Hi,
On Thu, 23 Jun 2005, Iljitsch van Beijnum wrote:
On 22-jun-2005, at 14:51, Mohacsi Janos wrote:
The trouble is that there is no clear way to force the use of internal
addresses for internal stuff and external addresses for external stuff.
This is easier, if you setup RFC3484 style address selection. You
give
higher priority to your local addresses.
I'm not sure how you envision this. My understanding was that the address
with the longest matching prefix would be used. So when I connect to my
server which has both a 2001:: and a 3ffe:: address (sequoia.muada.com for
those of you who want to try) my system at home with a 2001:: address would
use the 2001:: address. However, that's not what happens.
MacOS 10.4:
% telnet sequoia
Trying 3ffe:2500:310:2::1...
FreeBSD 4.9:
# telnet sequoia
Trying 3ffe:2500:310:2::1...
Red Hat 9 Linux:
# telnet sequoia
Trying 3ffe:2500:310:2::1...
(Well, acutally they pick an address non-deterministically.)
Windows XP was the only one that used the 2001:: address each time. (But this
could be because of DNS caching, no way to tell except for rebooting more
times than I care to do right now.)
But that's not the real problem. The real problem is that always choosing the
same address is a bad thing: that way, applications that don't cycle the
address list themselves can easily get stuck retrying a non-working address
and ignoring a working alternative.
(And this would also require two-faced DNS all over the place as you'd try to
connect to other people's unique site locals otherwise.)
The bottom line is that there is no way to do the right thing with only a
priori information. You need at least _some_ measurement info to make
reasonable decisions.
You are mixing things. The DNS is remaining in place. If a host has
more then one DNS entry the DNS query will return all of them. RFC 3484
just do some kind of sorting on the entries. You can select locally your
preferences.
Here is sample transcript what you can do with RFC3484:
1. Setting up IPv6 preference:
[EMAIL PROTECTED]> sudo ./prefer6
Prefix Prec Label Use
::1/128 50 0 0
::/0 40 1 0
2002::/16 30 2 0
::/96 20 3 0
::ffff:0.0.0.0/96 10 4 0
[EMAIL PROTECTED]> telnet sequoia.muada.com
Trying 2001:1af8:2:5::2...
^C
2. Setting up IPv4 preference:
[EMAIL PROTECTED]> sudo ./prefer4
Prefix Prec Label Use
::ffff:0.0.0.0/96 50 0 0
::1/128 40 1 0
::/0 30 2 0
2002::/16 20 3 0
::/96 10 4 0
[EMAIL PROTECTED]>telnet sequoia.muada.com
Trying 83.149.65.1...
telnet: connect to address 83.149.65.1: Connection refused
Trying 2001:1af8:2:5::2...
^C
IPv4 address tried first (probably refused by firewall, switching right to
IPv6....
3. Prefer 3ffe:: addresses
[EMAIL PROTECTED]> sudo ./prefer63
Prefix Prec Label Use
::1/128 50 0 0
3ffe::/16 45 5 0
::/0 40 1 0
2002::/16 30 2 0
::/96 20 3 0
::ffff:0.0.0.0/96 10 4 0
[EMAIL PROTECTED]> telnet sequoia.muada.com
Trying 3ffe:2500:310:2::1...
^C
3ffe:2500:310:2::1 tried first
4. Prefer 2001:: style addresses
[EMAIL PROTECTED]> sudo ./prefer62
Prefix Prec Label Use
::1/128 50 0 0
2001::/16 45 5 0
::/0 40 1 0
2002::/16 30 2 0
::/96 20 3 0
::ffff:0.0.0.0/96 10 4 0
[EMAIL PROTECTED]> telnet sequoia.muada.com
Trying 2001:1af8:2:5::2...
^C
[EMAIL PROTECTED]>
So you RFC3484 is very powerful You can prefer IPv4 address or prefer
2001:: address if you want. You can prefer ULA address if you want. But to
be consistent in a site, you should implement a site wide policy some
other methods e.g. DHCPv6.
I think pretty large number of hosts potentially can support RFC3484.
Windows XP/2003 fully supports it. All *BSD systems also fully supports it.
So how do I install a policy?
Sample scripts I used on FreeBSD attached (You need FreeBSD 5.2 or
later )
For Windows XP/2003 the syntax are very similar to ip6addrctl.
Adding policy rule:
FreeBSD:
ip6addrctl add <prefix> <precedence> <label>
Windows XP
netsh interface ipv6 set prefixpolicy <prefix> <precedence> <label>
Showing policy rules:
FreeBSD:
ip6addrctl show
Windows XP
netsh interface ipv6 show prefixpolicy
Clearing the policy table
FreeBSD:
ip6addrctl flush
Windows XP:
netsh interface ipv6 delete prefixpolicy
Regards,
Janos Mohacsi
#!/bin/sh
#prefer 3ffe::
ip6addrctl flush >/dev/null 2>&1
ip6addrctl add ::1/128 50 0
ip6addrctl add 3ffe::/16 45 5
ip6addrctl add ::/0 40 1
ip6addrctl add 2002::/16 30 2
ip6addrctl add ::/96 20 3
ip6addrctl add ::ffff:0:0/96 10 4
ip6addrctl show
#!/bin/sh
#prefer 2001::
ip6addrctl flush >/dev/null 2>&1
ip6addrctl add ::1/128 50 0
ip6addrctl add 2001::/16 45 5
ip6addrctl add ::/0 40 1
ip6addrctl add 2002::/16 30 2
ip6addrctl add ::/96 20 3
ip6addrctl add ::ffff:0:0/96 10 4
ip6addrctl show
#!/bin/sh
#prefer ipv6
ip6addrctl flush >/dev/null 2>&1
ip6addrctl add ::1/128 50 0
ip6addrctl add ::/0 40 1
ip6addrctl add 2002::/16 30 2
ip6addrctl add ::/96 20 3
ip6addrctl add ::ffff:0:0/96 10 4
ip6addrctl show
#!/bin/sh
#prefer ipv4
ip6addrctl flush
ip6addrctl add ::ffff:0:0/96 50 0
ip6addrctl add ::1/128 40 1
ip6addrctl add ::/0 30 2
ip6addrctl add 2002::/16 20 3
ip6addrctl add ::/96 10 4
ip6addrctl show
_______________________________________________
6bone mailing list
[email protected]
http://mailman.isi.edu/mailman/listinfo/6bone
