[Resolved] IPv6 /48 routed trough /64 interconnection
-
Of course it can. If you know it.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.We are talking about a specific case where the ISP needs to route a /48 to a WAN interface at the customer.
The ISP does not know the WAN link-local address.
See Also: HE.NET GIF interfaces. Same thing.
-
We are talking about a specific case where the ISP needs to route a /48 to a WAN interface at the customer.
No matter what it's routing, it needs an IP address on a multipoint link. That can be link local. I provided my default gateway earlier, but here it is again:
default fe80::217:10ff:fe9 UGS re0Notice that it's link local. This is on a cable modem connection, with the modem in bridge mode. Using Wireshark, I discovered that my IPv6 gateway has the same MAC as shown for IPv4 in the arp cache. So, I am using a link local address for the gateway. Don't forget, IPv6 can use things like neighbour advertisements to announce their IPv6 address and I can see those on the WAN link. As mentioned, I am on a cable modem. It uses DHCPv6 to get it's WAN global address. But DHCPv6 uses ICMPv6, using the link local address to reach the server. So, with that mechanism, the server has the MAC address and link local address. It will also have the DUID, as provided by the DHCPv6 client. The ISP now has the link local address to use to forward the /48.
See Also: HE.NET GIF interfaces. Same thing.
He.net uses a point to point tunnel to carry IPv6 and therefore does not need any IP address. However, this is a bit different situation, where the link has to be configured over IPv4. The configuration tells the he.net router which link to use for the /48.
This is one of the areas where IPv6 is different from IPv4. It has the link local address which is used for so much in configuring networks etc. No need for ARP. DHCP is often used to provide addresses other than for an interface, though that can happen too. It also has things like router and neighbour advertisements and requests and so much more. It makes some things a lot easier than IPv4.
BTW, I just used Packet Capture to look at my WAN interface. I see neighbour solicitations and advertisements using link local addresses, not global, even though that interface has a global address.
Also, how do you display the neighbour MAC addresses for IPv6 addresses in pfsense. With Linux, the command ip -6 neigh show does it and with FreeBSD it should be npd -a, but that command is not available with pfsense.
-
Now reverse the roles. You are the ISP who needs to route a static /48 to a user. Do you route it to fe80::217:10ff:fe9 Or do you assign the end user a unicast address on their WAN interface and route to that? You cannot use DHCP6 and you cannot use SLAAC. What do you do?
-
Ding Ding Ding - and we have a winner ;)
-
Internet-Draft IPv6 Design Choices October 2016 2.3. Static Routes 2.3.1. Link-Local Next-Hop in a Static Route? For the most part, the use of static routes in IPv6 parallels their use in IPv4. There is, however, one exception, which revolves around the choice of next-hop address in the static route. Specifically, should an operator: a. Use the far-end's link-local address as the next-hop address, OR b. Use the far-end's GUA/ULA address as the next-hop address? Recall that the IPv6 specs for OSPF [RFC5340] and ISIS [RFC5308] dictate that they always use link-locals for next-hop addresses. For static routes, [RFC4861] section 8 says: A router MUST be able to determine the link-local address for each of its neighboring routers in order to ensure that the target address in a Redirect message identifies the neighbor router by its link-local address. For static routing, this requirement implies that the next-hop router's address should be specified using the link-local address of the router. This implies that using a GUA or ULA as the next hop will prevent a router from sending Redirect messages for packets that "hit" this static route. All this argues for using a link-local as the next-hop address in a static route. However, there are two cases where using a link-local address as the next-hop clearly does not work. One is when the static route is an indirect (or multi-hop) static route. The second is when the static route is redistributed into another routing protocol. In these cases, the above text from RFC 4861 notwithstanding, either a GUA or ULA must be used. Furthermore, many network operators are concerned about the dependency of the default link-local address on an underlying MAC address, as described in the previous section. **Today most operators use GUAs as next-hop addresses.** Matthews & Kuarsingh Expires May 1, 2017 [Page 8] -
Now reverse the roles. You are the ISP who needs to route a static /48 to a user. Do you route it to fe80::217:10ff:fe9 Or do you assign the end user a unicast address on their WAN interface and route to that? You cannot use DHCP6 and you cannot use SLAAC. What do you do?
Routing is always to the next hop. The routing tables point to the next closest router to the destination, always. No exception. The router simply needs to know the exit interface. The address in the routing table is simply used to determine which interface that is. Always.
The ISP has the link local and MAC address of the end user and may have an IPv6 WAN address. When a packet for the end user network arrives, the router looks up the interface to send it out to go to that network. It uses an IP address, could be either link local or global address to determine the interface. The packet is then sent out that interface to the customer's router, where it will be forwarded to the local LAN. This is how routing works at every single step of the way. The packets are simply sent out the interface that will take it closer to the destination. It makes no difference whether it's another router that's directly connected, a router connected via cable modem or DSL etc. It's just pushing packets out the correct interface and the addresses of all the routers in between are irrelevant. They do not appear in the routing tables. And no, the link local address is not routed and I've never claimed that. It's just irrelevant, except when used to determine the exit interface. Let's take this a step further and include MAC addresses. That's what IP addresses eventually resolve to on directly connected links. Do you route according to MAC address when sending to a network several hops away? No you don't. You also don't route to any router IP address along the way. You simply follow a route hop by hop to the destination network, as determined by the routing table. As I've mentioned, you don't even need an IP or even MAC address, if using a point to point link, as the interface alone is enough to get the right direction.
Would you like me to suggest some books from Cisco that cover all this?
-
However, there are two cases where using a link-local address as the
next-hop clearly does not work. One is when the static route is an
indirect (or multi-hop) static route. The second is when the static
route is redistributed into another routing protocol. In these
cases, the above text from RFC 4861 notwithstanding, either a GUA or
ULA must be used.I assume this is the relevant section you're referring to. It lists exception to the rule. The 2nd would seem to apply to something like converting between IPv4 and IPv6, The other is simply recursive routing, where you have to go through the same processes repeatedly, until you work down to the next hop.
Furthermore, many network operators are concerned about the
dependency of the default link-local address on an underlying MAC
address, as described in the previous section.For this, you'd need to know what the issues are. It does not say link local cannot be used, but might not.
-
Now reverse the roles. You are the ISP who needs to route a static /48 to a user. Do you route it to fe80::217:10ff:fe9 Or do you assign the end user a unicast address on their WAN interface and route to that? You cannot use DHCP6 and you cannot use SLAAC. What do you do?
Routing is always to the next hop. The routing tables point to the next closest router to the destination, always. No exception. The router simply needs to know the exit interface. The address in the routing table is simply used to determine which interface that is. Always.
The ISP has the link local and MAC address of the end user and may have an IPv6 WAN address. When a packet for the end user network arrives, the router looks up the interface to send it out to go to that network. It uses an IP address, could be either link local or global address to determine the interface. The packet is then sent out that interface to the customer's router, where it will be forwarded to the local LAN. This is how routing works at every single step of the way. The packets are simply sent out the interface that will take it closer to the destination. It makes no difference whether it's another router that's directly connected, a router connected via cable modem or DSL etc. It's just pushing packets out the correct interface and the addresses of all the routers in between are irrelevant. They do not appear in the routing tables. And no, the link local address is not routed and I've never claimed that. It's just irrelevant, except when used to determine the exit interface. Let's take this a step further and include MAC addresses. That's what IP addresses eventually resolve to on directly connected links. Do you route according to MAC address when sending to a network several hops away? No you don't. You also don't route to any router IP address along the way. You simply follow a route hop by hop to the destination network, as determined by the routing table. As I've mentioned, you don't even need an IP or even MAC address, if using a point to point link, as the interface alone is enough to get the right direction.
Would you like me to suggest some books from Cisco that cover all this?
All this assumes that everyone is using proper transfer networks that have no other hosts on them meaning they have an obvious "next hop" and the packets sent from the other end of the "pipe" have no other route to take other than the router at the other end. This doesn't hold when you're dealing with amateurs/hobbyists that like to be creative and don't care about proper topology in their networks.
-
Dude. NOBODY is saying link-local cannot be used. What is your problem?
-
Dude. NOBODY is saying link-local cannot be used. What is your problem?
You seemed to be implying that a routeable address was needed to reach the customer.
Now reverse the roles. You are the ISP who needs to route a static /48 to a user. Do you route it to fe80::217:10ff:fe9 Or do you assign the end user a unicast address on their WAN interface and route to that? You cannot use DHCP6 and you cannot use SLAAC. What do you do?
BTW, to answer the question, beyond DHCPv6 and SLAAC, the customer would likely have their own prefix, which the ISP will route to. This is often done using OSPF or at least knowing what's at the other end of the connection. I have set up several routers for business customers where all the info is provided. The customer would then be connected to the ISP via fibre. In this instance, it's just a matter of configuring the routing, based on the info provided. The ISP knows that the customer and only the customer is at the other end of the fibre. They also know the customers prefix, either because they provided it or the customer advised them. Also, in the case of a tunnel, as you mentioned, there is already some means to identify the customer. With he.net, it's account configuration. With the provider I used to use, it was my login ID. Also, as I mentioned, point to point links, such as he.net or VPN don't even need an address.
Don't forget, routing is all about finding the next hop to a network. All the router needs to know is the best way to get there. It does not need to know the IP address of any router beyond the next one. Now, at the ISP router, an IP address may be needed, as in the case of my cable modem. Why is it necessary for that to be a routeable address, as you seem to imply, when it's only going to be used over the link directly between the ISP's and customer's routers? At that level, the IP address is resolved to a MAC address, to use over that link. The IP address of the customer's router is irrelevant beyond the ISP's gateway router.
Take a look at your default gateway and tell me what you see. As I said before, mine's a link local address. The MAC for that link local address is the same as shown in the arp cache for the IPv4 default gateway. And ultimately, it's the MAC address that's used to carry the traffic to the router.
-
You seemed to be implying that a routeable address was needed to reach the customer.
What part of:
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.
Of course you can route to a link-local address.Did you not understand?
-
All this assumes that everyone is using proper transfer networks that have no other hosts on them meaning they have an obvious "next hop" and the packets sent from the other end of the "pipe" have no other route to take other than the router at the other end. This doesn't hold when you're dealing with amateurs/hobbyists that like to be creative and don't care about proper topology in their networks.
I'm not quite sure what you're getting at, other than some users may be clueless about how networks work. On point to point networks, all that's needed is the interface, as there's only one device beyond it. On multipoint networks, such as Ethernet, a MAC address is needed to identify the individual devices on the shared network. An IP address is only used to determine, via ARP or neighbour solicitation, the MAC address of the destination.
In large networks, routers may have multiple interfaces and possibly multiple routes to a destination. It uses the routing tables to determine the best interface to forward the packet over. That's all it does, find the best next hop to a destination.
-
Did you not understand?
Please go back and look at the times when you said a link local address could not be used. I quoted one of them. Perhaps I don't understand because you said one thing at one time and something else at another.
Here's another quote:
There is no way to know the link-local address of the next hop in this case.
As I showed, there is what to know, whether it's via DHCPv6 or manual configuration or whatever. I also showed that my ISP has no problem working with a link local address.
-
"Please go back and look at the times when you said a link local address could not be used."
Where did Derelict ever say that link-local can never be used?
He did clearly point out the RFC that clearly states 2 scenario's where they do not work.
"However, there are two cases where using a link-local address as the
next-hop clearly does not work. One is when the static route is an
indirect (or multi-hop) static route. The second is when the static
route is redistributed into another routing protocol. In these
cases, the above text from RFC 4861 notwithstanding, either a GUA or
ULA must be used."I think this horse has been beaten enough ;)
