[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: multihomed server with ipv6


lists@onemanifest.net a écrit :
> I've setup static adressing for both NICs for ipv4 and ipv6 like this:
>   # The primary LAN network interface
>   allow-hotplug eth0
>   iface eth0 inet static
>     address 192.168.1.xx
>     netmask
>     gateway
>   iface eth0 inet6 static
>     address 2001:xxxx:xxxx:3::20
>     netmask 64
>     gateway 2001:xxxx:xxxx:3::1
>   # The secondary DMZ network interface
>   allow-hotplug eth1
>   iface eth1 inet static
>     address 192.168.0.xx
>     netmask
>     gateway
>   iface eth1 inet6 static
>     address 2001:xxxx:xxxx:2::20
>     netmask 64
>     gateway 2001:xxxx:xxxx:2::1
> The NICs are configured fine, but only _one_ ipv6 gets assigned. After a reboot either
> eth0 or eth1 gets it's ipv6 assigned, never both.

I could reproduce it on a test machine. This looks like a tricky
side-effect of multiple IPv4 default gateways.

Here is what happens :
One interface is configured first. Since you used "allow-hotplug"
insteald of "auto", the order may vary, depending on the discovery order
by udev. When the second interface is configured for IPv4, ifup adds the
address, tries to add the default route and gets an error because a
default route already exists. Then it stops trying to configure the
interface, including the IPv6 configuration.

Bottom line : don't define a gateway on multiple interfaces unless you
are sure that only one interface is active at a time. It usually won't
work the way you expect. "Default" means no other choice. If there are
two active gateways then you still have to make a choice. Thus defining
two active default gateways makes no sense.

> Also, I noticed that if I ping6 a host is subnet A from a NIC in
> subnet B, the servers ip6 in subnet A is used as source ip, even if an
> ipv6 in subnet B is available on that NIC. Does this mean that the
> return traffic is routed over subnet A in stead of B? This is not
> desirable since I'd like the traffic between both subnets to be
> fire-walled by the router.

I tried hard and failed to understand what you mean. Please describe
more precisely what are the host, NIC, subnets, servers, router you're
talking about, how they relate to the above, the commands you run and
the results you observe.

Reply to: