Automatic source routing
Emmanuel Thierry
ml at sekil.fr
Wed Sep 25 12:19:58 CEST 2013
Le 25 sept. 2013 à 11:40, Ole Troan a écrit :
>
>>>
>>> you need source address dependent routing (e.g. http://tools.ietf.org/html/draft-troan-homenet-sadr-01)
>>> I think the latest kernel has SADR working. enable CONFIG_IPV6_SUBTREES.
>>
>> I didn't know this draft, interesting.
>> About CONFIG_IPV6_SUBTREES, i already use it to mitigate this problem, but it is all but automatic. You need to implement an external daemon to listen to RAs and dynamically add source routing entries in order to enforce the kernel not to route on the bad interface.
>
> if you are brave (in a month or so you can be a little less brave) you can run this
> https://github.com/fingon
Thanks. Actually i work on a custom daemon which does a lot of more things (e.g. Mobile IPv6) so SADR policies are just one more thing among others ! ;)
>
>> What puzzles me is that the nexthop selection in the linux kernel:
>> * doesn't prefer a router which announces the prefix from which the source address has been generated (when i do a ping6 -I <slaac_eth2> <dest> )
>> * doesn't enforce the interface we bound to (when i do a ping6 -I eth2 <dest> )
>> ...whereas two equivalent routes exists ("default via <router1> dev eth1" and "default via <router2> dev eth2" ). Only the expiration time differs between these routes.
>>
>> Surprisingly, even the following ping doesn't succeed to enforce the output interface on my setup:
>> $ ping6 -r -I "<slaac_eth2>%eth2" <dest>
>>
>> This is what sounds weird to me. If this is the actual kernel behaviour, i think we might need to enforce the nexthop selection to prefer the interface corresponding to the source address of the packet (when the packet is locally generated).
>
> isn't that the great thing with Linux, just get your coding hat on. ;-)
Before having to do that i wanted some confirmation. ;)
Moreover the routing code in linux, in particular the fib part, isn't so easy to understand.
One more thing, which make me think about a bug. If i cleanup the routing cache between each test, the following works (i don't works if routing cache entries exist via eth1):
$ ping6 -I "<slaac_eth2>%eth2" <dest>
I take it as a first thing to report on linux-netdev, what i will probably do soon.
Best regards
Emmanuel Thierry
More information about the ipv6-ops
mailing list