On Thu, Feb 27, 2025 at 11:49:10AM +0100, Bjørn Mork wrote: > But this is mostly pointing back to the first issue: Why is it that we > need a feature which is so weird and unique to OpenWrt that it has never > been described before?
Because this solves a problem where no solution exists yet. The following is based on search results for the term "ipv6 multiwan". RFC 8678 described the solution of using source address based routing [1]. This supports a failover, but this method is not supported by the mwan3 package. This has the limitation that a load balancing is not possible. It mentions NPTv6 and Multipath Transports as other possible solutions. A Reddit discussion talks about the failover scenario [2]. NPTv6 is discussed along with its disadvantages in practice - limited support in products (not supported at all or only with static prefixes). Another discussion is the one about using global addresses or ULA addresses in the private network for this. The documentation of PfSense states for multiwan with IPv6 that "This [Network Prefix Translation] does not work for dynamic IPv6 types where the subnet is not static, such as DHCP6-PD." [3] This document states that this can be used with global or local addresses in the lan. As far as I know, providing both in the lan will cause trouble. In the forum, someone asks about other solutions but without any reply [4]. For OPNsense, someone wrote a tutorial (in german only) and just skipped IPv6 [5]. The reason: IPv4 is for a failover enough. Sadly, the date of this article is not clearly visible, but the year 2022 is mentioned. In the Unify forum, there is a post about a failover function that seems to ignore IPv6 [6]. The post is two years old, but the last comment stating the issue still exists is 5 months old. Another post [7] describes using NPT but it looks manual and with hardcoding the prefixes. It uses local addresses within the lan. So the stateless NPT requires using one single prefix in the lan (limitation 1). To avoid side effects on traffic to the other uplink if one uplink obtains a new prefix, the local addresses must be used (limitation 2). It requires prefixes of the same size for the internal network and the uplinks (limitation 3). Using my approach, these limitations do not exist. It looks like this approach is not implemented anywhere yet. As a result, there is no well known name for it. The downside of this method: it is stateful. However, a multiwan with load balancing is stateful and a stateful firewall that is normally used at the border of a network is stateful too. An alternative to my approach would be a dynamic NPT in OpenWrt that uses the assigned prefixes from the uplinks. This would be similar to my patch but the mentioned limitations would apply. [1] https://datatracker.ietf.org/doc/rfc8678/ [2] https://www.reddit.com/r/ipv6/comments/10odci9/is_there_still_no_good_ipv6_wan_failover_solution/ [3] https://docs.netgate.com/pfsense/en/latest/recipes/multiwan-ipv6.html [4] https://forum.netgate.com/topic/188052/is-there-a-clear-and-complete-recipe-for-ipv6-multi-wan [5] https://www.heimnetz.de/anleitungen/firewall/opnsense/opnsense-multi-wan-einrichten/ [6] https://community.ui.com/questions/Dual-WAN-IPv6-Failover-and-Traffic-Routing-UDM-Pro/8c46d2bb-9aba-422b-ad2d-c78d6a7d5bcb [7] https://community.ui.com/questions/Dual-WAN-IPv6-setup/1c2d7fe2-3bc3-42b1-b9bf-b7d36bc9f9cc _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
