How to configure routing for two IPv6 providers

lartc.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Vladimir Lomov <lomov.vl@yandex.ru>
To: lartc@vger.kernel.org
Subject: How to configure routing for two IPv6 providers
Date: Fri, 11 Dec 2020 13:28:31 +0000	[thread overview]
Message-ID: <X9Nz/3aQnQEkYv9h@smoon.bkoty.ru> (raw)

[-- Attachment #1: Type: text/plain, Size: 4019 bytes --]

Hello,

could someone give me a hint how to configure routing for two IPv6 providers?

I tried to follow "Routing for multiple uplinks/providers" of LARTC but seems I
do something wrong because it does work (almost) for a host (router) but doesn't
work for LAN hosts.

My situation looks as the picture on
https://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS

  PROVIDER1 -------------+
                         |
                  +------+--------------+      +-----+
                  |                     |      |     |
                  | Linux host (router) |------| LAN |
                  |                     |      |     |
                  +------+--------------+      +-----+
                         |
  PROVIDER2 -------------+

PROVIDER1 gives me stable /64 prefix.

PROVIDER2 provides every time new /64 prefixes (seems they provide /47 network,
see below).

I want to configure the host (router) to use PROVIDER2 for any outgoing IPv6
connections (including traffic from LAN), except for addresses in PROVIDER1
network. On the other hand, I want to connect to the host and LAN hosts from
Internet by their addresses from PROVIDER1 and PROVIDER2.

The LAN hosts obtain IPv6 addresses from the router by RA (radvd). I could
advertise both prefixes but I stick with PROVIDER2 /64 network though some hosts
on LAN have static IPv6 addresses (besides obtained by RA) from PROVIDER1.

Technical details: PROVIDER1 is Hurricane Electric, so addresses of it are from
2001:470::/32 network. PROVIDER2 is local ISP provider, it provides IPv6
addresses unofficially (seems they are testing this feature), addresses are from
2a01:620::/32 network.

Other detail: despite the picture above I have actually one physical connection
to the provider (PROVIDER2) but the host has two "ethernet" devices: he-ipv6 and
ppp0. As PROVIDER1 gives me stable /64 network I use these addresses to connect
to the host and some LAN hosts from Internet.

I tried to follow instructions in section 4.2.1 Split access:

P1_NET=2001:470::/32
IF1=he-ipv6
IP1=<XXXX::2>
TAB1=HE
P1=<XXXX::1>

P2_NET=2a01:620::/32
IF2=ppp0
IP2=<ppp0 IPv6 address>
TAB2=RT
P2=<from ip -6 route>

<XXXX::1>: is HE server endpoint address,
<XXXX::2>: address on my side of tunnel.

<from ip -6 route>: fe80:: address obtained by ppp daemon.

I could be wrong with P1/P2 part but nevertheless I did following steps:

(copied from my shell script)

------------------------------- 8< --------------------------------

ip -6 route add ${P1_NET} dev ${IF1} src ${IP1} table ${TAB1}
ip -6 route add default via ${P1}               table ${TAB1}
ip -6 route add ${P2_NET} dev ${IF2} src ${IP2} table ${TAB2}
ip -6 route add default via ${P2}               table ${TAB2}

ip -6 route add ${P1_NET} dev ${IF1} # src ${IP1}
ip -6 route add ${P2_NET} dev ${IF2} # src ${IP2}

ip -6 route add default via ${P2}

# ip -6 rule add from ${IP1}/64 table ${TAB1}

------------------------------- 8< --------------------------------

After I run these commands I see that the host uses PROVIDER2 address to ping
external hosts (this means, I think, that outgoing packets go through it) but I
couldn't ping the host by address from PROVIDER1.

As I understand

ip -6 route add default via ${P2}

makes packets go through IF2 but that prevents access from PROVIDER1 address.

I think I should set default route by IF2 (ppp0) but must add special "rule" for
2001:470::/32 network. I did that and then I could ping the host by its address
from PROVIDER1 network (XXXX::2). But in either case I couldn't use IPv6 (even
ping) from LAN.

I would be glad if someone help me to figure out the problem so I could
configure the host as I desire (if such configuration doesn't look too weird).

---
WBR, Vladimir Lomov

-- 
PL/I -- "the fatal disease" -- belongs more to the problem set than to the
solution set.
		-- Edsger W. Dijkstra, SIGPLAN Notices, Volume 17, Number 5

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

next             reply	other threads:[~2020-12-11 13:28 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-11 13:28 Vladimir Lomov [this message]
2020-12-14  7:10 ` How to configure routing for two IPv6 providers Grant Taylor
2020-12-14  9:10 ` Erik Auerswald

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=X9Nz/3aQnQEkYv9h@smoon.bkoty.ru \
    --to=lomov.vl@yandex.ru \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).