Avoid using RFC3927 outside of the link

Alarig Le Lay alarig at swordarmor.fr
Sun Feb 5 18:44:32 UTC 2017 

On mar. 20 déc. 09:57:44 2016, Eugene Grosbein wrote:
> 20.12.2016 4:01, Alarig Le Lay пишет:
> > On Tue Dec 20 02:34:29 2016, Eugene Grosbein wrote:
> > > Well, you can always use brute force instead:
> > > 
> > > ipfw nat 169 config reset ip 89.234.186.1 && \
> > > ipfw add 60 nat 169 ip from 169.254.0.0/16 to any out xmit igb0
> > > 
> > > That's ugly but works.
> > 
> > I will work just by side effect: by doing this, I will send BGP packets
> > from 89.234.186.1, which is an IP than the peer learned by BGP. This will
> > create a recursive loop, and the session will be shut. So, no more
> > traffic will transit through this interface, and this IP will not be
> > displayed anymore :p
> 
> You could also use another public IP as primary address for interface in question
> and an address from 169.254.0.0/16 as secondary one. BGP will still work and
> kernel/ICMP will use public IP.

Hi,

I tried this, but the box is still replying from 169.254.0.0/16:

alarig at scw-0eb563:~$ mtr -4bw kaiminus.swordarmor.fr
Start: Sun Feb  5 18:33:13 2017
HOST: scw-0eb563                                           Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 10.2.18.150                                           0.0%    10    0.4   0.4   0.3   0.5   0.0
  2.|-- ???                                                  100.0    10    0.0   0.0   0.0   0.0   0.0
  3.|-- 10.1.96.0                                             0.0%    10    0.6   0.6   0.5   0.9   0.0
  4.|-- ???                                                  100.0    10    0.0   0.0   0.0   0.0   0.0
  5.|-- 188-225-47-212.int.cloud.online.net (212.47.225.188)  0.0%    10    1.9   1.3   0.6   2.3   0.0
  6.|-- 195.154.1.38                                          0.0%    10    1.9   1.3   1.0   2.1   0.0
  7.|-- 195.154.1.193                                         0.0%    10    2.2   2.7   1.4   5.7   1.2
  8.|-- equinix-th2.quantic-telecom.net (195.42.144.192)      0.0%    10    1.6   1.8   1.2   2.8   0.3
  9.|-- 185.132.75.33                                         0.0%    10    8.2   8.4   7.8   9.4   0.3
 10.|-- 169.254.1.3                                           0.0%    10    8.4   8.6   7.9   9.4   0.0
 11.|-- kaiminus.swordarmor.fr (89.234.186.26)                0.0%    10    8.1   9.2   8.1   9.9   0.3

I did this commands:
birdc disable bgp_quantic
birdc6 disable bgp_quantic
ifconfig em0.21 down
ifconfig em0.21 destroy
ifconfig em0.21 create
ifconfig em0.21 description "transit quantic"
ifconfig em0.21 vlan 21 vlandev em0
ifconfig em0.21 inet 169.254.1.2/29
ifconfig em0.21 inet 89.234.186.7/32 alias
ifconfig em0.21 inet6 2a06:e040:3501:0101:0002::2/80
birdc enable bgp_quantic
birdc6 enable bgp_quantic

I also tried to put 89.234.186.7/32 as primary and 169.254.1.2/29 as
alias.

Also, the routes are installed like this:
root at nominoe:~ # netstat -rn | grep 169.254.1.1 | head
1.0.129.0/24       169.254.1.1        UG1      em0.21
1.0.144.0/20       169.254.1.1        UG1      em0.21

So, am I right if I say that the box will always use 169.254.1.2 as
source address because the next hop is 169.254.1.1?

Thanks,
-- 
alarig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20170205/d6ca849f/attachment.sig>

More information about the freebsd-net mailing list