On Thu, Mar 06, 2025 at 04:41:46PM +0100, Ondřej Caletka wrote: > Can you please be more specific about this solution? Which IPv6 addresses do > you use in your network? Is it a prefix of one of the providers, ULA or > something else?
Right now ULA + prefix from one provider. I used prefixes from both providers in the past. I see no limit regarding the combinations. > Can you more elaborate on why the provider's prefix has to be longer? It does not have to. My statement was misleading. The point was that it can be longer and this method continues working. > If internal prefix is fd12:dead:beef::/48 > Provider A is using 2001:db8:a::/56 > Provider B is using 2001:db8:b::/56 > > The translator receives packet from fe12:dead:beef:1234::1 and chooses > provider A, will it translate its source address to 2001:db8:a:0034::1? Yes > If yes, what then happens with packets from fe12:dead:beef:ab34::1? The same: It is rewritten to 2001:db8:a:0034::1 > Also, can you link the repository/PR regarding the patch you use? https://patchwork.ozlabs.org/project/openwrt/patch/[email protected]/ The core aspect is this nftables snippet that is filled according to the current prefix delegation: "snat ip6 to ip6 saddr and " + suffix_mask + " or " + base_addr This shows how powerful the expressions in nftables are: Logical operations with IPs are possible. In the example, the generated action would be: snat ip6 to ip6 saddr and ::ff:ffff:ffff:ffff:ffff or 2001:db8:a:: Before that, an accept rule is generated if the source address already matches the uplink IP so that this snat action is skipped. ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ipv6-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
