Hi all, the immediate problem with BGP (ignoring the logistic and legal aspects) would be utilizing both uplinks in an active/active fashion. Or rather, ensuring the return traffic honors the original uplink choice of the request traffic.
Paolo On Thu, Mar 6, 2025, 13:59 Maria Matejka via ipv6-wg <[email protected]> wrote: > Hello Jonas, > > I would say the right way to go is get an ASN and do proper BGP routing. > Everything you describe, is imho basically a textbook example of an > autonomous system. > > Maria > > > On March 6, 2025 1:47:29 PM GMT+01:00, Jonas Lochmann < > [email protected]> wrote: > >> My goal is to use multiple uplinks, but not only for redundancy. Most of >> the time, all (in my case 2) uplinks are available and then the question >> is how to make use of both of them. >> >> With IPv4, NAT is common and thus the solution is quite simple. In my >> case, I am using the mwan3 package from OpenWrt. It uses iptables rules >> to add firewall marks to connections. If multiple uplinks are available, >> then the mark/uplink is chosen randomly and assigned to this (e.g. TCP) >> connection. This firewalls marks are used during a policy based routing. >> With a masquerade/source NAT, the right source address for the used >> route is picked and everything just works. >> >> In case of IPv6, everything is different. NAT is uncommon. One solution >> is to enable NAT and then everything works as with IPv4. Alternatively, >> RFC 8678 describes that clients can be informed about multiple uplinks. >> The limitation: I do not see any option for load balancing. >> >> RFC 8678 references other solutions. Shim6 seems to be not widely >> implemented. The Multipath Transports look like a solution for the >> future with Mulitpath TCP. The last solution is NPTv6. RFC 8678 does not >> like the solution. It is no NAT, but it still rewrites the addresses. >> >> The disadvantage: Stateless address rewriting seems only usable if there >> is only one prefix known to the network. If this is the global prefix of >> one uplink, then all connections are interrupted if the prefix of this >> uplink is changed. If this is the local prefix, then the clients do not >> know their public addresses. >> >> I tried to use a stateful source address rewriting instead. With >> nftables, this is easy to implement and it works if the prefix length of >> the uplink is longer (smaller subnet) than the internal network: Just >> keep the prefix and replace the bits after it with the original source >> address. With this, I can use local addresses in the local network and >> additionally provide the public address/es of one or more uplinks. >> >> I am using this in production at one location since multiple years and >> thus know that this works. I am interested in other approaches, >> experiences and feedback for this method. >> ------------------------------ >> To unsubscribe from this mailing list or change your subscription options, >> please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/ >> As we have migrated to Mailman 3, you will need to create an account with >> the email matching your subscription before you can change your settings. >> More details at: https://www.ripe.net/membership/mail/mailman-3-migration/ >> >> -- > Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o. > ----- > To unsubscribe from this mailing list or change your subscription options, > please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/ > As we have migrated to Mailman 3, you will need to create an account with > the email matching your subscription before you can change your settings. > More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
