Ipv6 Routing (from hell)

Bernhard Schmidt berni at birkenwald.de
Thu Mar 27 11:56:22 CET 2008 

Hi Michael,

interesting, we were discussing this issue just yesterday for another 
wireless mesh network. The situation is not easy.

> In the case of IPv6, you aren't behind nat, but G1, G2, G3 have to
> announce to somewhere, using something, that they all can route the 
> network behind them. 

[...]

> What do you use to route this? Is BGP a must? Can you even use
> BGP for subnets on a tunneled connection?

You can (of course), but no-one (sane) outside will accept /64s 
deaggregated, through different ISPs even. And you don't get BGP through 
consumer lines.

> 1) Every client/router within the network gets a unique IP/64 from each
> of the gateways, which are each routing that from a delegated /48 on the tunnel.
>  (so in this case of 3 gateways, each client would have their link local and 3 IPs)
>  When a gateway dies that whole IP/64 network also dies (is there a routing de-announcement?)
>  mentally, the effect is the same as the NAT reset for existing connections,
>  but I'm not sure if this would even work. If I'm on multiple networks,
>  my client source address is generally going to be on that network, right?

This will be difficult, as your either need to engage in source based 
routing or need to influence the client stack to use the prefix of the 
closest (=used) gateway. Otherwise the packet it sends should be 
discarded by the ISP (uRPF).

> 3) There are multiple tunnels to the tunnel broker, but all are routing the
>   same /48. which then decides where to
>   send subsets of the /48 based on (some) set of oslr statistical feedback via whatever
>   protocol, presumably BGP.  Who listens? Does any tunnel broker do this?

This was an idea I had as well. I don't think any public tunnelbroker 
can or will offer this, so my idea was to put some colocated equipment 
somewhere into a datacenter which has the /48 routed. This one then 
forms some form of routing protocol (OLSR? BGP?) with the mesh network 
and delivers IPv6 through tunnels.

Ugly ... no way to go native here, and a SPOF (which can be made 
redundant, but whats the point).

The fourth idea would be running ULA inside and NAT (again) on the 
gateway. There are some implementations out there (*BSD's pf), 1:1 NAT 
(no PAT) should be fairly easy to implement on Linux 2.4 and 2.6, as you 
don't even need connection tracking (just rewriting the first 48 bits in 
the address is enough). This gives you all disadvantages of NAT again 
(protocols that carry the IPv6 address in the payload for any reason 
will be broken, connections will reset if the  gateway changes, inbound 
connections are hard to do) but it matches the way you do things in IPv4.

I don't have any better idea at the moment.

Bernhard

More information about the ipv6-ops mailing list