[GROW] Re: [Int-area] NDP for RFC4291 Sec. 2.5.5.1. IPv4-Compatible IPv6 Addresses for v4-w-v6-nh Forwarding/RFC8950 at RS

[Tobias Fiebig]

Moin,

in the spirit of doing stupid things, I gave a 'somewhat' test of this
a shot yesterday (using traditional v4v6 NH instead of resolving
neighbors with NDP; But the principle remains the same).

- FRR 10.3 connected to a set of my favorite toaster & other household
  appliance IXes, whose RS send me v4 routes with a v4 NH over a v6
  session
- bgp parameters allow-martian-nexthops
- bgp neighbor $rs-ipv6 disable-connected-check
- /32 for all v4 for which I could find a matching v6 addr in the
  peering LAN injected as v4v6 routes into my IGP

The v4v6 routes are basically the proxy for 'working neighbor discovery
with ARP/"NDP4" '; The allow-martian-nexthops / disable-connected-check
seems to be needed in this case as connected checks for the nexthop
fail as the ingesting router does not have v4 (at all), leading to
routes not becoming valid and hence not being exported in the iBGP.

However, doing that, I can actually forward traffic from a host with a
v4 address in another pop to an IP behind the IX:

                                          My traceroute  [v0.95]
v4less02.ring.nlnog.net (45.91.12.160) -> 45.159.140.1 (45.159.140.1) 
2025-04-09T06:36:48+0000
Keys:  Help   Display mode   Restart statistics   Order of fields  
quit
                                                                
Packets               Pings
 Host                                                          Loss%  
Snt   Last   Avg  Best  Wrst StDev
 1. 192.0.0.8 (192.0.0.8)                                       0.0%  
42    0.4   0.5   0.3   3.9   0.5
 2. 192.0.0.8 (192.0.0.8)                                       0.0%  
42    0.6   0.8   0.6   1.1   0.1
 3. 192.0.0.8 (192.0.0.8)                                       0.0%  
42    1.2   1.3   0.8  10.0   1.4
 4. 192.0.0.8 (192.0.0.8)                                       0.0%  
42    6.6   6.2   5.9   6.6   0.2
 5. (waiting for reply)
 6. eno6-514.ams2.as212635.net (45.159.140.10)                  0.0%  
42   14.1  14.5  12.6  34.7   4.0
 7. ams1.as212635.net (45.159.140.1)                            0.0%  
41   13.2  14.3  12.6  38.1   3.9

So, technically, for an IX to support outbound (from the member)
traffic for an RFC8950 only member to dualstack-but-not RFC8950
members, it would suffice to inject those routes from the RS, ideally
with a specific community and only sending them to RFC8950 peers.

NDP4 would still help with the connected/martian issue here, i guess.

With best regards,
Tobias

_______________________________________________
GROW mailing list -- grow@ietf.org
To unsubscribe send an email to grow-le...@ietf.org