[ipv6hackers] IPv6 source address selection on Linux

Sander Smeenk ssmeenk at freshdot.net
Thu Jul 19 15:09:55 CEST 2012

Hi, [try3,nogpg]

Could someone provide me with clue on how i can force traffic on my
server going to 2001:db8::1 to *always* source from the configured ULA
address fded:e128:5900::1 ?

In fact i want source based routing like i do in IPv4 land, like this:
| # ip addr add dev eth0
| # ip route add dev eth0 src table 1
| # ip route add default via table 1
| # ip rule add from lookup 1
| # ip route add 213.136.x.y/32 dev eth0 src

It appears i can't do the "src fded:ed128:5900::1"-trick for v6 routes
and all i could find on this was /etc/gai.conf to fiddle with RFC3484
Address Selection.

Now there's really a lot of references TO that RFC but i was unable to
find any workable examples on how to set this up. Fiddling with
prefered_lft on the v6 address won't work either in this situation.

The problem i'm trying to fix:

I have a server behind a loadbalancer, the loadbalancer uses 10.x.x.x/8
and fded:e128:5900:x::/64 IPs to forward traffic to this node, and this
node needs to talk to the loadbalancer's public facing VIP to access the
platform in a loadbalanced manner and binding the VIP to the
lo-interface on the node is not feasible due to expected load then going
to that one server.

In IPv4 land the rp_filter drops traffic with an incorrect source, this
is fixed with the above quoted SBR-setup, i failed to achieve the same
with IPv6 and have now firewalled IPv6 traffic so that connections
switch to IPv4 instead. Not nice. :)

Any clue?

With regards,
| 0 bottles of beer on the wall, 0 bottles of beer, you take 1 down,
| pass it around, 4294967295 bottles of beer on the wall.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2

More information about the Ipv6hackers mailing list