[Cerowrt-users] 6in4 links

[Cerowrt-users] 6in4 links

[Michael Richardson]

I have a few 6in4 static tunnels on my border machine at home.
This is mostly to avoid stupid non-native v6 paths that do not
follow v4 paths across town.  (I have native v6 at home, but not at
work, go figure...)

I create a 6in4 interface, and added the /48 route across it.

(I happened to have numbered my point to interface with 2002: addresses.
On *BSD, you don't need to create a tunnel interface, you can just use
route add to a 2002: address to make things work if you have stf0
configured... this fails on Linux for reasons I understand, but don't
know how to fix)

The problem is that the interface that is created is a /128, and it's
the ::2, but since it is a /128, the ::1 isn't "On-network", so the
static route fails.

I tried without a target IP address, so that it would be a device route,
but that didn't help either.  I wound up hacking this in the shell, but
that likely won't stick.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 

Re: [Cerowrt-users] 6in4 links

[Dave Taht]

Hmm. I use static routes in quagga for 6in4... see the
/etc/config/zebra.conf file.

http://www.bufferbloat.net/issues/406

On Mon, Dec 10, 2012 at 3:04 AM, Michael Richardson <mcr@sandelman.ca> wrote:
>
> I have a few 6in4 static tunnels on my border machine at home.
> This is mostly to avoid stupid non-native v6 paths that do not
> follow v4 paths across town.  (I have native v6 at home, but not at
> work, go figure...)
>
> I create a 6in4 interface, and added the /48 route across it.
>
> (I happened to have numbered my point to interface with 2002: addresses.
> On *BSD, you don't need to create a tunnel interface, you can just use
> route add to a 2002: address to make things work if you have stf0
> configured... this fails on Linux for reasons I understand, but don't
> know how to fix)
>
> The problem is that the interface that is created is a /128, and it's
> the ::2, but since it is a /128, the ::1 isn't "On-network", so the
> static route fails.
>
> I tried without a target IP address, so that it would be a device route,
> but that didn't help either.  I wound up hacking this in the shell, but
> that likely won't stick.
>
> --
> ]       He who is tired of Weird Al is tired of life!           |  firewalls  [
> ]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
> ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
>    Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
>                        then sign the petition.
>
>
>
>
>
> _______________________________________________
> Cerowrt-users mailing list
> Cerowrt-users@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-users



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-users] 6in4 links

[Phil Pennock]

On 2012-12-09 at 21:04 -0500, Michael Richardson wrote:
> The problem is that the interface that is created is a /128, and it's
> the ::2, but since it is a /128, the ::1 isn't "On-network", so the
> static route fails.

Er, a /128 means there can be no route associated with it, this is used
typically for things like additional aliases on an interface.  To use
this for sending traffic, you'd need a concept of "pump to far side"
which exists for things like a tunnel, but not for stf0, which is able
to talk to arbitrary end-points.

For stf0, perhaps you want a /16 ?

You might want a /127 per RFC 6164 (and RFC 6547 explicitly
recategorised the /127s-harmful RFC as historic).  Note that a ::1 and a
::2 would still be on different networks for a /127.  You perhaps want
::2 and ::3 (or a /126 but then consider the ping-pong issues).

-Phil

Re: [Cerowrt-users] 6in4 links

[Dave Taht]

On Mon, Dec 10, 2012 at 9:45 AM, Phil Pennock <phil.pennock@spodhuis.org> wrote:
> On 2012-12-09 at 21:04 -0500, Michael Richardson wrote:
>> The problem is that the interface that is created is a /128, and it's
>> the ::2, but since it is a /128, the ::1 isn't "On-network", so the
>> static route fails.
>
> Er, a /128 means there can be no route associated with it, this is used
> typically for things like additional aliases on an interface.

Actually, we route p2p /128's via the babel protocol, and distribute
/128s via the ahcp protocol. Works great.

> To use
> this for sending traffic, you'd need a concept of "pump to far side"
> which exists for things like a tunnel, but not for stf0, which is able
> to talk to arbitrary end-points.
>
> For stf0, perhaps you want a /16 ?
>
> You might want a /127 per RFC 6164 (and RFC 6547 explicitly
> recategorised the /127s-harmful RFC as historic).  Note that a ::1 and a
> ::2 would still be on different networks for a /127.  You perhaps want
> ::2 and ::3 (or a /126 but then consider the ping-pong issues).
>
> -Phil
> _______________________________________________
> Cerowrt-users mailing list
> Cerowrt-users@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-users



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-users] 6in4 links

[Phil Pennock]

On 2012-12-10 at 09:47 +0100, Dave Taht wrote:
> On Mon, Dec 10, 2012 at 9:45 AM, Phil Pennock <phil.pennock@spodhuis.org> wrote:
> > On 2012-12-09 at 21:04 -0500, Michael Richardson wrote:
> >> The problem is that the interface that is created is a /128, and it's
> >> the ::2, but since it is a /128, the ::1 isn't "On-network", so the
> >> static route fails.
> >
> > Er, a /128 means there can be no route associated with it, this is used
> > typically for things like additional aliases on an interface.
> 
> Actually, we route p2p /128's via the babel protocol, and distribute
> /128s via the ahcp protocol. Works great.

I was imprecise.  Sure, with routing delegated by the kernel to a
routing daemon, you can do anything routing-wise, all bets are off.

I know you know this Dave; I'm not trying to teach you how to suck
rotten eggs, I'm clarifying my assertion.

For _static_ routes, per the OP, where you have link-layer addresses and
need to make a determination of what link-layer address should be
attached to a frame going out of an interface, a /128 does not convey
enough information.  Something needs to translate the routing
information from the user-space layer to something that can be used for
packets.  The route(8) command can not specify L2 recipient addresses.

On Linux, you can specify a peer's L2 address with ifconfig(8) or ip(8),
which can work in conjunction with a route, which might be enough for
the OP, depending upon exactly what is happening?

-Phil