ipv6 default router Operation not permitted
Fleuriot Damien
ml at my.gd
Wed Mar 13 13:19:29 UTC 2013
On Mar 13, 2013, at 2:10 PM, Schrodinger <schrodinger at konundrum.org> wrote:
> On 2013/03/13 14:02, Fleuriot Damien wrote:
>>
>> On Mar 13, 2013, at 1:52 PM, Schrodinger <schrodinger at konundrum.org> wrote:
>>
>>> On 2013/03/13 12:27, Mark Martinec wrote:
>>>
>>> Hi Mark,
>>>
>>>> On Wednesday March 13 2013 10:17:27 Schrodinger wrote:
>>>>> ifconfig_re0_ipv6="inet6 2001:41D0:2:E7c4::1 prefixlen 64"
>>>>> [...]
>>>>> Voodoo, indeed... I'm sure there's a /48 used somewhere but to be more
>>>>> specific, or rather obvious, my default gateway resides at the boundary
>>>>> of a /56 - 2001:41D0:2:E700::/56
>>>>
>>>> Having multiple IPv6 subnets on the same wire is asking for trouble.
>>>>
>>>
>>> This isn't my network so I don't have any input into the matter. This
>>> is the OVH configuration for their dedicated servers, at least in my
>>> product range.
>>>
>>>> For example, I believe an ICMP redirect still (in 9.1) does not create
>>>> a temporary route:
>>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=152791
>>>> which beat us hard time (random unreachability between hosts),
>>>> having to rearrange that legacy segment which happened to have
>>>> two subnets on the same wire.
>>>>
>>>> The static routes destinations must be directly reachable (on-link).
>>>>
>>>
>>> Does adding the interface route not put the default gateway on-link
>>> though ?
>>>
>>>> Either use a single /56 for the whole LAN, adjusting the prefix
>>>> length on each interface, or provide a router within each subnet.
>>>>
>>>
>>> If I am to change my prefix length to /56 this means that anyone else in
>>> that /56 who is configured with a prefix length of 64 will be routing to
>>> me and I will be swicthing to them.... This could cause problems.
>>
>>
>> I fail to see how they would be routing to you and you would be switching to them.
>>
>>
>> OVH allocates a /64 per customer.
>> To avoid having to setup 1 gateway per customer, they set up a single one within a /56 , allowing for 256 /64s
>> This mimics the situation where your host gives you a /32 ipv4 withing a /24 network and uses a single gateway, again for 250ish customers.
>>
>> Whenever an IPv6 packet arrives on OVH's router for your /64, it is routed to your server.
>> I don't see how this qualifies as "another customer routing to you" ?
>>
>
> I am informed that I must configure my interface to /64 by OVH. The same
> as everyone else. So if everyone was on a /64 then we will send packets
> to each other via our shared default gateway.
>
> E.g.:
>
> I am 2001:41d0:2:e7c4::1/64 My default gateway is
> 2001:41d0:2:e7ff:ff:ff:ff:ff
>
> If I wanted to communicate with a host in 2001:41d0:2:e7c5::/64 and his
> default gateway is also 2001:41d0:2:e7ff:ff:ff:ff:ff then we will route
> packets to each other.
>
> Correct?
>
> If I were to change my interface prefix length to /56 my host would no
> longer consider the need to send packets to the default gateway for any
> host within this /56. I would simply perform Neighbour Solicitation on
> my link.
>
> E.g.:
>
> I am 2001:41d0:2:e7c4::1/56 My default gateway is
> 2001:41d0:2:e7ff:ff:ff:ff:ff
>
> If I wanted to communicate with a host in 2001:41d0:2:e7c5::/64 and his
> default gateway is also 2001:41d0:2:e7ff:ff:ff:ff:ff then I would switch
> to him because the /56 is "on-link" to me but to the recipient he must
> route to me via his default gateway.
>
> Correct?
>
> C.
> --
These are indeed correct, thanks for clarifying.
Find below the config I'm using on an old OVH box.
Said config might be outdated now (as per OVH's guide on setting up IPv6 [1]) , however that was at the time the only way to get things working properly.
rc.conf
===
#Range IPv6: 2001:41D0:2:613b::/64
ipv6_enable="YES"
ipv6_ifconfig_re0="fe80::21c:c0ff:fef3:31fa/64 scopeid 0x1"
ipv6_ifconfig_re0_alias0="2001:41d0:2:613b::dead:beef/56"
ipv6_defaultrouter="2001:41d0:2:61ff:ff:ff:ff:ff"
===
routing table
===
$ netstat -f inet6 -rn
Routing tables
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default 2001:41d0:2:61ff:ff:ff:ff:ff UGS re0
::1 ::1 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:41d0:2:6100::/56 link#1 U re0
2001:41d0:2:613b::dead:beef link#1 UHS lo0
fe80::/10 ::1 UGRS lo0
fe80::%re0/64 link#1 U re0
fe80::21c:c0ff:fef3:31fa%re0 link#1 UHS lo0
fe80::%lo0/64 link#2 U lo0
fe80::1%lo0 link#2 UHS lo0
ff01:1::/32 fe80::21c:c0ff:fef3:31fa%re0 U re0
ff01:2::/32 ::1 U lo0
ff02::/16 ::1 UGRS lo0
ff02::%re0/32 fe80::21c:c0ff:fef3:31fa%re0 U re0
ff02::%lo0/32 ::1 U lo0
===
Notice that said config actually works:
===
$ ping6 www.google.com
PING6(56=40+8+8 bytes) 2001:41d0:2:613b::dead:beef --> 2a00:1450:4007:804::1014
16 bytes from 2a00:1450:4007:804::1014, icmp_seq=0 hlim=57 time=4.461 ms
16 bytes from 2a00:1450:4007:804::1014, icmp_seq=1 hlim=57 time=4.462 ms
16 bytes from 2a00:1450:4007:804::1014, icmp_seq=2 hlim=57 time=4.405 ms
^C
--- www.google.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 4.405/4.443/4.462/0.027 ms
===
Either way, you might want to have a look at OVH's guide [1] but in my own case, using a /56 was, at the time, the only way to get things working in a clean way.
[1] http://help.ovh.com/Ipv4Ipv6#link10
More information about the freebsd-net
mailing list