[Babel-users] policy routing
dave.taht at gmail.com
Sat Feb 4 20:27:26 PST 2012
On Sun, Feb 5, 2012 at 3:25 AM, Dave Taht <dave.taht at gmail.com> wrote:
> While this takes the form of a rant, I have been rather slowly building
> up a set of ip6tables,
> iptables, and ip rules that almost, sort of, kind of, handle the exterior
> gateway and interior
> gateway problems that ipv6 introduces, and it really isn't
To add to the fun, let me talk to the ipv6 naming problem... I realize that
ipv6 is not 'bloat', however:
A) we are attempting to treat ipv6 as a first class protocol throughout, in
testing, and building AQMs. No shaper that I know of is doing entirely the
right thing in the presence of ipv6, I'd like to correct that. Take for
example, multicast... please.
Absolutely everything in the bloatlab, and in cerowrt, are ipv6 enabled....
B) tunneling of various sorts introduces interesting problems for shapers...
C) Certain things we think are worthwhile to do (such as ECN) may only be
possible to roll out on ipv6...
D) Fixing bloat, home cpe, and ipv6 all at the same time saves on two
So, I digress into my own problem in trying to create usable ipv6 testbeds,
which is how this thread sort of started.
While I'm going to pick on bind9 here, it also applies to many other
1) bind9 attempts to bind to all interfaces individually. This includes
internal interfaces such as 'ifbX', which are not really interfaces at all.
Similar issues with various tunneled interfaces. You can of course, use
acls, but those are static, and there is no way to use a pattern that would
be - don't bother with this interface (I think)
2) Or, you could maybe just bind to *, but then you'd have to use some sort
of pattern on the acls so that your *:*:*:00FF::/56 was your internal
network... or maybe try to use anycast, if anyone can explain how to use
anycast without BGP....
2) Interfaces are dynamic. Wireless ones in particular. So bind polls for
new interfaces on a configurable basis. Assuming you are actually routing
stuff well, it pays to merely make bind available on two ipv6 addresses,
one internal, one external, so you can implement views.
3) But IPv6 addresses change. The one you want might not be available on
There seems to be no means to be alerted of an address change on an
interface in Linux. Lacking such a message (does one exist?), it polls for
Then we get to the naming problem. I'd like to think we have that one
licked (back in june of last year, leveraging dhcp information to inform
the dns server of ipv6 autoconfig info), except that coping when ipv6
addresses change for whatever reason (power failures, being withdrawn by
the isp, a physical move, you have a 2^64 name space to cleanup or rename,
somehow.... or when one gets added to an existing device, or when there are
private and public ips in play.... or when you are using stateful
configuration in an environment that may not have that working entirely...
US Tel: 1-239-829-5608
FR Tel: 0638645374
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bloat-devel