IPV6 connectivity and IPV6 proxy ND6 commit

Matthew Dillon dillon at apollo.backplane.com
Wed Sep 4 11:57:28 PDT 2013


    I've committed some changes to our IPV6 stack to allow proxying neighbor
    solicitations in subnets of /64, which is normally not allowed.  Insofar
    as I can tell it doesn't hurt anything to allow it.

    The old FreeBSD code had a very weird route table per-host link-entry 
    feature to do ND6 proxying.  That feature still exists but I have
    made adjustments to allow whole subnets to be proxied in a manner similar
    to how IPV5 is proxied.  Two interfaces are required and ip6 forwarding
    has to be enabled for the proxying to operate.

    Basically it works like this:  I have a /64 from our colo that is
    2001:470:1:43b/64.  The colo's gateway expected the entire /64 to
    be switched as per the IPV6 specification.

    I have two interfaces on our router. I have configured the one that
    connects to the colo's router to subnet 0, aka 2001:470:1:43b:0/80,
    and the other interface connects to the DragonFly switch and is on
    subnet 1, aka aka 2001:470:1:43b:1/80.  When the colo's router tries
    to solicit a neighbor route for something on subnet 1 the proxy ND6
    kicks in and supplies an answer on the primary interface, then
    routes the packet to the dragonfly switch, and vise versa.

    In the future I may request a /48 from the colo but it might cost me
    money so right now I'm sticking with the free /64 they gave me and using
    it to test the proxy ND6 stuff.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>



More information about the Kernel mailing list