Re: Question about proper IPv6 configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Halassy Zoltán a écrit :


My ISP own the address space 1234::/16
I own the address space 1234:100::/32
My ISP gave me the extra address 1234:0:ffff:100::2 (lower than my address space) from their address space, and using 1234:0:ffff:100::1 as gateway. This subnet is only /126 large. 

Later you wrote /112. Is it /126 or /112 ?
My ISP forbids to use this extra IP for global purposes, it's only for routing, they even firewall it out, when i try let's say ping6 ipv6.google.com with that address. 

Ok. It serves as a kind of local prefix.


eth0 has global address 1234:0:ffff:100::2
Default gateway is 1234:0:ffff:100::1
eth1 has global address 1234:100::1
Computers behind eth1 using 1234:100::1 as default gateway, their connectivity is fine.
And here started my problem, on the gateway i would like to maintain a service, eg. NTP.
programs picks up the address 1234:0:ffff:100::2 so they won't reach their destination.
So i added the ip 1234:100::1 to eth0 too (noticed that programs picks up the last added IP address mostly),
Yes, the IPv6 default source address selection in the kernel is kinda tricky.
and then removed the subnet routing rule to prevent the comp to search hosts belonging that subnet over eth0.
This should not be necessary if you add only a single address (/128) to eth0, not a subnet.
I was thinking on different things, i know the kernel can hold multiple routing tables
Yes, but I do not see how this might help here. The problem is source address selection, and as you noticed, the 'src' option in ip -6 route is ignored.
Here is a workaround which may work. IIUC 1234:0:ffff:100::2 is used only for routing : the ISP's router uses it as the nexthop to route your prefix. Since your box has IPv6 forwarding enabled, you can use ND proxy, which does the same as ARP proxy in IPv4.
Do not add 1234:0:ffff:100::2 to eth0. You do not even need to add an IPv6 global address to eth0 : the box will use any other available global address (i.e. the one on eth1) when communicating on eth0. Instead : 

  # add a ND proxy entry for 1234:0:ffff:100::2
  ip -6 neigh add proxy 1234:0:ffff:100::2 dev eth0
  # add a route to the link subnet 1234:0:ffff:100::/126 (or /112)
  ip -6 route add 1234:0:ffff:100::/126 dev eth0
  # add the default route
  ip -6 route default via 1234:0:ffff:100::1 dev eth0

For kernels 2.6.19 and above, you also need to enable proxy ND on eth0 :

  sysctl -w net/ipv6/conf/eth0/proxy_ndp=1
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux