Thank you Jonas for the initiative. For Multi-Homing and Load-balacing scenarios I was always looking into RFC8678 [1] or RFC8475 [2]. But as you mentioned there is no support in OpenWrt or mwan3 as of today.
Therefore I would be interested in a solution, nevertheless I have no deployment and test possibilities at the moment. Did you discuss the deployment scenario elsewhere, e.g. Ripe IPv6 WG? Goetz [1] https://datatracker.ietf.org/doc/rfc8678/ [2] https://datatracker.ietf.org/doc/rfc8475/ Am Do., 27. Feb. 2025 um 20:42 Uhr schrieb Jonas Lochmann <open...@jonaslochmann.de>: > > On Thu, Feb 27, 2025 at 11:49:10AM +0100, Bjørn Mork wrote: > > But this is mostly pointing back to the first issue: Why is it that we > > need a feature which is so weird and unique to OpenWrt that it has never > > been described before? > > Because this solves a problem where no solution exists yet. The following is > based on search results for the term "ipv6 multiwan". > > RFC 8678 described the solution of using source address based routing [1]. > This supports a failover, but this method is not supported by the mwan3 > package. This has the limitation that a load balancing is not possible. It > mentions NPTv6 and Multipath Transports as other possible solutions. > > A Reddit discussion talks about the failover scenario [2]. NPTv6 is > discussed along with its disadvantages in practice - limited support in > products (not supported at all or only with static prefixes). Another > discussion is the one about using global addresses or ULA addresses in > the private network for this. > > The documentation of PfSense states for multiwan with IPv6 that "This > [Network Prefix Translation] does not work for dynamic IPv6 types where > the subnet is not static, such as DHCP6-PD." [3] This document states > that this can be used with global or local addresses in the lan. As far > as I know, providing both in the lan will cause trouble. In the forum, > someone asks about other solutions but without any reply [4]. > > For OPNsense, someone wrote a tutorial (in german only) and just > skipped IPv6 [5]. The reason: IPv4 is for a failover enough. Sadly, the > date of this article is not clearly visible, but the year 2022 is > mentioned. > > In the Unify forum, there is a post about a failover function that > seems to ignore IPv6 [6]. The post is two years old, but the last > comment stating the issue still exists is 5 months old. Another > post [7] describes using NPT but it looks manual and with hardcoding > the prefixes. It uses local addresses within the lan. > > So the stateless NPT requires using one single prefix in the lan > (limitation 1). To avoid side effects on traffic to the other uplink if > one uplink obtains a new prefix, the local addresses must be used > (limitation 2). It requires prefixes of the same size for the internal > network and the uplinks (limitation 3). Using my approach, these > limitations do not exist. It looks like this approach is not implemented > anywhere yet. As a result, there is no well known name for it. > > The downside of this method: it is stateful. However, a multiwan with > load balancing is stateful and a stateful firewall that is normally used > at the border of a network is stateful too. > > An alternative to my approach would be a dynamic NPT in OpenWrt that > uses the assigned prefixes from the uplinks. This would be similar to > my patch but the mentioned limitations would apply. > > [1] https://datatracker.ietf.org/doc/rfc8678/ > [2] > https://www.reddit.com/r/ipv6/comments/10odci9/is_there_still_no_good_ipv6_wan_failover_solution/ > [3] https://docs.netgate.com/pfsense/en/latest/recipes/multiwan-ipv6.html > [4] > https://forum.netgate.com/topic/188052/is-there-a-clear-and-complete-recipe-for-ipv6-multi-wan > [5] > https://www.heimnetz.de/anleitungen/firewall/opnsense/opnsense-multi-wan-einrichten/ > [6] > https://community.ui.com/questions/Dual-WAN-IPv6-Failover-and-Traffic-Routing-UDM-Pro/8c46d2bb-9aba-422b-ad2d-c78d6a7d5bcb > [7] > https://community.ui.com/questions/Dual-WAN-IPv6-setup/1c2d7fe2-3bc3-42b1-b9bf-b7d36bc9f9cc > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
