linux source address selection solution
ccaputo at alt.net
Wed Apr 29 05:21:58 CEST 2009
One last thing - addresses marked as deprecated are still perfectly usable
for receiving packets or for manually being specified as a source. (ie.
ping6 -I <addr>)
They just aren't included in the source address selection algorithm.
On Wed, 29 Apr 2009, Chris Caputo wrote:
> Here's a little linux tip. Hopefully it is of use to others. Apologies
> if obvious.
> Recent linux kernels follow RFC 3484 "Default Address Selection for
> Internet Protocol version 6 (IPv6)".
> In the case of a tie (ie., source address not decided by destination
> subnet or other mechanisms), if you have multiple IPv6 addresses on an
> interface, linux tends to use the last address added.
> I prefer to have my source v6 address not be dependent on addition order,
> but rather be more deterministic.
> A way to do so is to set "preferred_lft" to zero, while "valid_lft" is
> non-zero or "forever". Doing so results in the source address being
> marked as deprecated, which means it won't be used if there are
> alternatives on the interface, or a loopback address if not.
> Loopback address is great for routers connected to exchange points because
> it means you can deprecate your v6 exchange point address on the physical
> interface and use a loopback as the source for any v6 connections. (no
> more broken registry queries due to unrouted exchange point address
> To experiment with this try on addresses you don't want to be selected as
> a source:
> ip addr change <ADDR> dev <DEV> preferred_lft 0
> "ip -6 addr" should now show the address as being deprecated and
> non-deprecated address(es) will be favored. To revert do "preferred_lft
> forever" instead.
> On Gentoo I found that the network startup scripts did not like the "_lft"
> in "preferred_lft". Fortunately "ip addr add" allows you to drop that and
> just use "preferred 0", ala:
> "10.1.1.1/24" "2001:0db8::1/64"
> "10.1.1.2/24" "2001:0db8::2/64 preferred 0"
More information about the ipv6-ops