ipv6 default router Operation not permitted

Schrodinger schrodinger at konundrum.org
Wed Mar 13 13:10:21 UTC 2013 

On 2013/03/13 14:02, Fleuriot Damien wrote:
> 
> On Mar 13, 2013, at 1:52 PM, Schrodinger <schrodinger at konundrum.org> wrote:
> 
> > On 2013/03/13 12:27, Mark Martinec wrote:
> > 
> > Hi Mark,
> > 
> >> On Wednesday March 13 2013 10:17:27 Schrodinger wrote:
> >>> ifconfig_re0_ipv6="inet6 2001:41D0:2:E7c4::1 prefixlen 64"
> >>> [...]
> >>> Voodoo, indeed... I'm sure there's a /48 used somewhere but to be more
> >>> specific, or rather obvious, my default gateway resides at the boundary
> >>> of a /56 - 2001:41D0:2:E700::/56
> >> 
> >> Having multiple IPv6 subnets on the same wire is asking for trouble.
> >> 
> > 
> > This isn't my network so I don't have any input into the matter. This
> > is the OVH configuration for their dedicated servers, at least in my
> > product range.
> > 
> >> For example, I believe an ICMP redirect still (in 9.1) does not create
> >> a temporary route:
> >>  http://www.freebsd.org/cgi/query-pr.cgi?pr=152791
> >> which beat us hard time (random unreachability between hosts),
> >> having to rearrange that legacy segment which happened to have
> >> two subnets on the same wire.
> >> 
> >> The static routes destinations must be directly reachable (on-link).
> >> 
> > 
> > Does adding the interface route not put the default gateway on-link
> > though ?
> > 
> >> Either use a single /56 for the whole LAN, adjusting the prefix
> >> length on each interface, or provide a router within each subnet.
> >> 
> > 
> > If I am to change my prefix length to /56 this means that anyone else in
> > that /56 who is configured with a prefix length of 64 will be routing to
> > me and I will be swicthing to them.... This could cause problems.
> 
> 
> I fail to see how they would be routing to you and you would be switching to them.
> 
> 
> OVH allocates a /64 per customer.
> To avoid having to setup 1 gateway per customer, they set up a single one within a /56 , allowing for 256 /64s
> This mimics the situation where your host gives you a /32 ipv4 withing a /24 network and uses a single gateway, again for 250ish customers.
> 
> Whenever an IPv6 packet arrives on OVH's router for your /64, it is routed to your server.
> I don't see how this qualifies as "another customer routing to you" ?
> 

I am informed that I must configure my interface to /64 by OVH. The same
as everyone else. So if everyone was on a /64 then we will send packets
to each other via our shared default gateway.

E.g.:

I am 2001:41d0:2:e7c4::1/64 My default gateway is
2001:41d0:2:e7ff:ff:ff:ff:ff

If I wanted to communicate with a host in 2001:41d0:2:e7c5::/64 and his
default gateway is also 2001:41d0:2:e7ff:ff:ff:ff:ff then we will route
packets to each other.

Correct?

If I were to change my interface prefix length to /56 my host would no
longer consider the need to send packets to the default gateway for any
host within this /56. I would simply perform Neighbour Solicitation on
my link.

E.g.:

I am 2001:41d0:2:e7c4::1/56 My default gateway is
2001:41d0:2:e7ff:ff:ff:ff:ff

If I wanted to communicate with a host in 2001:41d0:2:e7c5::/64 and his
default gateway is also 2001:41d0:2:e7ff:ff:ff:ff:ff then I would switch
to him because the /56 is "on-link" to me but to the recipient he must
route to me via his default gateway.

Correct?

C.
-- 
+---------------------------------------------------------------+
Quidquid latine dictum sit, altum sonatur.
MSN: schro5 at hotmail.com
ICQ: 112562229
GPG: http://www.konundrum.org/schro.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20130313/251cd231/attachment.sig>

More information about the freebsd-net mailing list