Source address selection problems
Hi,
I have a machine with multiple IPv6 addresses (all in the same prefix)
assigned to its main network interface (eth0). This works fine, apart
from the binding of source addresses for outgoing connections on this
machine.
Under IPv4, one would typically set this up with interface aliases:
ifconfig eth0 my.main.ip
ifconfig eth0:foo my.foo.service.ip
And so on. In this case, my.main.ip would be used as the source address
for outgoing connections over that interface. With IPv6, this doesn't
seem to be possible, despite some contradictory information from the
iproute manual. For example, from Appendix A: "IPv6 searches for the
first valid, not deprecated address with the same scope as the
destination. However:
dom@urchin:~$ ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> qlen 1000
inet6 fe80::2e0:18ff:fe07:c2b7/64 scope link
inet6 2001:1b40:0:1000:c1c9:c849:0:1/64 scope global
inet6 2001:1b40:0:1000:c1c9:c849:103:e801/64 scope global
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:103:e801
Furthermore, adding routes with explicit "src" options does not work as
advertised (in sec 7.1 of the iproute manual):
dom@urchin:~$ ip -6 ro |grep 2000
dom@urchin:~$ ip -6 ro |grep default
unreachable default dev lo proto none metric -1 error -101
dom@urchin:~$ sudo ip -6 ro add 2000::/3 via 2001:1b40:0:1000::1 src 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ ip -6 ro get 2001:200:0:8002:203:47ff:fea5:3085
2001:200:0:8002:203:47ff:fea5:3085 via 2001:1b40:0:1000::1 dev eth0 src 2001:1b40:0:1000:c1c9:c849:103:e801 metric 1024 mtu 1500 advmss 1440
Lastly, section 5.3 of the iproute manual claims that "an IP address
becomes secondary if another address with the same prefix bits already
exists" (and that a secondary address is not used when selecting the
default source address of outgoing packets.
Howver:
dom@urchin:~$ ip -6 addr show dev eth0 primary
2: eth0: <BROADCAST,MULTICAST,UP> qlen 1000
inet6 fe80::2e0:18ff:fe07:c2b7/64 scope link
inet6 2001:1b40:0:1000:c1c9:c849:0:1/64 scope global
inet6 2001:1b40:0:1000:c1c9:c849:103:e801/64 scope global
dom@urchin:~$ ip -6 addr show dev eth0 secondary
Some further points:
- If I add a third address to the interface, that gets used instead;
I would guess that the last address is always used
(rather than the first).
- Assigning extra addresses with labels such as eth0:foo makes no
difference.
Further weird behaviour:
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ sudo ip addr add 2001:1b40:0:1000:c1c9:c849:0103:e801/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ sudo ip addr add 2001:1b40:0:1000:c1c9:c849:0200:d001/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:103:e801
dom@urchin:~$ sudo ip addr del 2001:1b40:0:1000:c1c9:c849:0103:e801/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:200:d001
dom@urchin:~$ sudo ip addr del 2001:1b40:0:1000:c1c9:c849:0200:d001/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ sudo ip addr add 2001:1b40:0:1000:c1c9:c849:0200:d001/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ sudo ip addr add 2001:1b40:0:1000:c1c9:c849:0103:e801/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:200:d001
Which is inconsistent, at best!
This is a Debian woody system with a vanilla 2.4.29-rc2 kernel. The same
behaviour is apparent on a Debian sarge system with a vanilla 2.4.29
kernel.
Is anyone able to unravel this mess and provide any suggestions as to what's
going on or how to fix it?
Cheers,
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply to: