Linux IPv6: Specifying policy routing table for default gateway learned from a router advertisement?
Is there any way to tell the kernel which policy routing table should receive the default route learned from an IPv6 router advertisement?
My home network has native IPv6 service from Spectrum and a tunnel from Hurricane Electric that I still need for other reasons. They won't do router redirection so I use policy routing to maintain separate routing tables for each set of source addresses.
My policy rule list first searches the 'main' routing table, which is limited to local destination prefixes that can be reached with either set of source addresses. I tell dhcpcd to tell the kernel to not put a default route into that table, so if there's no match routing falls through to the next rule.
That next rule invokes a HE-specific table for HE source addresses only. That table consists only of a default route pointing at HE.
And the last rule invokes a Spectrum-specific table only for Spectrum source addresses. It contains only a default route pointing at Spectrum.
It all works well enough with static scripts, but it seems inelegant to hardwire addresses all over my scripts. What if Spectrum changes its IPv6 router address?
I'd like to maintain the default route to Spectrum automatically, but the Linux kernel only gives me two choices: pick up Spectrum's router advertisement and put that into a default route in the 'main' table, or (if you set "accept_ra_def_rtr=0"), do nothing. dhcpcd won't tell you the IPv6 gateway address since DHCP6, unlike DHCP4, doesn't assign IPv6 gateways; that function is done by the kernel when it receives Router Advertisement messages.
I could let the kernel install Spectrum's default route in the "main" table, invoke that table only if the source address belongs to Spectrum, and then fall through to the table for HE. But then I'd have to replicate all my local routes in the HE table, and again that gets messy.
A simple and obvious answer occurred to me: let me tell the kernel WHICH routing table to use for default routes to the gateways learned from IPv6 router advertisements. There's even a special table named "default" which is automatically put on the end of the policy rule list. But I can't find any way to tell the kernel to do that. It's either the 'main' table or nothing. Again, I'd rather limit the 'main' table to local entries managed (in part) by dhcpcd (e.g. my delegated prefix from Spectrum).
Anybody else ran into this problem? Any workarounds?
linux routing ipv6
asked Oct 24 at 7:19
Phil Karn
112
add a comment |
Is there any way to tell the kernel which policy routing table should receive the default route learned from an IPv6 router advertisement?
My home network has native IPv6 service from Spectrum and a tunnel from Hurricane Electric that I still need for other reasons. They won't do router redirection so I use policy routing to maintain separate routing tables for each set of source addresses.
My policy rule list first searches the 'main' routing table, which is limited to local destination prefixes that can be reached with either set of source addresses. I tell dhcpcd to tell the kernel to not put a default route into that table, so if there's no match routing falls through to the next rule.
That next rule invokes a HE-specific table for HE source addresses only. That table consists only of a default route pointing at HE.
And the last rule invokes a Spectrum-specific table only for Spectrum source addresses. It contains only a default route pointing at Spectrum.
It all works well enough with static scripts, but it seems inelegant to hardwire addresses all over my scripts. What if Spectrum changes its IPv6 router address?
I'd like to maintain the default route to Spectrum automatically, but the Linux kernel only gives me two choices: pick up Spectrum's router advertisement and put that into a default route in the 'main' table, or (if you set "accept_ra_def_rtr=0"), do nothing. dhcpcd won't tell you the IPv6 gateway address since DHCP6, unlike DHCP4, doesn't assign IPv6 gateways; that function is done by the kernel when it receives Router Advertisement messages.
I could let the kernel install Spectrum's default route in the "main" table, invoke that table only if the source address belongs to Spectrum, and then fall through to the table for HE. But then I'd have to replicate all my local routes in the HE table, and again that gets messy.
A simple and obvious answer occurred to me: let me tell the kernel WHICH routing table to use for default routes to the gateways learned from IPv6 router advertisements. There's even a special table named "default" which is automatically put on the end of the policy rule list. But I can't find any way to tell the kernel to do that. It's either the 'main' table or nothing. Again, I'd rather limit the 'main' table to local entries managed (in part) by dhcpcd (e.g. my delegated prefix from Spectrum).
Anybody else ran into this problem? Any workarounds?
linux routing ipv6
asked Oct 24 at 7:19
Phil Karn
112
add a comment |
Is there any way to tell the kernel which policy routing table should receive the default route learned from an IPv6 router advertisement?
My home network has native IPv6 service from Spectrum and a tunnel from Hurricane Electric that I still need for other reasons. They won't do router redirection so I use policy routing to maintain separate routing tables for each set of source addresses.
My policy rule list first searches the 'main' routing table, which is limited to local destination prefixes that can be reached with either set of source addresses. I tell dhcpcd to tell the kernel to not put a default route into that table, so if there's no match routing falls through to the next rule.
That next rule invokes a HE-specific table for HE source addresses only. That table consists only of a default route pointing at HE.
And the last rule invokes a Spectrum-specific table only for Spectrum source addresses. It contains only a default route pointing at Spectrum.
It all works well enough with static scripts, but it seems inelegant to hardwire addresses all over my scripts. What if Spectrum changes its IPv6 router address?
I'd like to maintain the default route to Spectrum automatically, but the Linux kernel only gives me two choices: pick up Spectrum's router advertisement and put that into a default route in the 'main' table, or (if you set "accept_ra_def_rtr=0"), do nothing. dhcpcd won't tell you the IPv6 gateway address since DHCP6, unlike DHCP4, doesn't assign IPv6 gateways; that function is done by the kernel when it receives Router Advertisement messages.
I could let the kernel install Spectrum's default route in the "main" table, invoke that table only if the source address belongs to Spectrum, and then fall through to the table for HE. But then I'd have to replicate all my local routes in the HE table, and again that gets messy.
A simple and obvious answer occurred to me: let me tell the kernel WHICH routing table to use for default routes to the gateways learned from IPv6 router advertisements. There's even a special table named "default" which is automatically put on the end of the policy rule list. But I can't find any way to tell the kernel to do that. It's either the 'main' table or nothing. Again, I'd rather limit the 'main' table to local entries managed (in part) by dhcpcd (e.g. my delegated prefix from Spectrum).
Anybody else ran into this problem? Any workarounds?
linux routing ipv6
asked Oct 24 at 7:19
Phil Karn
112
Is there any way to tell the kernel which policy routing table should receive the default route learned from an IPv6 router advertisement?
My home network has native IPv6 service from Spectrum and a tunnel from Hurricane Electric that I still need for other reasons. They won't do router redirection so I use policy routing to maintain separate routing tables for each set of source addresses.
My policy rule list first searches the 'main' routing table, which is limited to local destination prefixes that can be reached with either set of source addresses. I tell dhcpcd to tell the kernel to not put a default route into that table, so if there's no match routing falls through to the next rule.
That next rule invokes a HE-specific table for HE source addresses only. That table consists only of a default route pointing at HE.
And the last rule invokes a Spectrum-specific table only for Spectrum source addresses. It contains only a default route pointing at Spectrum.
It all works well enough with static scripts, but it seems inelegant to hardwire addresses all over my scripts. What if Spectrum changes its IPv6 router address?
I'd like to maintain the default route to Spectrum automatically, but the Linux kernel only gives me two choices: pick up Spectrum's router advertisement and put that into a default route in the 'main' table, or (if you set "accept_ra_def_rtr=0"), do nothing. dhcpcd won't tell you the IPv6 gateway address since DHCP6, unlike DHCP4, doesn't assign IPv6 gateways; that function is done by the kernel when it receives Router Advertisement messages.
I could let the kernel install Spectrum's default route in the "main" table, invoke that table only if the source address belongs to Spectrum, and then fall through to the table for HE. But then I'd have to replicate all my local routes in the HE table, and again that gets messy.
A simple and obvious answer occurred to me: let me tell the kernel WHICH routing table to use for default routes to the gateways learned from IPv6 router advertisements. There's even a special table named "default" which is automatically put on the end of the policy rule list. But I can't find any way to tell the kernel to do that. It's either the 'main' table or nothing. Again, I'd rather limit the 'main' table to local entries managed (in part) by dhcpcd (e.g. my delegated prefix from Spectrum).
Anybody else ran into this problem? Any workarounds?
linux routing ipv6
linux routing ipv6
asked Oct 24 at 7:19
Phil Karn
112
asked Oct 24 at 7:19
Phil Karn
112
edited Oct 24 at 7:24
asked Oct 24 at 7:19
Phil Karn
112
asked Oct 24 at 7:19
Phil Karn
112
asked Oct 24 at 7:19
Phil Karn
112
112
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Using this suppressor in ip rule:
suppress_prefixlength NUMBER
reject routing decisions that have a prefix length of NUMBER or less.
You can use the main table, unmodified, in your first (lower priority value) rule, while ignoring its default route by using something like:
ip -6 rule add priority 32000 from all lookup main suppress_prefixlength 0
This rule will ignore any /0 prefix from the main routing table, ie, the "default" default route.
The main table can still be reused later with its default route (in the usual rule with priority 32766) if nothing else matched before (ie: if the rule for the HE source didn't match in an in-between rule).
answered yesterday
A.B
3,8171723
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f477428%2flinux-ipv6-specifying-policy-routing-table-for-default-gateway-learned-from-a-r%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Using this suppressor in ip rule:
suppress_prefixlength NUMBER
reject routing decisions that have a prefix length of NUMBER or less.
You can use the main table, unmodified, in your first (lower priority value) rule, while ignoring its default route by using something like:
ip -6 rule add priority 32000 from all lookup main suppress_prefixlength 0
This rule will ignore any /0 prefix from the main routing table, ie, the "default" default route.
The main table can still be reused later with its default route (in the usual rule with priority 32766) if nothing else matched before (ie: if the rule for the HE source didn't match in an in-between rule).
answered yesterday
A.B
3,8171723
add a comment |
Using this suppressor in ip rule:
suppress_prefixlength NUMBER
reject routing decisions that have a prefix length of NUMBER or less.
You can use the main table, unmodified, in your first (lower priority value) rule, while ignoring its default route by using something like:
ip -6 rule add priority 32000 from all lookup main suppress_prefixlength 0
This rule will ignore any /0 prefix from the main routing table, ie, the "default" default route.
The main table can still be reused later with its default route (in the usual rule with priority 32766) if nothing else matched before (ie: if the rule for the HE source didn't match in an in-between rule).
answered yesterday
A.B
3,8171723
add a comment |
Using this suppressor in ip rule:
suppress_prefixlength NUMBER
reject routing decisions that have a prefix length of NUMBER or less.
You can use the main table, unmodified, in your first (lower priority value) rule, while ignoring its default route by using something like:
ip -6 rule add priority 32000 from all lookup main suppress_prefixlength 0
This rule will ignore any /0 prefix from the main routing table, ie, the "default" default route.
The main table can still be reused later with its default route (in the usual rule with priority 32766) if nothing else matched before (ie: if the rule for the HE source didn't match in an in-between rule).
answered yesterday
A.B
3,8171723
Using this suppressor in ip rule:
suppress_prefixlength NUMBER
reject routing decisions that have a prefix length of NUMBER or less.
You can use the main table, unmodified, in your first (lower priority value) rule, while ignoring its default route by using something like:
ip -6 rule add priority 32000 from all lookup main suppress_prefixlength 0
This rule will ignore any /0 prefix from the main routing table, ie, the "default" default route.
The main table can still be reused later with its default route (in the usual rule with priority 32766) if nothing else matched before (ie: if the rule for the HE source didn't match in an in-between rule).
answered yesterday
A.B
3,8171723
answered yesterday
A.B
3,8171723
answered yesterday
A.B
3,8171723
answered yesterday
A.B
3,8171723
3,8171723
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f477428%2flinux-ipv6-specifying-policy-routing-table-for-default-gateway-learned-from-a-r%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
