On Tue, Sep 04, 2012 at 08:13:59AM +0200, Remi Locherer wrote:
> On Sat, Sep 01, 2012 at 01:29:02PM -0700, Philip Guenther wrote:
> > On Fri, Aug 31, 2012 at 7:52 AM, Remi Locherer <remi.loche...@relo.ch>
> > wrote:
> > > On Fri, Aug 31, 2012 at 09:47:39AM -0400, Simon Perreault wrote:
> > >> Le 2012-08-31 03:19, Remi Locherer a ?crit :
> > >> >I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner
> > >> >also
> > >> >provides IPv6 but somehow with a strange setup. I got something like the
> > >> >following from them:
> > >> >
> > >> >Gateway Address: 2001:db8:1:1110::1/64
> > >> >Subnet I can use: 2001:db8:1:1111/64
> >
> >
> > > This works. But I have to figure out (ask Hetzner) if I'm the only
> > > customer they use 2001:db8:1:1110::/64 (I think so).
> >
> > I think the question I would have asked them is
> > What does your box (2001:db8:1:1110::1) need in order for it to
> > figure out how to send packets for my network (2001:db8:1:1111::/64)
> > to my box? Does my box need to have a specific address or send
> > out router advertisements?
> >
> > I.e., how is is their box going to know get the ethernet address of
> > your box so that it can send the packets to it?
>
> I now got an answer from Hetzner:
> - I'm not allowed to use an address from the gateway subnet. They will
> block my traffic if I'm using such an address
> - They recommend that I configure a /59 prefix. In my opinion this makes
> no sense. I now configured a /63 prefix which contains my subnet and
> the gateway subnet (this works).
>
> They did not explain how their gateway is configured to send traffic to
> my host without configuring a specific address on my host.
It's a good practice to use link-local addresses for default routes.
ICMPv6 Redirects won't work with the global ones for example, because
one of the RFCs requires the redirect packet's source address to match
the address you sent it to in the first place. Try telling them that.
Or ask them why can't they take one of your addresses and
use it for their gateway? This is just crazy.
Yes, their MAC addresses/{U,G,D}UIDs can change; that's why you need to
ask them first. It also helps if they're running CARP/VRRP, because if
they don't play with VHIDs, their MAC addresses don't change with their
infrastructure :-)
--
Martin Pelikan
