On 08/01/18 18:24, Jorge Schrauwen wrote: > I added basic support for this a few years ago. It's not great by any > stretch but this works now: > > <snip> > admin_ip6=2001:dead:beef:123::210/64 > dns_resolvers=2001:dead:beef:123::1,10.00.123.1 > <snip>
Cool.
How do this manage routes?. Could I do a /112, for instance and deploy
IPv6 under the same /64 prefix in the native zones?.
The fact is that I only have a /64, and I don't want to do NAT6.
Currently my approach with IPv4 is having private addresses in the zones
and the global zone does NAT and firewalling. All zones reside in an
etherhub. Something like this:
Internet ---- GLOBAL ---- Etherhub --- Zone 1
| +----- Zone 2
+--------- Zone 3
With IPv6 I could connect the zones directly to Internet setting a /112,
for instance. The problem here is that my provider (Hetzner) most
probably will ignore my frames because the MAC addresses of those is
"unknown". I understand that the VNICs will have "virtual" MAC addresses
unknown to "Hetzner".
So I would probably need to use the GLOBAL zone as a router. Replicate
the topology, run a router and a firewall in the global zone. Not NAT6,
thought.
The idea would be this:
1. My provider gives me a /64.
2. I configure a /80 in the global zone, in the NIC connected to internet.
3. The VNIC connected to the internal etherhub is a /80 (inside the
provided /64), but a different /80 network that the assigned to the real
Internet NIC.
4. I configure the same /80 in each zone. Those zones NIC reside in an
etherhub, as drew previously. All those /80 reside in the same /80,
different of the /80 in the global zone. So, the zones see themselves as
pertaining to the same /80 network, including the global zone VNIC
plugged to the etherhub.
5. Could the zones (in that etherhub) see each other thru IPv6?. They
are in the same /80 and the same etherhub.
6. Could the zones ping the VNIC of the global zone in that /80
network?. They are in the same /80 and the same etherhub.
7. Would SmartOS kernel know that those /80 addresses are accessible
thru the VNIC of the global zone and the rest of the IPv6 space should
be routed thru the external NIC to Internet?.
8. Would SmartOS kernel forward packets to the /80 in the etherhub when
getting a datagram addressed to them in the Internet NIC.
9. If Hetzner doesn't statically route the /64 to my MAC, what would
happens if the Hetzner router do a Neighbour Discovery to the /80
addresses?. Would SmartOS reply?.
I would assume that I must provide a /64 address to the external NIC to
reply all neighbour discovery requests, but since the kernel has a /80
prefix in another internal VNIC, the default route for that network
would be that VNIC. Is that correct?.
Advice! :)
Thanks for your time!.
PS: That said, I already have an internal etherhub I must configure
using a custom SMF because there is no "/usbkey/config" mechanisms for
that. Same said with firewall and NAT configuration. I could do the same
for IPv6 and routing tables. Custom SMF seems to be actually mandatory.
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
[email protected] - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:[email protected] _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
signature.asc
Description: OpenPGP digital signature
------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
