1 network. On the other hand, I want to connect to the host and LAN hosts from Internet by their addresses from PROVIDER1 and PROVIDER2. The LAN hosts obtain IPv6 addresses from the router by RA (radvd). I could advertise both prefixes but I stick with PROVIDER2 /64 network though some hosts on LAN have static IPv6 addresses (besides obtained by RA) from PROVIDER1. Technical details: PROVIDER1 is Hurricane Electric, so addresses of it are from 2001:470::/32 network. PROVIDER2 is local ISP provider, it provides IPv6 addresses unofficially (seems they are testing this feature), addresses are from 2a01:620::/32 network. Other detail: despite the picture above I have actually one physical connection to the provider (PROVIDER2) but the host has two "ethernet" devices: he-ipv6 and ppp0. As PROVIDER1 gives me stable /64 network I use these addresses to connect to the host and some LAN hosts from Internet. I tried to follow instructions in section 4.2.1 Split access: P1_NET=2001:470::/32 IF1=he-ipv6 IP1=<XXXX::2> TAB1=HE P1=<XXXX::1> P2_NET=2a01:620::/32 IF2=ppp0 IP2=<ppp0 IPv6 address> TAB2=RT P2=<from ip -6 route> <XXXX::1>: is HE server endpoint address, <XXXX::2>: address on my side of tunnel. <from ip -6 route>: fe80:: address obtained by ppp daemon. I could be wrong with P1/P2 part but nevertheless I did following steps: (copied from my shell script) ------------------------------- 8< -------------------------------- ip -6 route add ${P1_NET} dev ${IF1} src ${IP1} table ${TAB1} ip -6 route add default via ${P1} table ${TAB1} ip -6 route add ${P2_NET} dev ${IF2} src ${IP2} table ${TAB2} ip -6 route add default via ${P2} table ${TAB2} ip -6 route add ${P1_NET} dev ${IF1} # src ${IP1} ip -6 route add ${P2_NET} dev ${IF2} # src ${IP2} ip -6 route add default via ${P2} # ip -6 rule add from ${IP1}/64 table ${TAB1} ------------------------------- 8< -------------------------------- After I run these commands I see that the host uses PROVIDER2 address to ping external hosts (this means, I think, that outgoing packets go through it) but I couldn't ping the host by address from PROVIDER1. As I understand ip -6 route add default via ${P2} makes packets go through IF2 but that prevents access from PROVIDER1 address. I think I should set default route by IF2 (ppp0) but must add special "rule" for 2001:470::/32 network. I did that and then I could ping the host by its address from PROVIDER1 network (XXXX::2). But in either case I couldn't use IPv6 (even ping) from LAN. I would be glad if someone help me to figure out the problem so I could configure the host as I desire (if such configuration doesn't look too weird). --- WBR, Vladimir Lomov -- PL/I -- "the fatal disease" -- belongs more to the problem set than to the solution set. -- Edsger W. Dijkstra, SIGPLAN Notices, Volume 17, Number 5
Attachment:
signature.asc
Description: PGP signature
