route conflict between subnet & laptop with its own tunnel
Shadow Hawkins on Wednesday, 13 January 2010 20:06:11
My home network has IPv6 via an AYIYA gateway and radvd.
My laptop also runs AYIYA for its own tunnel, since I don't only use it at home. This works fine, mostly.
The problem I am seeing is when I try to connect from a remote host (that gets IPV6 via 6to4 FWIW), in to the laptop's ipv6 address (as provided by its AYIYA tunnel). I was seeing TCP connections hang when trying to do this, but the laptop could open an outgoing connection in the other direction and that worked fine.
So the problem is the default route that radvd pushes out to my subnet. My laptop ends up with 2 IpV6 addresses, and 2 default route, like this:
default via 2001:4978:f:21a::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 0
default via fe80::214:fdff:fe30:14ae dev wlan1 proto kernel metric 1024 expires 1689sec mtu 1500 advmss 1440 hoplimit 64
Deleting the default route from radvd fixes the problem. I assume that my laptop was sending (some?) packets back out the wrong interface.
My question then is, what are those of us who have laptops with thier own tunnels, that might sometimes be on native or tunneled IPv6 networks supposed to do to avoid this type of problem? Looking at the other side of it, as the admin of the local IPv6 net, I don't want to cause trouble to others' such laptops -- what can I do?
(My radvd.conf has AdvRoutePreference high in it. Would low help?)
route conflict between subnet & laptop with its own tunnel
Jeroen Massar on Wednesday, 13 January 2010 20:47:43
One of the problems is that you will be causing asymmetric routing and if the provider of your connectivity properly does RPF checks (thus checking if the packets source address matches with what is supposed to be there), then connectivity will break. No, the solution is not to disable RPF, but to use proper source address). Source based routing is very tricky, bringing an interface down is much better solution. Yep, you will break TCP connections then, but those would break anyway because the packets can't be routed.
When my laptop is in a location where there is proper native IPv6 I use that and thus have AICCU disabled. The moment I come to a network without IPv6 I just fire up AICCU and presto, problem solved.
route conflict between subnet & laptop with its own tunnel
Jeroen Massar on Wednesday, 13 January 2010 20:47:55
One of the problems is that you will be causing asymmetric routing and if the provider of your connectivity properly does RPF checks (thus checking if the packets source address matches with what is supposed to be there), then connectivity will break. No, the solution is not to disable RPF, but to use proper source address). Source based routing is very tricky, bringing an interface down is much better solution. Yep, you will break TCP connections then, but those would break anyway because the packets can't be routed.
When my laptop is in a location where there is proper native IPv6 I use that and thus have AICCU disabled. The moment I come to a network without IPv6 I just fire up AICCU and presto, problem solved.
route conflict between subnet & laptop with its own tunnel
Shadow Hawkins on Wednesday, 13 January 2010 21:59:25
AdvRoutePreference low seems to have made my problem go away. Maybe. What you say makes me think it might break later though.
The only reason I would prefer not to bring AICCU down is that I want a static v6 IP for my laptop.
route conflict between subnet & laptop with its own tunnel
Jeroen Massar on Thursday, 14 January 2010 18:28:00
Well, it will break the moment you enter a network where that setting is not in effect.
As you are effectively avoiding the use of the local network routers, you might just want to disable accepting the router advertisement in the first place; then again, if you try to talk to local hosts you will be talking with quite some latency as you will be going over the internet to get back to the local hosts...
If you want a 'static' IP, I guess you better look into Mobile IPv6 or similar systems to solve the problem correctly.
Posting is only allowed when you are logged in. |