From owner-freebsd-net@FreeBSD.ORG Thu Sep 23 16:15:10 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B581210656A5; Thu, 23 Sep 2010 16:15:10 +0000 (UTC) (envelope-from bz=lists@zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 32CB28FC42; Thu, 23 Sep 2010 16:15:09 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id B9A7341C735; Thu, 23 Sep 2010 18:15:07 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ESkssv-M5d3O; Thu, 23 Sep 2010 18:15:07 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 1D25D41C72F; Thu, 23 Sep 2010 18:15:07 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7904D4448FA; Thu, 23 Sep 2010 16:15:03 +0000 (UTC) Date: Thu, 23 Sep 2010 16:15:03 +0000 (UTC) From: bz=lists@zabbadoz.net X-X-Sender: bz@maildrop.int.zabbadoz.net To: Hiroki Sato In-Reply-To: <20100924.004332.121072178.hrs@allbsd.org> Message-ID: <20100923160300.S31898@maildrop.int.zabbadoz.net> References: <6BE964C4-0838-4DA6-9278-12C620CA1EE1@bitmand.com> <20100924.004332.121072178.hrs@allbsd.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@FreeBSD.org, lasse@bitmand.com Subject: Re: Default gateway on different net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2010 16:15:10 -0000 On Fri, 24 Sep 2010, Hiroki Sato wrote: > Lasse Brandt wrote > in <6BE964C4-0838-4DA6-9278-12C620CA1EE1@bitmand.com>: > > la> 1) Is the hosting provider actually forcing me to do something "bad" > la> og plain wrong? > > In that situation normally you get an IP address in the /59 network > to communicate with the gateway router from ISP. An IP address in > your /64 network cannot directly communicate with an address in /59. > > If you do not have the /59 address, I think using link-local address > is the easiest way. As long as the gateway works correctly, you can > get its link-local address by using the following command: > > % ping6 ff02::2%re0 > PING6(56=40+8+8 bytes) fe80::XXXX:XXXX:XXXX:XXXX%re0 --> ff02::2%re0 > 16 bytes from fe80::YYYY:YYYY:YYYY:YYYY%re0, icmp_seq=0 hlim=64 time=0.525 ms > 16 bytes from fe80::YYYY:YYYY:YYYY:YYYY%re0, icmp_seq=1 hlim=64 time=0.312 ms > ^C > > Note that "XXXX:.." is your address on re0, and "YYYY:.." is the > gateway's. You do not need any configuration like assigning > 2a01:... address into re0 or static routes before performing this > ping. At least one router replies to this and displays its link-local > address. > > After that, you can add the default route to it: > > # route add -inet6 default fe80::YYYY:YYYY:YYYY:YYYY%re0 > > and configure your /64 address (2a01:...) to re0. The drawback with that is if the hosting provider changes the interface of your gateway, moves you to a different router, ... your default route stops working. Imho you do not get an address out of the /59 and to my memory the usually offered linux doesn't really care and even in the IPv4 happily arped for gateways on unconnected subnets happily, so I would assume it's probably the same for nd6 with that? What they usually do is to give you a pvlan (a private, per customer, vlan) so you could pick any address of the /59, which may or may not include your /64. As you do not want to put the /59 on-link though you may use the /64 or a /126 which includes the address of the router. The obvious drawback with that is that you have to make sure that the address isn't used with source address seclection to not run into troubles as it wouldn't be reachable from outside but only used for the kernel to properly find the on-link gateway. I guess the link-local one and risking a "service interruption" in case of router (interface) changes might be the most elegant one. One could even use a simple script that would update things automatically if needed. /bz PS: there is a private email in flight as well, as we know someone who has a working FreeBSD IPv6 setup at that hosting company. -- Bjoern A. Zeeb Welcome a new stage of life.