Característica #45
tancatevaluating ULA/RIPE IPv6 scheme and Linux Source Address Selection
Descripció
ULA (Unique Local Addresses)
ULA are addresses which are unique only in one association or company. They are never routed in the RIPE internet.
ULA address ranges can be identified by their FD/8 prefix followed by a specific 40 bit identifier resulting in a /48 prefix.
There is a inofficial web site at: http://www.sixxs.net/tools/grh/ula/list/ to register ULA /48 prefixes so that even accidential usage of equal prefixes can be avoided.
The apporach comes with the following advantages:
- Large ULA Ranges can be easliy acquired without any paperwork or payment.
- ULA addresses will be used as core infrastructure in the mesh
- Unique ULA addresses can be generated by each node by combining a specific ULA /48 Prefix with the nodes MAC address of its primary interface.
- This way a node can immediately start using the mesh infrastructure.
- Services, RIPE addresses, and forther network resources can be accessed in a second step using the ULA-Mesh network infrastructure.
This idea has been evaluated and found to be usable.
A specific address scheme has been designed and discussed for being used by each node in the mesh. The scheme allows a node to completely autoconfigure its IPv6 addresses for participating in the mesh network by only knowing its MAC address and the protocol-specific ULA prefixes.
Linux Source Address Selection
denotes the algorithm with which linux selects the source address for an outgoing packet.
Its theoretical behavior is described here:
http://www.davidc.net/networking/ipv6-source-address-selection-linux http://linux-ip.net/gl/ip-cref/node155.html
The main problem (for many purposes) is that (unlike in IPv4) the source address for a specific target network can NOT be configured manually anymore.
As a consequence other means must be found to ensure that the desired source address is selected whenever a packets leaves a node to a specific destination.
The second problem is that the algorithm and its implementation are unclear for specific cases. Therefore a number of tests have been made to proove that the objected IP scheme will work.
For example the following questions have been resolved:
- Alias IP assignement DOES NOT WORK! Source addresses are chosen randomly if available on the outgoing interface.
- Does IPv6 src address remain within ongoing connection after route change via different outgoing interface ? YES (tested with ssh)!!
- RIPE prefix not on outgoing interface does NOT work!
wrong source address selected when pinging RIPE destination address:mlc109:~# tcpdump -i eth1 -n vlan 12
10:58:00.271272 vlan 12, p 0, IP6 fd12::100:1:0:1 > 2a00:1:0:105::1: ICMP6, echo request, seq 86, length 64
10:58:00.271300 vlan 12, p 0, IP6 fd12::100:1:0:1 > 2a00:1:0:105::1: ICMP6, echo request, seq 86, length 64
- Only one RIPE/64 prefix per node (with differen prefix-length) on all outgoing interfaces)? WORKS! see:
one dev (for autoconf clients/dhcp) with Prefix::1/64 range and several other devs with Prefix::x/128before handover:
mlc109:~# tcpdump -i eth1 -n vlan 12 and port 22
16:44:15.992447 vlan 12, p 0, IP6 2a01:0:0:109::1.22 > 2a01:0:0:100::12.52742: P 49:97(48) ack 96 win 96 <nop,nop,timestamp 4577138 4577136>
16:44:15.993147 vlan 12, p 0, IP6 2a01:0:0:100::12.52742 > 2a01:0:0:109::1.22: . ack 97 win 83 <nop,nop,timestamp 4577138 4577138>after handover:
mlc109:~# tcpdump -i eth2 -n vlan 12 and port 22
16:46:02.002095 vlan 12, p 0, IP6 2a01:0:0:109::1.22 > 2a01:0:0:100::12.52742: P 1:49(48) ack 48 win 96 <nop,nop,timestamp 4587739 4587737>
16:46:02.012121 vlan 12, p 0, IP6 2a01:0:0:100::12.52742 > 2a01:0:0:109::1.22: . ack 49 win 83 <nop,nop,timestamp 4587739 4587739>
The conclusion of this evaluation will be used later for the implementation of init and autoconfiguration scripts.
Summary of efforts
ula idea (understanding, reading documentation) 3 hours
Designing ula/ripe address auto generation 14 hours
Linux source address detection (evaluating/testing llocal,ula,ripe/alias,vlan) 18 hours
documentation 4 hours
Fitxers
Actualitzat per Axel Neumann fa més de 13 anys
- S'ha afegit Fitxer IP-scheme-06.ods IP-scheme-06.ods
Actualitzat per Axel Neumann fa més de 13 anys
- Estat ha canviat de Resolt a Tancat