linux source address selection solution
Chris Caputo
ccaputo at alt.net
Wed Apr 29 05:08:00 CEST 2009
Here's a little linux tip. Hopefully it is of use to others. Apologies
if obvious.
Recent linux kernels follow RFC 3484 "Default Address Selection for
Internet Protocol version 6 (IPv6)".
In the case of a tie (ie., source address not decided by destination
subnet or other mechanisms), if you have multiple IPv6 addresses on an
interface, linux tends to use the last address added.
I prefer to have my source v6 address not be dependent on addition order,
but rather be more deterministic.
A way to do so is to set "preferred_lft" to zero, while "valid_lft" is
non-zero or "forever". Doing so results in the source address being
marked as deprecated, which means it won't be used if there are
alternatives on the interface, or a loopback address if not.
Loopback address is great for routers connected to exchange points because
it means you can deprecate your v6 exchange point address on the physical
interface and use a loopback as the source for any v6 connections. (no
more broken registry queries due to unrouted exchange point address
space!)
To experiment with this try on addresses you don't want to be selected as
a source:
ip addr change <ADDR> dev <DEV> preferred_lft 0
"ip -6 addr" should now show the address as being deprecated and
non-deprecated address(es) will be favored. To revert do "preferred_lft
forever" instead.
On Gentoo I found that the network startup scripts did not like the "_lft"
in "preferred_lft". Fortunately "ip addr add" allows you to drop that and
just use "preferred 0", ala:
config_eth0=(
"10.1.1.1/24" "2001:0db8::1/64"
"10.1.1.2/24" "2001:0db8::2/64 preferred 0"
)
Cheers,
Chris
More information about the ipv6-ops
mailing list