1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: ifupdown and inet6 gateways for inet interfaces

    From Tim Woodall@21:1/5 to Andy Smith on Sat Sep 28 17:40:01 2024
    On Fri, 27 Sep 2024, Andy Smith wrote:

    Hi,

    Here is a manual network setup I have created by use of the "ip"
    command:

    $ ip address show dev enX0
    2: enX0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:16:5e:00:02:39 brd ff:ff:ff:ff:ff:ff
    inet 85.119.82.225/32 scope global enX0
    valid_lft forever preferred_lft forever
    inet6 2001:ba8:1f1:f1d7::2/64 scope global
    valid_lft forever preferred_lft forever
    inet6 fe80::216:5eff:fe00:239/64 scope link
    valid_lft forever preferred_lft forever
    $ ip route show
    default via inet6 fe80::1 dev enX0 src 85.119.82.225
    $ ip -6 route show
    2001:ba8:1f1:f1d7::/64 dev enX0 proto kernel metric 256 pref medium
    fe80::/64 dev enX0 proto kernel metric 256 pref medium
    default via fe80::1 dev enX0 metric 1024 pref medium

    Note that it has a single global scope IPv4 address which is a /32, and
    its IPv4 default route is via an IPv6 link-local address.

    This works fine, however I had to configure it using the "ip" command:

    Fascinating! I had absolutely no idea you could do that!

    I suspect you can do it with pre-up commands and inet6 manual. I'd not
    be surprised if everything else expects a gateway to be on the same
    AF_FAMILY.

    I've used this where I want an interface up but don't want it
    configured but you can add whatever ip commands you need.

    auto xenbr0_19
    iface xenbr0_19 inet6 manual
    pre-up echo 0 >/proc/sys/net/ipv6/conf/default/accept_dad
    pre-up echo 0 >/proc/sys/net/ipv6/conf/default/accept_ra
    bridge_ports intlan0.19
    bridge_stp off # disable Spanning Tree Protocol
    bridge_waitport 0 # no delay before a port becomes available
    bridge_fd 0 # no forwarding delay

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to Andy Smith on Sat Sep 28 21:40:01 2024
    On Sat, Sep 28, 2024 at 07:25:37PM +0000, Andy Smith wrote:
    I got a reply on Fedi basically to that effect, by someone who had
    recently presented on the subject

    And here's Tobias's presentation (21 minutes; link to slides on that
    page):

    https://ripe88.ripe.net/archives/video/1358/

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to Tim Woodall on Sat Sep 28 21:30:01 2024
    Hi,

    On Sat, Sep 28, 2024 at 04:37:31PM +0100, Tim Woodall wrote:
    Fascinating! I had absolutely no idea you could do that!

    It is fun. πŸ˜€ Having users, even if it was supported in ifupdown,
    netplan etc I'm still not sure I would do it just yet as it may be far
    too unexpected for them.

    I suspect you can do it with pre-up commands and inet6 manual. I'd not
    be surprised if everything else expects a gateway to be on the same AF_FAMILY.

    I got a reply on Fedi basically to that effect, by someone who had
    recently presented on the subject:

    https://wybt.net/@tfiebig/113213745122607112

    The issue are the routes; With netplan, I just set the route via
    puppet atm (you could use the funny netplan equivalent of post-up;
    Don't have it from the top of my head.)

    For ifupdown, it is just a 'skip the gateway and put the `ip -4
    route` statement into a post-up.

    A reply to that showed how netplan triggers scripts, so both things
    basically need external commands at the moment.

    Thanks,
    Andy

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to All on Sat Sep 28 00:50:01 2024
    Hi,

    Here is a manual network setup I have created by use of the "ip"
    command:

    $ ip address show dev enX0
    2: enX0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:16:5e:00:02:39 brd ff:ff:ff:ff:ff:ff
    inet 85.119.82.225/32 scope global enX0
    valid_lft forever preferred_lft forever
    inet6 2001:ba8:1f1:f1d7::2/64 scope global
    valid_lft forever preferred_lft forever
    inet6 fe80::216:5eff:fe00:239/64 scope link
    valid_lft forever preferred_lft forever
    $ ip route show
    default via inet6 fe80::1 dev enX0 src 85.119.82.225
    $ ip -6 route show
    2001:ba8:1f1:f1d7::/64 dev enX0 proto kernel metric 256 pref medium
    fe80::/64 dev enX0 proto kernel metric 256 pref medium
    default via fe80::1 dev enX0 metric 1024 pref medium

    Note that it has a single global scope IPv4 address which is a /32, and
    its IPv4 default route is via an IPv6 link-local address.

    This works fine, however I had to configure it using the "ip" command:

    # ip address add 85.119.82.225/32 dev enX0
    # ip -4 route add default via inet6 fe80::1 src 85.119.82.225

    Is it possible to configure that using ifupdown's
    /etc/network/interfaces syntax?

    If there's no actual syntax for this (particularly, the "gateway" option
    says it expects a dotted quad) possibly it can be done with pre-up
    commands?

    Is it doable with any of the other network configuration frameworks (systemd-networkd, NetworkManager, netplan, …)?

    Thanks,
    Andy

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to jeremy ardley on Sat Sep 28 04:50:01 2024
    Hi,

    On Sat, Sep 28, 2024 at 10:00:01AM +0800, jeremy ardley wrote:
    On 28/9/24 06:42, Andy Smith wrote:
    # ip address add 85.119.82.225/32 dev enX0
    # ip -4 route add default via inet6 fe80::1 src 85.119.82.225

    Is it possible to configure that using ifupdown's
    /etc/network/interfaces syntax?

    […]

    Is it doable with any of the other network configuration frameworks (systemd-networkd, NetworkManager, netplan, …)?

    […]

    In regard to systemd-networkd and likely all other choices it probably won't work.

    You would be better off using iptables or nftables to NAT the IPv4 to IPv6 and route that instead.

    Hmm, that is pretty gross since with an IPv6 nexthop there is no NAT
    involved at all, only normal layer 3 routing. You would actually have to
    NAT it twice (464XLAT) as otherwise the traffic comes out as IPv6 and
    not the original global IPv4 addresses.

    It seems a pretty excessive thing to do when the Linux kernel does
    support just plain routing of IPv4 packets through IPv6 destinations and
    the only thing missing here is seemingly distribution integration.

    If you had no network configuration framework at all and just set up
    your networking with a shell script, this would work. I think it could
    also work with ifupdown if you abused pre-up commands, which would
    certainly be preferable to two layers of NAT!

    Something like

    auto enX0
    iface enX0 inet
    address 85.119.82.225/32
    pre-up ip -4 route add default via inet6 fe80::1 dev $IFACE src 85.119.82.225

    could probably do it…

    I probably won't though as chances are I will end up wanting to use
    something other than ifupdown at some point, and then I'd be stuffed.
    I'll just wait for the various frameworks to gain the features that
    "ip" already supports I guess! (πŸ’€)

    Thanks,
    Andy

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Smith@21:1/5 to Andy Smith on Tue Oct 8 18:00:01 2024
    On Fri, Sep 27, 2024 at 10:42:39PM +0000, Andy Smith wrote:
    Is it doable with any of the other network configuration frameworks (systemd-networkd, NetworkManager, netplan, …)?

    It's not directly doable in ifupdown but can be bodged with hook
    commands.

    It's not doable in netplan. There is a wishlist bug here: https://bugs.launchpad.net/netplan/+bug/2083945

    It apparenlty is doable in systemd-networkd v252+ https://github.com/systemd/systemd/issues/24345

    Thanks,
    Andy

    --
    https://bitfolk.com/ -- No-nonsense VPS hosting

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)