Hi, Jonas,
On 6/3/25 09:47, Jonas Lochmann wrote:
My goal is to use multiple uplinks, but not only for redundancy. Most of
the time, all (in my case 2) uplinks are available and then the question
is how to make use of both of them.
With IPv4, NAT is common and thus the solution is quite simple. In my
case, I am using the mwan3 package from OpenWrt. It uses iptables rules
to add firewall marks to connections. If multiple uplinks are available,
then the mark/uplink is chosen randomly and assigned to this (e.g. TCP)
connection. This firewalls marks are used during a policy based routing.
With a masquerade/source NAT, the right source address for the used
route is picked and everything just works.
In case of IPv6, everything is different. NAT is uncommon. One solution
is to enable NAT and then everything works as with IPv4. Alternatively,
RFC 8678 describes that clients can be informed about multiple uplinks.
The limitation: I do not see any option for load balancing.
To put it bluntly, multi-router/multi-prefix is currently broken. This
is not the first time someone raises/notes this, but this is probably
the last instance of it:
* URL: https://www.ietf.org/archive/id/draft-gont-v6ops-multi-ipv6-02.txt
* HTMLized:
https://datatracker.ietf.org/doc/html/draft-gont-v6ops-multi-ipv6
(as noted, it's not just about the source address, but also about using
the right combination of source DNS resolver, source address, and next hop).
Once *that* problem was addressed. one might come up with something for
load *sharing* (whether that's having hosts select the source
address/prefix randomly (or other things being equal), or other options).
In a lot of scenarios -- despite rather religious claims against that
direction -- you may solve the problem as suggested doing NAT for IPv6.
(particularly if this is one of the many problems you have on your table
to solve, as is the case for many organizations)).
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
