Ipv6 Routing (from hell)
Bernhard Schmidt
berni at birkenwald.de
Thu Mar 27 11:56:22 CET 2008
Hi Michael,
interesting, we were discussing this issue just yesterday for another
wireless mesh network. The situation is not easy.
> In the case of IPv6, you aren't behind nat, but G1, G2, G3 have to
> announce to somewhere, using something, that they all can route the
> network behind them.
[...]
> What do you use to route this? Is BGP a must? Can you even use
> BGP for subnets on a tunneled connection?
You can (of course), but no-one (sane) outside will accept /64s
deaggregated, through different ISPs even. And you don't get BGP through
consumer lines.
> 1) Every client/router within the network gets a unique IP/64 from each
> of the gateways, which are each routing that from a delegated /48 on the tunnel.
> (so in this case of 3 gateways, each client would have their link local and 3 IPs)
> When a gateway dies that whole IP/64 network also dies (is there a routing de-announcement?)
> mentally, the effect is the same as the NAT reset for existing connections,
> but I'm not sure if this would even work. If I'm on multiple networks,
> my client source address is generally going to be on that network, right?
This will be difficult, as your either need to engage in source based
routing or need to influence the client stack to use the prefix of the
closest (=used) gateway. Otherwise the packet it sends should be
discarded by the ISP (uRPF).
> 3) There are multiple tunnels to the tunnel broker, but all are routing the
> same /48. which then decides where to
> send subsets of the /48 based on (some) set of oslr statistical feedback via whatever
> protocol, presumably BGP. Who listens? Does any tunnel broker do this?
This was an idea I had as well. I don't think any public tunnelbroker
can or will offer this, so my idea was to put some colocated equipment
somewhere into a datacenter which has the /48 routed. This one then
forms some form of routing protocol (OLSR? BGP?) with the mesh network
and delivers IPv6 through tunnels.
Ugly ... no way to go native here, and a SPOF (which can be made
redundant, but whats the point).
The fourth idea would be running ULA inside and NAT (again) on the
gateway. There are some implementations out there (*BSD's pf), 1:1 NAT
(no PAT) should be fairly easy to implement on Linux 2.4 and 2.6, as you
don't even need connection tracking (just rewriting the first 48 bits in
the address is enough). This gives you all disadvantages of NAT again
(protocols that carry the IPv6 address in the payload for any reason
will be broken, connections will reset if the gateway changes, inbound
connections are hard to do) but it matches the way you do things in IPv4.
I don't have any better idea at the moment.
Bernhard
More information about the ipv6-ops
mailing list