[ipv6hackers] IPv6 source address selection on Linux
ssmeenk at freshdot.net
Thu Jul 19 15:09:55 CEST 2012
Could someone provide me with clue on how i can force traffic on my
server going to 2001:db8::1 to *always* source from the configured ULA
address fded:e128:5900::1 ?
In fact i want source based routing like i do in IPv4 land, like this:
| # ip addr add 10.38.80.1/24 dev eth0
| # ip route add 10.38.80.0/24 dev eth0 src 10.38.80.1 table 1
| # ip route add default via 10.38.80.254 table 1
| # ip rule add from 10.38.80.0/24 lookup 1
| # ip route add 213.136.x.y/32 dev eth0 src 10.38.80.1
It appears i can't do the "src fded:ed128:5900::1"-trick for v6 routes
and all i could find on this was /etc/gai.conf to fiddle with RFC3484
Now there's really a lot of references TO that RFC but i was unable to
find any workable examples on how to set this up. Fiddling with
prefered_lft on the v6 address won't work either in this situation.
The problem i'm trying to fix:
I have a server behind a loadbalancer, the loadbalancer uses 10.x.x.x/8
and fded:e128:5900:x::/64 IPs to forward traffic to this node, and this
node needs to talk to the loadbalancer's public facing VIP to access the
platform in a loadbalanced manner and binding the VIP to the
lo-interface on the node is not feasible due to expected load then going
to that one server.
In IPv4 land the rp_filter drops traffic with an incorrect source, this
is fixed with the above quoted SBR-setup, i failed to achieve the same
with IPv6 and have now firewalled IPv6 traffic so that connections
switch to IPv4 instead. Not nice. :)
| 0 bottles of beer on the wall, 0 bottles of beer, you take 1 down,
| pass it around, 4294967295 bottles of beer on the wall.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
More information about the Ipv6hackers