Re: IPv6 policy based source routing

2011-03-22 Thread Matt Smith 
On 22 March 2011 03:00, J. Hellenthal  wrote:
>
> Hi Matt,
>
> Unofficially not sure if you have already checked into this so I am not sure 
> if it is really a solution to your problem but may be a step forward. Check 
> out the man page for ip6addrctl(8) that allows you to set a precedence for 
> each prefix/route. The default output of ip6addrctl(8) can be dumped into 
> /etc/ip6addrctl.conf where it will also be parsed and restored upon reboot.
>

This does indeed look like exactly what I was after however I can't
seem to get it to do anything unless I'm using it wrong.

root@tao[~]# ip6addrctl show
Prefix  Prec Label  Use
::1/128   50 00
::/0  40 1   155126
2002::/16 30 20
::/96 20 30
:::0.0.0.0/96 10 40

The IP on vr0 is 2a01:348:294::1/64 and the IP on gif0 is
2a01:348:6:45c::2/128. Right now if I ping6 ipv6.google.com I get this
PING6(56=40+8+8 bytes) 2a01:348:6:45c::2 --> 2a00:1450:8002::67 so
it's sourcing traffic from the gif0 IP. I assume in that list the
higher the precedence the higher the priority so I ran "ip6addrctl add
2a01:348:294::/64 45 5". This makes no difference. Traffic still comes
from the gif0 IP.

I also tried adding the gif0 prefix with "ip6addrctl add
2a01:348:6:45c::2/128 44 6" to make it lower but same effect. In case
I got the precedence the wrong way round I tried reversing it. Same
effect.

So I guess I'm not using it correctly. Can you enlighten me as to what
I'm doing wrong with it?

Matt.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

setfib mount

2011-03-22 Thread Albert Shih 
Hi all

Sorry for the cross-posting. I don't known which list is the best. 

I'm using freebsd-jail since 5.x and yesterday I upgrading (from 7.3 to
7.4).

I've see the setfib working now pretty well with the jail. So I using two
routing table. One for the host, one for the jails.

But I don't known why the NFS mount (on the host off course) didn't use the
0 routing table. So when I try to execute the mount the connection start
from the second interface. If I do

setfib 0 mount

every thing work fine. 

I don't known if it's a bug. If it's strange(for me) feature how can I tell
/etc/fstab to do that ? 

Regards.
-- 
Albert SHIH
DIO batiment 15
Observatoire de Paris Meudon
5 Place Jules Janssen
92195 Meudon Cedex
Téléphone : 01 45 07 76 26/06 86 69 95 71
Heure local/Local time:
mar 22 mar 2011 14:09:24 CET
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: IPv6 policy based source routing

2011-03-22 Thread Hajimu UMEMOTO 
Hi,

> On Tue, 22 Mar 2011 09:19:55 +
> Matt Smith  said:

matt> This does indeed look like exactly what I was after however I can't
matt> seem to get it to do anything unless I'm using it wrong.

matt> root@tao[~]# ip6addrctl show
matt> Prefix  Prec Label  Use
matt> ::1/128   50 00
matt> ::/0  40 1   155126
matt> 2002::/16 30 20
matt> ::/96 20 30
matt> :::0.0.0.0/96 10 40

matt> The IP on vr0 is 2a01:348:294::1/64 and the IP on gif0 is
matt> 2a01:348:6:45c::2/128. Right now if I ping6 ipv6.google.com I get this
matt> PING6(56=40+8+8 bytes) 2a01:348:6:45c::2 --> 2a00:1450:8002::67 so
matt> it's sourcing traffic from the gif0 IP. I assume in that list the
matt> higher the precedence the higher the priority so I ran "ip6addrctl add
matt> 2a01:348:294::/64 45 5". This makes no difference. Traffic still comes
matt> from the gif0 IP.

matt> I also tried adding the gif0 prefix with "ip6addrctl add
matt> 2a01:348:6:45c::2/128 44 6" to make it lower but same effect. In case
matt> I got the precedence the wrong way round I tried reversing it. Same
matt> effect.

matt> So I guess I'm not using it correctly. Can you enlighten me as to what
matt> I'm doing wrong with it?

Unfortunately, RFC 3484 doesn't work well for your situation because
of the existence of Rule 5 which prefers outgoing interface.  This
rule is annoying for some situation such as BGP peering which requires
a global address to an interface.
I'm using the attached patches to ignore this rule, intentionally.  It
breaks RFC 3484, though.

Sincerely,
Index: sys/netinet6/in6_src.c
diff -u -p sys/netinet6/in6_src.c.orig sys/netinet6/in6_src.c
--- sys/netinet6/in6_src.c.orig	2009-10-25 10:10:29.0 +0900
+++ sys/netinet6/in6_src.c	2009-11-10 15:48:38.092822205 +0900
@@ -364,10 +364,12 @@ in6_selectsrc(struct sockaddr_in6 *dstso
 		 */
 
 		/* Rule 5: Prefer outgoing interface */
-		if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
-			NEXT(5);
-		if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
-			REPLACE(5);
+		if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
+			if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
+NEXT(5);
+			if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
+REPLACE(5);
+		}
 
 		/*
 		 * Rule 6: Prefer matching label
Index: sys/netinet6/nd6.c
diff -u -p sys/netinet6/nd6.c.orig sys/netinet6/nd6.c
Index: sys/netinet6/nd6.h
diff -u sys/netinet6/nd6.h.orig sys/netinet6/nd6.h
--- sys/netinet6/nd6.h.orig	2009-10-25 10:10:29.0 +0900
+++ sys/netinet6/nd6.h	2009-11-10 15:39:48.733878468 +0900
@@ -84,6 +84,7 @@
  * DAD failure.  (XXX: not ND-specific)
  */
 #define ND6_IFF_DONT_SET_IFROUTE	0x10
+#define ND6_IFF_NO_PREFER_IFACE	0x80 /* XXX: not related to ND. */
 
 #define	ND6_CREATE		LLE_CREATE
 #define	ND6_EXCLUSIVE		LLE_EXCLUSIVE
Index: usr.sbin/ndp/ndp.8
diff -u usr.sbin/ndp/ndp.8.orig usr.sbin/ndp/ndp.8
--- usr.sbin/ndp/ndp.8.orig	2009-10-25 10:10:29.0 +0900
+++ usr.sbin/ndp/ndp.8	2009-11-10 16:24:24.739126446 +0900
@@ -196,6 +196,15 @@
 selection, see the
 .Pa IMPLEMENTATION
 file supplied with the KAME kit.
+.It Ic no_prefer_iface
+The address on the outgoing interface is preferred by source addess
+selection rule.
+If this flag is set, stop treating the address on the
+.Ar interface
+as special even when the
+.Ar interface
+is outgoing interface.
+The default value of this flag is off.
 .It Ic disabled
 Disable IPv6 operation on the interface.
 When disabled, the interface discards any IPv6 packets
Index: usr.sbin/ndp/ndp.c
diff -u -p usr.sbin/ndp/ndp.c.orig usr.sbin/ndp/ndp.c
--- usr.sbin/ndp/ndp.c.orig	2009-10-25 10:10:29.0 +0900
+++ usr.sbin/ndp/ndp.c	2009-11-10 15:35:50.217958241 +0900
@@ -1007,6 +1007,9 @@ ifinfo(ifname, argc, argv)
 #ifdef ND6_IFF_PREFER_SOURCE
 		SETFLAG("prefer_source", ND6_IFF_PREFER_SOURCE);
 #endif
+#ifdef ND6_IFF_NO_PREFER_IFACE
+		SETFLAG("no_prefer_iface", ND6_IFF_NO_PREFER_IFACE);
+#endif
 		SETVALUE("basereachable", ND.basereachable);
 		SETVALUE("retrans", ND.retrans);
 		SETVALUE("curhlim", ND.chlim);
@@ -1080,6 +1083,10 @@ ifinfo(ifname, argc, argv)
 		if ((ND.flags & ND6_IFF_PREFER_SOURCE))
 			printf("prefer_source ");
 #endif
+#ifdef ND6_IFF_NO_PREFER_IFACE
+		if ((ND.flags & ND6_IFF_NO_PREFER_IFACE))
+			printf("no_prefer_iface ");
+#endif
 	}
 	putc('\n', stdout);
 #undef ND
Index: sbin/ifconfig/af_inet6.c
diff -u -p sbin/ifconfig/af_inet6.c.orig sbin/ifconfig/af_inet6.c
--- sbin/ifconfig/af_inet6.c.orig	2009-12-13 21:12:12.409876457 +0900
+++ sbin/ifconfig/af_inet6.c	2009-12-13 21:12:20.039603812 +0900
@@ -506,6 +506,8 @@ static struct cmd inet6_cmds[] = {
 	DEF_CMD("-nud",		-ND6_IFF_PERFORMNUD,	setnd6flags),
 	DEF_CMD("prefer_source",ND6_IFF_PREFER_SOURCE,	setnd6flags),
 	DEF_CMD("-prefer_source",-ND6_IFF_PREFER_SOURCE,setnd6f

Re: IPv6 policy based source routing

2011-03-22 Thread Hajimu UMEMOTO 
Hi,

> On Tue, 15 Mar 2011 14:37:20 +
> Matt Smith  said:

matt> I have been doing some more research into this and it appears the
matt> proper way to accomplish what I want is to set
matt> net.inet6.ip6.use_deprecated to 0 and then deprecate the IPv6 address
matt> on the gif0 interface by setting the preferred lifetime to zero. This
matt> apparently makes the source address selection algorithm choose the
matt> alternative address on vr0. I can do the first part but I can't figure
matt> out how to do the second part. Any ideas surrounding this?

matt> The windows command to do this is: "netsh interface ipv6 set address
matt> IP6Tunnel  preferredlifetime=0s" so I need a
matt> FreeBSD equivalent of this command. Does such a thing exist? I've had
matt> a quick search through the ifconfig man page etc but nothing jumps out
matt> at me.

It's Rule 3 of RFC 3484 which avoids deprecated addresses.
If this solves your problem, you can do it by the following command:

ifconfig gif0 inet6  deprecated

Please note that you don't need to set net.inet6.ip6.use_deprecated to
0 for this purpose.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
u...@mahoroba.org  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: IPv6 policy based source routing

2011-03-22 Thread Matt Smith 
On 22 March 2011 17:16, Hajimu UMEMOTO  wrote:
> It's Rule 3 of RFC 3484 which avoids deprecated addresses.
> If this solves your problem, you can do it by the following command:
>
>        ifconfig gif0 inet6  deprecated
>
> Please note that you don't need to set net.inet6.ip6.use_deprecated to
> 0 for this purpose.

root@tao[~]# ifconfig gif0 inet6 2a01:348:6:45c::2 deprecated
root@tao[~]# ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2a01:348:294::1 --> 2a00:1450:8002::93

Perfect! That does exactly what I wanted. Traffic is sourced from the
other IP address now. Thank you for this. I was about to try and apply
the patch that you posted but this does the trick.

Regards, Matt.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: setfib mount

2011-03-22 Thread Julian Elischer 

On 3/22/11 6:14 AM, Albert Shih wrote:

Hi all

Sorry for the cross-posting. I don't known which list is the best.

I'm using freebsd-jail since 5.x and yesterday I upgrading (from 7.3 to
7.4).

I've see the setfib working now pretty well with the jail. So I using two
routing table. One for the host, one for the jails.

But I don't known why the NFS mount (on the host of course) didn't use the
0 routing table. So when I try to execute the mount the connection start
from the second interface. If I do

setfib 0 mount

every thing work fine.

I don't known if it's a bug. If it's strange(for me) feature how can I tell
/etc/fstab to do that ?


does your jail mount anything?


Regards.


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: kern/155772: ifconfig(8): ioctl (SIOCAIFADDR): File exists on directly connected networks

2011-03-22 Thread linimon 
Old Synopsis: ifconfig: ioctl (SIOCAIFADDR): File exists on directly connected 
networks
New Synopsis: ifconfig(8): ioctl (SIOCAIFADDR): File exists on directly 
connected networks

Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Wed Mar 23 01:01:17 UTC 2011
Responsible-Changed-Why: 
Not sure how to classify this one, but give it a shot anyways.

http://www.freebsd.org/cgi/query-pr.cgi?pr=155772
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"