[Bug 233283] IPv6 routing problem when using FreeBSD as a VPS at a cloud provider

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Nov 18 00:20:31 UTC 2018


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233283

            Bug ID: 233283
           Summary: IPv6 routing problem when using FreeBSD as a VPS at a
                    cloud provider
           Product: Base System
           Version: 11.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: peo_s at incedo.org

Hi

I have recently seen a rising problem when I replaced a Linux server with
FreeBSD. This is because it is used as a VPS at the cloud provider RamNode.

They (i.e RamNode) have provided an IPv6 gateway that is outside my allotted
/64 block. They have a /48 at each DC. And the IPv6 gw is outside my /64. So
FreeBSD requires me to increase the net mask from /64 to /48 for internet
access to work. They also state this here...
https://clientarea.ramnode.com/knowledgebase.php?action=displayarticle&id=44

This means I have a problem to communicate with a set of servers over IPv6
related to the mask we have specified. I unfortunately now have a sever that I
can use IPv4 only to because of this.

Linux and windows obviously accept having gateways outside its network scope.
Why, I do not know... I of course think this is wrong. OpenBSD and FreeBSD
don’t accept this handling of gateways outside the net mask scope… If it is RFC
compliant or not, I do not know. I have not checked…. And I think FreeBSD is
actually behaving right. 

I logged a case at RamNode...

The problem is that RamNode states that most cloud providers behaves in the
same way. So now it just became a problem if we want to use FreeBSD at the
cloud providers with IPv6.

RamNode stated:
—snip—
This kind of setup does appear to be odd but if you search you will see there
are a number of large providers that take the same approach. Users on these
other providers also experience issues with the gateway being outside of the
subnet on BSD. Unfortunately I do not have specific knowledge as to why our
configuration is this way but it does appear to be common.
—snip—

So… I am working primarily with security. As I do not see any immediate
security issue doing this, is it possible to add an rc.conf flag to accept
gateways outside the net-mask scope? Otherwise, FreeBSD is not the horse to bet
on for the future as VPS:es on the internet.



/Peo

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list