Avoid using RFC3927 outside of the link
Alarig Le Lay
alarig at swordarmor.fr
Sun Feb 5 18:44:32 UTC 2017
On mar. 20 déc. 09:57:44 2016, Eugene Grosbein wrote:
> 20.12.2016 4:01, Alarig Le Lay пишет:
> > On Tue Dec 20 02:34:29 2016, Eugene Grosbein wrote:
> > > Well, you can always use brute force instead:
> > >
> > > ipfw nat 169 config reset ip 89.234.186.1 && \
> > > ipfw add 60 nat 169 ip from 169.254.0.0/16 to any out xmit igb0
> > >
> > > That's ugly but works.
> >
> > I will work just by side effect: by doing this, I will send BGP packets
> > from 89.234.186.1, which is an IP than the peer learned by BGP. This will
> > create a recursive loop, and the session will be shut. So, no more
> > traffic will transit through this interface, and this IP will not be
> > displayed anymore :p
>
> You could also use another public IP as primary address for interface in question
> and an address from 169.254.0.0/16 as secondary one. BGP will still work and
> kernel/ICMP will use public IP.
Hi,
I tried this, but the box is still replying from 169.254.0.0/16:
alarig at scw-0eb563:~$ mtr -4bw kaiminus.swordarmor.fr
Start: Sun Feb 5 18:33:13 2017
HOST: scw-0eb563 Loss% Snt Last Avg Best Wrst StDev
1.|-- 10.2.18.150 0.0% 10 0.4 0.4 0.3 0.5 0.0
2.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
3.|-- 10.1.96.0 0.0% 10 0.6 0.6 0.5 0.9 0.0
4.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
5.|-- 188-225-47-212.int.cloud.online.net (212.47.225.188) 0.0% 10 1.9 1.3 0.6 2.3 0.0
6.|-- 195.154.1.38 0.0% 10 1.9 1.3 1.0 2.1 0.0
7.|-- 195.154.1.193 0.0% 10 2.2 2.7 1.4 5.7 1.2
8.|-- equinix-th2.quantic-telecom.net (195.42.144.192) 0.0% 10 1.6 1.8 1.2 2.8 0.3
9.|-- 185.132.75.33 0.0% 10 8.2 8.4 7.8 9.4 0.3
10.|-- 169.254.1.3 0.0% 10 8.4 8.6 7.9 9.4 0.0
11.|-- kaiminus.swordarmor.fr (89.234.186.26) 0.0% 10 8.1 9.2 8.1 9.9 0.3
I did this commands:
birdc disable bgp_quantic
birdc6 disable bgp_quantic
ifconfig em0.21 down
ifconfig em0.21 destroy
ifconfig em0.21 create
ifconfig em0.21 description "transit quantic"
ifconfig em0.21 vlan 21 vlandev em0
ifconfig em0.21 inet 169.254.1.2/29
ifconfig em0.21 inet 89.234.186.7/32 alias
ifconfig em0.21 inet6 2a06:e040:3501:0101:0002::2/80
birdc enable bgp_quantic
birdc6 enable bgp_quantic
I also tried to put 89.234.186.7/32 as primary and 169.254.1.2/29 as
alias.
Also, the routes are installed like this:
root at nominoe:~ # netstat -rn | grep 169.254.1.1 | head
1.0.129.0/24 169.254.1.1 UG1 em0.21
1.0.144.0/20 169.254.1.1 UG1 em0.21
So, am I right if I say that the box will always use 169.254.1.2 as
source address because the next hop is 169.254.1.1?
Thanks,
--
alarig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20170205/d6ca849f/attachment.sig>
More information about the freebsd-net
mailing list