Hello Jonas,
I would say the right way to go is get an ASN and do proper BGP routing.
Everything you describe, is imho basically a textbook example of an autonomous
system.
Maria
On March 6, 2025 1:47:29 PM GMT+01:00, Jonas Lochmann
<[email protected]> wrote:
>My goal is to use multiple uplinks, but not only for redundancy. Most of
>the time, all (in my case 2) uplinks are available and then the question
>is how to make use of both of them.
>
>With IPv4, NAT is common and thus the solution is quite simple. In my
>case, I am using the mwan3 package from OpenWrt. It uses iptables rules
>to add firewall marks to connections. If multiple uplinks are available,
>then the mark/uplink is chosen randomly and assigned to this (e.g. TCP)
>connection. This firewalls marks are used during a policy based routing.
>With a masquerade/source NAT, the right source address for the used
>route is picked and everything just works.
>
>In case of IPv6, everything is different. NAT is uncommon. One solution
>is to enable NAT and then everything works as with IPv4. Alternatively,
>RFC 8678 describes that clients can be informed about multiple uplinks.
>The limitation: I do not see any option for load balancing.
>
>RFC 8678 references other solutions. Shim6 seems to be not widely
>implemented. The Multipath Transports look like a solution for the
>future with Mulitpath TCP. The last solution is NPTv6. RFC 8678 does not
>like the solution. It is no NAT, but it still rewrites the addresses.
>
>The disadvantage: Stateless address rewriting seems only usable if there
>is only one prefix known to the network. If this is the global prefix of
>one uplink, then all connections are interrupted if the prefix of this
>uplink is changed. If this is the local prefix, then the clients do not
>know their public addresses.
>
>I tried to use a stateful source address rewriting instead. With
>nftables, this is easy to implement and it works if the prefix length of
>the uplink is longer (smaller subnet) than the internal network: Just
>keep the prefix and replace the bits after it with the original source
>address. With this, I can use local addresses in the local network and
>additionally provide the public address/es of one or more uplinks.
>
>I am using this in production at one location since multiple years and
>thus know that this works. I am interested in other approaches,
>experiences and feedback for this method.
>-----
>To unsubscribe from this mailing list or change your subscription options,
>please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/
>As we have migrated to Mailman 3, you will need to create an account with the
>email matching your subscription before you can change your settings.
>More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
--
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the
email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
