Hi,
On 06/03/2025 13:47, Jonas Lochmann wrote:
I tried to use a stateful source address rewriting instead. With
nftables, this is easy to implement and it works if the prefix length of
the uplink is longer (smaller subnet) than the internal network: Just
keep the prefix and replace the bits after it with the original source
address. With this, I can use local addresses in the local network and
additionally provide the public address/es of one or more uplinks.
I am using this in production at one location since multiple years and
thus know that this works. I am interested in other approaches,
experiences and feedback for this method.
Can you please be more specific about this solution? Which IPv6
addresses do you use in your network? Is it a prefix of one of the
providers, ULA or something else?
Can you more elaborate on why the provider's prefix has to be longer?
If internal prefix is fd12:dead:beef::/48
Provider A is using 2001:db8:a::/56
Provider B is using 2001:db8:b::/56
The translator receives packet from fe12:dead:beef:1234::1 and chooses
provider A, will it translate its source address to 2001:db8:a:0034::1?
If yes, what then happens with packets from fe12:dead:beef:ab34::1?
Also, can you link the repository/PR regarding the patch you use?
--
Best regards,
Ondřej Caletka
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
