Point-to-point using GRE over IPv6 -> not possible with a single /128 address on the server?

Andreas Nilsson andrnils at gmail.com
Wed Feb 20 10:04:12 UTC 2019 

On Tue, Feb 19, 2019 at 5:37 PM Peter G. <freebsd at disroot.org> wrote:

> On 19/02/2019 14:06, Andreas Nilsson wrote:
> > On Tue, Feb 19, 2019 at 1:38 PM Peter G. <freebsd at disroot.org> wrote:
> >
> >> On 15/02/2019 17:49, Peter G. wrote:
> >>> Now the GRE tunnel
> >>>
> >>>> ifconfig gre6 create
> >>>> ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6
> >>> #ifconfig: ioctl (SIOCAIFADDR): File exists
>
> > I have not used gre with ipv6, so I cannot really be of any help. However
> > for ipv4 you specify a netmask while setting up the interface, whereas
> you
> > do not while setting up the ipv6. I also notice that you list fc02:e::200
> > for "other end" but in the commands you have fc:02:e::200 which I guess
> is
> > just typo. Does
> >
> > ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 prefixlen 128 tunnelfib 6
> >
> > work? Or the whole thing
> >
> > ifconfig gre6 inet6 fc01:e::100 fc02:e::200 tunnel fc01:e::100
> fc02:e::200
> > prefixlen 128 tunnelfib 6
>
> Thanks for answering. The "full" syntax including tunnel definition also
> generates the same error, and
>
> ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 prefixlen 128 tunnelfib 6
>
> seems to be equivalent to
>
> ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6
>
> that is, specifying no prefixlen implies "prefixlen 128". Also tried that.
>
> There's seems to be a quirk how IPv6 is handled. If a particular IPv6
> address is already set on the physical interface, using that particular
> address for a GRE definition (i.e. "fc01:e::100" in this case, so single
> /128), always generates:
>
> ioctl (SIOCAIFADDR): File exists
>
> This is what confuses me. Using IPv4 this way is not an issue. A /32
> address can be set on an interface and the same address can be used for
> a GRE link. That's what tunnelfib/FIB is for, to separate routing for GRE.
>
> And this is what *does not work with IPv6* and I don't understand why.
>
> Seems to me the server needs to have a whole IPv6 range, and then an
> address from that range can be allocated to create/maintain GRE links,
> so this can't work with a /128 address available only.
>
> The problem is that this particular server I need this on, only has a
> single /128 address allocated to it.
>
> _The bottom line:_ I don't understand why an already allocated /128
> address can't be used for a GRE link with its own separate FIB. This is
> not logical.
>
> PG
>

I did some experimenting yesterday, and it seems to be missbehaving yes.
Seems routes shows up in wrong fib and don't go away when the gre interface
is destroyed.

I also had a few kernel panics, so the whole fibs with ipv6 seems a bit
wonky. I think you might want to submit a bug report.

Best regards
Andreas

More information about the freebsd-net mailing list