Re: Point-to-point using GRE over IPv6 -> not possible with a single /128 address on the server?
On Tue, Feb 19, 2019 at 5:37 PM Peter G. wrote: > On 19/02/2019 14:06, Andreas Nilsson wrote: > > On Tue, Feb 19, 2019 at 1:38 PM Peter G. wrote: > > > >> On 15/02/2019 17:49, Peter G. wrote: > >>> Now the GRE tunnel > >>> > ifconfig gre6 create > ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6 > >>> #ifconfig: ioctl (SIOCAIFADDR): File exists > > > I have not used gre with ipv6, so I cannot really be of any help. However > > for ipv4 you specify a netmask while setting up the interface, whereas > you > > do not while setting up the ipv6. I also notice that you list fc02:e::200 > > for "other end" but in the commands you have fc:02:e::200 which I guess > is > > just typo. Does > > > > ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 prefixlen 128 tunnelfib 6 > > > > work? Or the whole thing > > > > ifconfig gre6 inet6 fc01:e::100 fc02:e::200 tunnel fc01:e::100 > fc02:e::200 > > prefixlen 128 tunnelfib 6 > > Thanks for answering. The "full" syntax including tunnel definition also > generates the same error, and > > ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 prefixlen 128 tunnelfib 6 > > seems to be equivalent to > > ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6 > > that is, specifying no prefixlen implies "prefixlen 128". Also tried that. > > There's seems to be a quirk how IPv6 is handled. If a particular IPv6 > address is already set on the physical interface, using that particular > address for a GRE definition (i.e. "fc01:e::100" in this case, so single > /128), always generates: > > ioctl (SIOCAIFADDR): File exists > > This is what confuses me. Using IPv4 this way is not an issue. A /32 > address can be set on an interface and the same address can be used for > a GRE link. That's what tunnelfib/FIB is for, to separate routing for GRE. > > And this is what *does not work with IPv6* and I don't understand why. > > Seems to me the server needs to have a whole IPv6 range, and then an > address from that range can be allocated to create/maintain GRE links, > so this can't work with a /128 address available only. > > The problem is that this particular server I need this on, only has a > single /128 address allocated to it. > > _The bottom line:_ I don't understand why an already allocated /128 > address can't be used for a GRE link with its own separate FIB. This is > not logical. > > PG > I did some experimenting yesterday, and it seems to be missbehaving yes. Seems routes shows up in wrong fib and don't go away when the gre interface is destroyed. I also had a few kernel panics, so the whole fibs with ipv6 seems a bit wonky. I think you might want to submit a bug report. Best regards Andreas ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Point-to-point using GRE over IPv6 -> not possible with a single /128 address on the server?
On 19/02/2019 14:06, Andreas Nilsson wrote: > On Tue, Feb 19, 2019 at 1:38 PM Peter G. wrote: > >> On 15/02/2019 17:49, Peter G. wrote: >>> Now the GRE tunnel >>> ifconfig gre6 create ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6 >>> #ifconfig: ioctl (SIOCAIFADDR): File exists > I have not used gre with ipv6, so I cannot really be of any help. However > for ipv4 you specify a netmask while setting up the interface, whereas you > do not while setting up the ipv6. I also notice that you list fc02:e::200 > for "other end" but in the commands you have fc:02:e::200 which I guess is > just typo. Does > > ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 prefixlen 128 tunnelfib 6 > > work? Or the whole thing > > ifconfig gre6 inet6 fc01:e::100 fc02:e::200 tunnel fc01:e::100 fc02:e::200 > prefixlen 128 tunnelfib 6 Thanks for answering. The "full" syntax including tunnel definition also generates the same error, and ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 prefixlen 128 tunnelfib 6 seems to be equivalent to ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6 that is, specifying no prefixlen implies "prefixlen 128". Also tried that. There's seems to be a quirk how IPv6 is handled. If a particular IPv6 address is already set on the physical interface, using that particular address for a GRE definition (i.e. "fc01:e::100" in this case, so single /128), always generates: ioctl (SIOCAIFADDR): File exists This is what confuses me. Using IPv4 this way is not an issue. A /32 address can be set on an interface and the same address can be used for a GRE link. That's what tunnelfib/FIB is for, to separate routing for GRE. And this is what *does not work with IPv6* and I don't understand why. Seems to me the server needs to have a whole IPv6 range, and then an address from that range can be allocated to create/maintain GRE links, so this can't work with a /128 address available only. The problem is that this particular server I need this on, only has a single /128 address allocated to it. _The bottom line:_ I don't understand why an already allocated /128 address can't be used for a GRE link with its own separate FIB. This is not logical. PG ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Point-to-point using GRE over IPv6 -> not possible with a single /128 address on the server?
On Tue, Feb 19, 2019 at 1:38 PM Peter G. wrote: > On 15/02/2019 17:49, Peter G. wrote: > > Now the GRE tunnel > > > >> ifconfig gre6 create > >> ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6 > > #ifconfig: ioctl (SIOCAIFADDR): File exists > > > > Why is this not possible? Isn't the logic behind it the same as with > > IPv4? If not, why not? > > > > Does this mean it is not possible to have a point-to-point using IPv6 on > > a machine with only a single /128 address? > > Is this a stupid question, or something of the sort? Because I truly > don't understand why this wouldn't work. Thanks. > > PG > > I have not used gre with ipv6, so I cannot really be of any help. However for ipv4 you specify a netmask while setting up the interface, whereas you do not while setting up the ipv6. I also notice that you list fc02:e::200 for "other end" but in the commands you have fc:02:e::200 which I guess is just typo. Does ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 prefixlen 128 tunnelfib 6 work? Or the whole thing ifconfig gre6 inet6 fc01:e::100 fc02:e::200 tunnel fc01:e::100 fc02:e::200 prefixlen 128 tunnelfib 6 Best regards Andreas ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Point-to-point using GRE over IPv6 -> not possible with a single /128 address on the server?
On 15/02/2019 17:49, Peter G. wrote: > Now the GRE tunnel > >> ifconfig gre6 create >> ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6 > #ifconfig: ioctl (SIOCAIFADDR): File exists > > Why is this not possible? Isn't the logic behind it the same as with > IPv4? If not, why not? > > Does this mean it is not possible to have a point-to-point using IPv6 on > a machine with only a single /128 address? Is this a stupid question, or something of the sort? Because I truly don't understand why this wouldn't work. Thanks. PG ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Point-to-point using GRE over IPv6 -> not possible with a single /128 address on the server?
Hi, I've got issues establishing a point-to-point ipv6-over-ipv6 GRE link. IPv4 which works as expected: this end: 10.0.1.10 other end: 10.0.2.10 GW: 10.0.1.1 iface: em0 >ifconfig gre4 create >ifconfig gre4 inet 10.0.1.10 10.0.2.10 netmask 0x tunnel 10.0.1.10 10.0.2.10 tunnelfib 2 >route add -host 10.0.1.1 -iface em0 -fib 2 >route add -host 10.0.2.10 10.0.1.1 -fib 2 Works. The tunnel is marked with FIB 2, and a point-to-point is established. Can be used with IPSEC in transport or whatever. Now, IPv6 is problematic. The server has allocated a single IPv6 address with prefixlen 112. This could be the source of the issue. Private addresses replicate the setup. this end: fc01:e::100/112 other end fc02:e::200 GW: fc01:e::1 >ifconfig em0 #em0: # inet6 fc01:e::100 prefixlen 112 This works. Default GW is at fc01:e::1. Now the GRE tunnel >ifconfig gre6 create >ifconfig gre6 inet6 fc01:e::100 fc:02:e::200 tunnelfib 6 #ifconfig: ioctl (SIOCAIFADDR): File exists Why is this not possible? Isn't the logic behind it the same as with IPv4? If not, why not? Does this mean it is not possible to have a point-to-point using IPv6 on a machine with only a single /128 address? Found this as reference: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208173 but what he did was on a much broader range. Many thanks! Peter ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"