Multi-home IPv6

Forum » Discussions / General » Multi-home IPv6

Started by:

docbill
Date: 14 Jul 2014 01:48
Number of posts: 1

RSS: New posts

Summary:

Describe a way to implement multi-home ipv6

Unfold All Fold All More Options

Fold

Multi-home IPv6

docbill 14 Jul 2014 01:48

This is one of those things you expect to work out of the box, since IPv6 is supposedly designed to be multi-homed. But if you have two routers with two different ISP's, and two different IPv6 networks, you are guarenteed to have problems when each host in your network picks up an address from each network and a default route from each network. You see what will happen is your kernel will select a randomly from the two IPv6 addresses and then pick randomly from two different routes. As a consiquence, 50% of the traffic will go to the wrong router to route the packets. Even worse, once the values are choisen for a session, those are the values that will continued to be use. So once you get failure, you get 100% failure.

If you google for a esolution you'll find many theoritical articles, and people basically trying to sell you specialized hardware. However, i turns out the solution is really really simple. Just add a rule to each router that redirects the mis-directed traffic to the other router…

e.g. Change the addresses in the following scripts to your network addresses and add it to code invoked when an ipv6 connection is made.

[code]
#!/bin/sh
if [ $(uname -n') = router1 ]
ipv6_rtr_addr2=fe80::beae:c5ff:fcc8:b5e
ipv6_tun_addr2=2001:4ff:1d:fa2::
else
ipv6_rtr_addr2=fe80::4a5b:39dd:fe25:fe
ipv6_tun_addr2=2001:4ff:1d:1f6::
fi
ip -6 route del "$ipv6_tun_addr2/64" dev br0 2»/dev/null
ip -6 rule del from "$ipv6_tun_addr2/64" lookup 1 2»/dev/null
ip -6 route del table 1 default via "$ipv6_rtr_addr2" dev br0 2»/dev/null

ip -6 route add "$ipv6_tun_addr2/64" dev br0 metric 256 mtu 1480 advmss 1420
ip -6 rule add from "$ipv6_tun_addr2/64" lookup 1
ip -6 route add table 1 default via "$ipv6_rtr_addr2" dev br0
[/code]

Another trick that helps is do not use radvd to send your advertisements, but instead use dnsmasq with a fairly short time to live. That way if one of your routers is taking off line, you'll only have a short while to wait before device stop trying to use the broken route. e.g.

[code]
dhcp-range=tag:br0,::1,::ffff, constructor:br0,ra-stateless,64, 10m
enable-ra
[/code]

Walla. You now have your load between the two connections fairly well balanced, and if a connection drops clients recover in 10 minutes or less without the need for manual intervention.

Far from perfect, as you still have 50% of the traffic passing through both routers. But definitely a step in the right direction.

Bill

Options

Unfold Multi-home IPv6 by

docbill, 14 Jul 2014 01:48

New Post

TomatoUSB

Unleash your router