IPV6 connectivity and IPV6 proxy ND6 commit
Matthew Dillon
dillon at apollo.backplane.com
Wed Sep 4 11:57:28 PDT 2013
I've committed some changes to our IPV6 stack to allow proxying neighbor
solicitations in subnets of /64, which is normally not allowed. Insofar
as I can tell it doesn't hurt anything to allow it.
The old FreeBSD code had a very weird route table per-host link-entry
feature to do ND6 proxying. That feature still exists but I have
made adjustments to allow whole subnets to be proxied in a manner similar
to how IPV5 is proxied. Two interfaces are required and ip6 forwarding
has to be enabled for the proxying to operate.
Basically it works like this: I have a /64 from our colo that is
2001:470:1:43b/64. The colo's gateway expected the entire /64 to
be switched as per the IPV6 specification.
I have two interfaces on our router. I have configured the one that
connects to the colo's router to subnet 0, aka 2001:470:1:43b:0/80,
and the other interface connects to the DragonFly switch and is on
subnet 1, aka aka 2001:470:1:43b:1/80. When the colo's router tries
to solicit a neighbor route for something on subnet 1 the proxy ND6
kicks in and supplies an answer on the primary interface, then
routes the packet to the dragonfly switch, and vise versa.
In the future I may request a /48 from the colo but it might cost me
money so right now I'm sticking with the free /64 they gave me and using
it to test the proxy ND6 stuff.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Kernel
mailing list