Re: routing to a directly attached subnet without an address in this subnet
On Sun, Apr 24, 2011 at 08:50:53PM -0400, David Scheidt wrote: On Apr 24, 2011, at 4:29 PM, Lionel Fourquaux wrote: em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd Network 2001:db8::/64 is directly attached to em0, and network 2001:db8:0:1::/64 is directly attached to em1. The default route points to em0. I would like to route packets addressed to 2001:db8:0:1::/64 to interface em1, without allocating an address in 2001:db8:0:1::/64 for em1. (Or to understand why this would be impossible). Why do you want to do this? Because I think it would look better that way. How do you expect the hosts on the attached networks to get packets to you? They are already using fe80::1234:56ff:fe78:9abd as default gateway, so this is not a problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: routing to a directly attached subnet without an address in this subnet
On Sun, Apr 24, 2011 at 06:43:11PM -0500, Robert Bonomi wrote: Sorry, it _is_ impossible. :( simply put, to communicate _on_ a network, you have to be *ON* that network, i.e., 'have an address in that network's address-space'. I don't quite see why this would be required, as long as packets are routed as they should. It is perfectly legitimate for two (or more) separate networks to share the same physical media. Yes. *ONLY* the address of the device distinguishes which network the trafic goes to/from. But this is the destination address on packets. The point here is, why would the router need an address that is never used as source or destination? I can't see any strong reason for requiring that em1 have an address for every directly attached subnet packets are routed to. Think about how 'reply' packets have to be routed by other machines on that subnet. Packets from other machines are routed to fe80::1234:56ff:fe78:9abd (link local address of the router), so this part is fine. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: routing to a directly attached subnet without an address in this subnet
On Mon, Apr 25, 2011 at 10:17:40PM +1000, Daniel Marsh wrote: What you need to verify is the default routes on the client hosts. It's very likely your packets and your initial route add commands on your dual host machine are correct, yet the return route on the other clients are incorrect. I have checked that. Actually, I can ping the router from the clients. What does not work is initiating a packet exchange from the router's side. Short reminder: em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd default route is to em0 2001:db8:0:1::/64 is router to em1 (route add -inet6 2001:db8:0:1::/64 -iface em1) clients connected to em1 have addresses in 2001:db8:0:1::/64 and default route to fe80::1234:56ff:fe78:9abd If I reboot the router, then try to ping a client in 2001:db8:0:1::/64, directly connected to em1, ping6 fails with sendmsg: Operation not permitted. tcpdump does not show anything being sent to this client. The client's MAC does not show up in ndp -a. If I ping the router from the client, I get answers. The client's MAC show up in the NDP table, and I can ping the client from the router as long as it is still listed in the NDP table. If I clear the table with ndp -c, I can't ping from the router any more. If I reboot and add a static entry for the client in the NDP table, I can ping this client. All this seems to point to NDP as the root of the problem: it looks like it is not aware of the addition of 2001:db8:0:1::/64 to the routing table. I do not see any way to give the missing information to NDP other than adding an address to em1. (Adding static entries for all the clients would not be manageable in the long run). Google seems to turn up some mentions of cloning routes that look like a way to solve this (I'm not quite sure), but this was apparently removed in a recent reimplementation of ARP+NDP (arp-v2). Maybe some functionality was lost in the process, but I don't know about this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
routing to a directly attached subnet without an address in this subnet
Dear FreeBSD users, Consider an IPv6 router with two interfaces, e.g. em0 and em1. em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd Network 2001:db8::/64 is directly attached to em0, and network 2001:db8:0:1::/64 is directly attached to em1. The default route points to em0. I would like to route packets addressed to 2001:db8:0:1::/64 to interface em1, without allocating an address in 2001:db8:0:1::/64 for em1. (Or to understand why this would be impossible). I have tried to add a route using: route add -ipv6 2001:db8:0:1::/64 -iface em1 (and several variations), but this fails (route returns successfully, but I can't ping anything on 2001:db8:0:1::/64). On the other hand, if I give address 2001:db8:0:1::1/64 to em1, ping6 works and packets are routed successfully. I guess that the differenceis that the OS can't figure out which interface to use for NDP in the first case. However, ndp(8) can create static entries in the NDP table for individual hosts but not whole subnets. I can't see any strong reason for requiring that em1 have an address for every directly attached subnet packets are routed to. The router already has a valid routable address on em0 which can be used as source address for ICMP, and it has an address on em1 (the link local one) which can be used for NDP and routing. So: 1. Is there a way to set up the router the way I want it? 2. If not, why is it not possible? I can mark the additional addresses on em1 as deprecated, possibly even firewall out anything going to these addresses. From the outside, the router would behave exactly the way I want. However, this does not seem as nice as such a simple setup should be. This is on FreeBSD 8.2 (i386), GENERIC kernel. I have slightly simplified the description but all the relevant parts should be here. Anticipated thanks for your answers, and best regards. -- Lionel Fourquaux ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org