Using the local ipv6 tunnel endpoint as source address for outgoing packets?
Shadow Hawkins on Friday, 28 March 2003 19:15:00
Hi,
I have a tunnel and range at SixXS, which are both working wonderfully. However, I noticed that when I send packets over ipv6 from the machine acting as a router, the source address of those packets is the local ipv6 endpoint address of my tunnel.
I seem to remember having read that that's a bad idea, though I can't find any reference to that anymore (it'd make sense though).
Is there any way I can set up my (debian linux) router machine to use an address in my range instead of the local ipv6 tunnel endpoint address? Any pointers greatly appreciated :).
Regards,
Arnout
Using the local ipv6 tunnel endpoint as source address for outgoing packets?
Carmen Sandiego on Saturday, 29 March 2003 23:12:09
I would like something like that aswell.
I've finally managed to get my /48 and radvd to provide ipv6 internet access to all computers on my LAN.
But when I i.e ssh to a remote IPv6 enabled machine I run into this problem aswell.
Even due my LAN machines got IPs from my /48 it shows my IPv6 tunnel endpoint in the remote machines logs :?
It kinda looks like NAT of somekind...
Using the local ipv6 tunnel endpoint as source address for outgoing packets?
Shadow Hawkins on Monday, 07 April 2003 09:27:10
Just adding an IP6 address to your tunnelinterface after setting it up works fine for me...
For instance:
/sbin/ip addr add 3ffe:8114:2000:1234::1/128 dev sixxs
I noticed the public IP used will be the last address you added to the interface.
Hope this helps.
Cheers
Mark
Using the local ipv6 tunnel endpoint as source address for outgoing packets?
Jeroen Massar on Monday, 07 April 2003 16:54:36
That indeed 'solves' the problem, but it is a result of a side effect of the 'default address selection' routines as implemented in the default linux branch. There is some work being done to allow a 'loopback' IP to be set so that new outgoing connections from a machine will always use that IP.
Do note that upstreams filter prefixes not belonging to them.
Btw: there is no problem in using the tunnelendpoints as they are globally routable. Though ofcourse if one uses unnumbered tunnels that won't work.
Using the local ipv6 tunnel endpoint as source address for outgoing packets?
Shadow Hawkins on Monday, 05 May 2003 10:39:17
Reading rfc3484, it looks like that if the default address selection implementation follows the rfc (and yes, that's a big if :)), there will not be a problem with tunnels having non-global-scope addresses:
-startquote-
if Scope(SA) < Scope(SB): If Scope(SA) < Scope(D), then prefer SB
and otherwise prefer SA. Similarly, if Scope(SB) < Scope(SA): If
Scope(SB) < Scope(D), then prefer SA and otherwise prefer SB.
-endquote-
(SA = first candidate source address, SB = second candidate source address, D = destination address)
In other words, when connecting to a global-scope address, if both a global-scope and a non-global-scope address is available, the algorithm will choose the global-scope address.
Posting is only allowed when you are logged in. |