From owner-freebsd-net@FreeBSD.ORG  Wed Mar 13 13:10:21 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 684D1BBA
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 13:10:21 +0000 (UTC)
 (envelope-from schrodinger@konundrum.org)
Received: from crux.konundrum.org (crux.konundrum.org
 [IPv6:2001:41d0:1:c74c::1])
 by mx1.freebsd.org (Postfix) with ESMTP id C9AD918A
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 13:10:20 +0000 (UTC)
Received: from crux.konundrum.org (localhost [127.0.0.1])
 by crux.konundrum.org (Postfix) with ESMTP id 347A11CD7F4
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 13:10:19 +0000 (GMT)
X-Virus-Scanned: amavisd-new at konundrum.org
Received: from crux.konundrum.org ([127.0.0.1])
 by crux.konundrum.org (crux.konundrum.org [127.0.0.1]) (amavisd-new,
 port 10024) with ESMTP id Be5J22jIs5mB for <freebsd-net@freebsd.org>;
 Wed, 13 Mar 2013 13:10:18 +0000 (GMT)
Received: from defiant.konundrum.org (defiant.konundrum.org
 [IPv6:2001:770:146:2::1])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by crux.konundrum.org (Postfix) with ESMTPS id 946931CD7F3
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 13:10:18 +0000 (GMT)
Received: from defiant.konundrum.org (localhost [127.0.0.1])
 by defiant.konundrum.org (8.14.5/8.14.5) with ESMTP id r2DDAH50018989
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 13:10:17 GMT
 (envelope-from schrodinger@konundrum.org)
Received: (from schrodinger@localhost)
 by defiant.konundrum.org (8.14.5/8.14.5/Submit) id r2DDAHwU018988
 for freebsd-net@freebsd.org; Wed, 13 Mar 2013 13:10:17 GMT
 (envelope-from schrodinger@konundrum.org)
X-Authentication-Warning: defiant.konundrum.org: schrodinger set sender to
 schrodinger@konundrum.org using -f
Date: Wed, 13 Mar 2013 13:10:17 +0000
From: Schrodinger <schrodinger@konundrum.org>
To: freebsd-net@freebsd.org
Subject: Re: ipv6 default router Operation not permitted
Message-ID: <20130313131016.GE17859@defiant.konundrum.org>
References: <20130312225018.GA13589@defiant.konundrum.org>
 <3ABB5AED-DEA9-42F6-82A1-FEA9E8BBBDCF@my.gd>
 <20130313091727.GA17859@defiant.konundrum.org>
 <201303131227.57751.Mark.Martinec+freebsd@ijs.si>
 <20130313125221.GD17859@defiant.konundrum.org>
 <B58DABE0-BB82-412D-82AB-C7C9AFD82F12@my.gd>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="zjcmjzIkjQU2rmur"
Content-Disposition: inline
In-Reply-To: <B58DABE0-BB82-412D-82AB-C7C9AFD82F12@my.gd>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 13:10:21 -0000


--zjcmjzIkjQU2rmur
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2013/03/13 14:02, Fleuriot Damien wrote:
>=20
> On Mar 13, 2013, at 1:52 PM, Schrodinger <schrodinger@konundrum.org> wrot=
e:
>=20
> > On 2013/03/13 12:27, Mark Martinec wrote:
> >=20
> > Hi Mark,
> >=20
> >> On Wednesday March 13 2013 10:17:27 Schrodinger wrote:
> >>> ifconfig_re0_ipv6=3D"inet6 2001:41D0:2:E7c4::1 prefixlen 64"
> >>> [...]
> >>> Voodoo, indeed... I'm sure there's a /48 used somewhere but to be more
> >>> specific, or rather obvious, my default gateway resides at the bounda=
ry
> >>> of a /56 - 2001:41D0:2:E700::/56
> >>=20
> >> Having multiple IPv6 subnets on the same wire is asking for trouble.
> >>=20
> >=20
> > This isn't my network so I don't have any input into the matter. This
> > is the OVH configuration for their dedicated servers, at least in my
> > product range.
> >=20
> >> For example, I believe an ICMP redirect still (in 9.1) does not create
> >> a temporary route:
> >>  http://www.freebsd.org/cgi/query-pr.cgi?pr=3D152791
> >> which beat us hard time (random unreachability between hosts),
> >> having to rearrange that legacy segment which happened to have
> >> two subnets on the same wire.
> >>=20
> >> The static routes destinations must be directly reachable (on-link).
> >>=20
> >=20
> > Does adding the interface route not put the default gateway on-link
> > though ?
> >=20
> >> Either use a single /56 for the whole LAN, adjusting the prefix
> >> length on each interface, or provide a router within each subnet.
> >>=20
> >=20
> > If I am to change my prefix length to /56 this means that anyone else in
> > that /56 who is configured with a prefix length of 64 will be routing to
> > me and I will be swicthing to them.... This could cause problems.
>=20
>=20
> I fail to see how they would be routing to you and you would be switching=
 to them.
>=20
>=20
> OVH allocates a /64 per customer.
> To avoid having to setup 1 gateway per customer, they set up a single one=
 within a /56 , allowing for 256 /64s
> This mimics the situation where your host gives you a /32 ipv4 withing a =
/24 network and uses a single gateway, again for 250ish customers.
>=20
> Whenever an IPv6 packet arrives on OVH's router for your /64, it is route=
d to your server.
> I don't see how this qualifies as "another customer routing to you" ?
>=20

I am informed that I must configure my interface to /64 by OVH. The same
as everyone else. So if everyone was on a /64 then we will send packets
to each other via our shared default gateway.

E.g.:

I am 2001:41d0:2:e7c4::1/64 My default gateway is
2001:41d0:2:e7ff:ff:ff:ff:ff

If I wanted to communicate with a host in 2001:41d0:2:e7c5::/64 and his
default gateway is also 2001:41d0:2:e7ff:ff:ff:ff:ff then we will route
packets to each other.

Correct?

If I were to change my interface prefix length to /56 my host would no
longer consider the need to send packets to the default gateway for any
host within this /56. I would simply perform Neighbour Solicitation on
my link.

E.g.:

I am 2001:41d0:2:e7c4::1/56 My default gateway is
2001:41d0:2:e7ff:ff:ff:ff:ff

If I wanted to communicate with a host in 2001:41d0:2:e7c5::/64 and his
default gateway is also 2001:41d0:2:e7ff:ff:ff:ff:ff then I would switch
to him because the /56 is "on-link" to me but to the recipient he must
route to me via his default gateway.

Correct?

C.
--=20
+---------------------------------------------------------------+
Quidquid latine dictum sit, altum sonatur.
MSN: schro5@hotmail.com
ICQ: 112562229
GPG: http://www.konundrum.org/schro.asc

--zjcmjzIkjQU2rmur
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iQIcBAEBCgAGBQJRQHq3AAoJEBBi7cjNKnTj9acP/0xpWygTCVqAi5YIrSX/kidR
doQyF9GfQyjFzuhtIPKEQiP38hNlA6pHr5k5ZGCsc7smou+CNWBeAplR32nHt2mm
NBu+yJbGpE3owpFnt+VDaix0LVdk4YYrohaaGZ/qpsjuPbj+hVW25PKLGmwDBsHp
R54lXeKMFIbzziop/LT1amZ2NVUhADhvO2mZJovVXa9NpCNOAczDCa6qX938zmTg
C9BxeBLoRrxksdy0ex66hGIz5QCyj8oLu1zX21pl2Kzs9cGSb45RmG87s4mOxmdv
ad3WOTpjqDv3byYoyNsteoQzjVpV3BH/o3gtYkSzzQgWv/FQD05EadOZo8mY95Zu
tLb43U6kpvd18we/+YmxErDUG2l87OiCBfBz9IXStyNKOJ5WuXXkOOw1pLUPTui6
vXKGexNhQigUg6tJuub+kiQAGk8Tfi1OOjSBgsrq2EGJ/X8C/Nbz7XhNP82OgfJ0
kmWWv4keyH6xhy3ZLTiBb+J4wubfTpttlxo4W+U3Ou0dimknqjLe0TfiLNYirmxy
SB8JfSWKpKlEuEZWBJ3GC3qAWHrLrqA2dUQfCiQP1SCr5C6JY4/PJSg/cP3M6IzC
4VdHGaW3u86zvEf4Xpq83IcTGWxlkANIjb05jjJr7iMitqYAmZdj8Akgfwm1DbLW
XK6QeNThglbqNcefGOxi
=+JyH
-----END PGP SIGNATURE-----

--zjcmjzIkjQU2rmur--