[ipv6hackers] IPv6 source address selection on Linux
Jim Small
jim.small at cdw.com
Mon Jul 23 06:01:26 CEST 2012
Actually just noticed that Joe Davies published Understanding IPv6, 3e. BTW - I can't recommend this book highly enough, especially if you use/deal with Windows. Anyway, according to this, Ch 9 Example of Using Address Selection seems to imply that ULAs are considered different scope from GUAs pretty much confirming my speculations below. Since the IPv6 community seems to be somewhat closely knit it wouldn't surprise me to see this behavior in BSD/Linux too but you'd have to test to know for sure.
--Jim
> -----Original Message-----
> From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-
> bounces at lists.si6networks.com] On Behalf Of Jim Small
> Sent: Sunday, July 22, 2012 10:11 PM
> To: IPv6 Hackers Mailing List
> Subject: Re: [ipv6hackers] IPv6 source address selection on Linux
>
> Hi Sander,
>
> I have mixed news for you. I can't achieve what you want with a ULA (bad
> news), but I can achieve it with another GUA.
> Note: I tested with Windows 7 - Linux may yield different results.
>
> Here's my default prefix policy table in Windows 7 (Microsoft's
> implementation of RFC 3484):
> Precedence Label Prefix
> ---------- ----- --------------------------------
> 50 0 ::1/128
> 40 1 ::/0
> 30 2 2002::/16
> 20 3 ::/96
> 10 4 ::ffff:0:0/96
> 5 5 2001::/32
>
> I have a ULA address and a GUA:
> 2001:470:c4e8:1::/64
> fd01:0:0:1::/64 (illegally created address for example purposes only)
>
> If I alter my prefix policy table like this it doesn't work:
> Precedence Label Prefix
> ---------- ----- --------------------------------
> 70 6 fd01:0:0:1::/64
> 60 6 2001:470:c4e8:2::/64
> 50 0 ::1/128
> 40 1 ::/0
> 30 2 2002::/16
> 20 3 ::/96
> 10 4 ::ffff:0:0/96
> 5 5 2001::/32
>
> However, if I add a different GUA - 2004:1:2:3::/64 and add that to the prefix
> policy table:
> Precedence Label Prefix
> ---------- ----- --------------------------------
> 80 6 2004:1:2:3::/64
> 70 6 fd01:0:0:1::/64
> 60 6 2001:470:c4e8:2::/64
> 50 0 ::1/128
> 40 1 ::/0
> 30 2 2002::/16
> 20 3 ::/96
> 10 4 ::ffff:0:0/96
> 5 5 2001::/32
>
> This works as you desire - when I access something with a prefix of
> 2001:470:c4e8:2::/64 (destination) Windows uses an address with the prefix
> 2004:1:2:3::/64 (source). For any other IPv6 prefix (destination) it uses
> 2001:470:c4e8:2::/64 (source).
>
> This makes me suspect at least in Windows that ULA addresses aren't treated
> as having the same scope. From looking at the 3484 rules:
>
> Destination Address Selection - N/A, we have chosen the destination
> address.
>
> Source Address Selection:
> (N/A) 1. Prefer the same address - If the a source address = the destination
> address, prefer it
> (Susp) 2. Prefer appropriate scope - Use the address with the same/closest
> scope
> (N/A) 3. Avoid deprecated addresses - Prefer "preferred" addresses
> (N/A) 4. For Mobile IP Addresses (...)
> (Poss) 5. Prefer outgoing interface - Use the interface that will be chosen
> give the destination
> (Yes) 6. Prefer matching label - If a source address has a matching label
> (from the policy table) to the destination address, prefer it
> 7. Prefer public addresses - Prefer public addresses over temporary
> addresses (there should be a way to reverse this too)
> 8. Use the longest matching prefix - Starting from the left most bit,
> prefer the address that has the most bits in common with the destination
> address
>
>
> So I suspect what's happening with my Windows box is ULAs aren't making it
> past step 2. In other words, Windows doesn't treat ULA as having the same
> scope as GUAs. However, I freely admit that this is conjecture on my part. In
> Linux you have the advantage of being able to look through the source
> code...
>
> Where it is working I'm hitting Rule 6 - I set the destination and source
> prefixes/addresses to have the same label number (6 in the example above).
>
> I also mention rule 5 because if you can use two interfaces on the server in
> your case and can put the ULA on one and the GUA on the other then I
> believe you can solve your issue with routing which will use rule 5 in your
> favor.
>
>
> Sorry this isn't exactly what you wanted but hope it helps,
> --Jim
>
>
> > -----Original Message-----
> > From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-
> > bounces at lists.si6networks.com] On Behalf Of Sander Smeenk
> > Sent: Thursday, July 19, 2012 11:08 AM
> > To: ipv6hackers at lists.si6networks.com
> > Subject: Re: [ipv6hackers] IPv6 source address selection on Linux
> >
> > Quoting Romain Boissat (rboissat at lv0.in):
> >
> > > Well in that case, I can only think of iproute2 policy routing on the
> > > server with two routing tables and several rules to select the right
> > > routing table depending on source and destination prefixes. You should
> > > check that your current kernel supports multiple IPv6 routing tables,
> > > though.
> >
> > Yes. Like i do with IPv4, see my original mail.
> >
> > BUT, even though i specify 'src fded:e128:5900::1', this does *NOT* end
> > up in the routing table (like it does for IPv4). *PLEASE* try this
> > yourself.
> >
> > I've been there long before i mailed this list for help.
> >
> > I'm fairly certain i need to fiddle with gai.conf and label / preference
> > settings - but there is no information on what i should put in there to
> > get the behaviour as described:
> >
> > - source from fded:e128:5900::1 *ONLY* for traffic to 2001:db8::1
> > - source from public routable v6 address for anything else
> >
> > -Sndr.
> > --
> > | When a clock is hungry it goes back four seconds.
> > | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
> > _______________________________________________
> > Ipv6hackers mailing list
> > Ipv6hackers at lists.si6networks.com
> > http://lists.si6networks.com/listinfo/ipv6hackers
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
More information about the Ipv6hackers
mailing list