Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Basics & Questions & General Chatter => Topic started by: lespinasse on July 10, 2021, 03:24:58 AM

Title: Are there any practical ways for ipv6 multihoming ?
Post by: lespinasse on July 10, 2021, 03:24:58 AM
So I have two IPv6 providers - my ISP gives me native IPv6 (but with some limitations such as no reverse DNS, and DHCP prefix delegation which is not guaranteed not to change), and he.net gives me an IPv6 tunnel. I use both on different segments of my home network - native on the guest lan, tunnel where I run most of my (small) servers.

Today the tunnel is having some issues, and it got me to think - in a v4 context, I could very easily switch over to my other provider, by just doing NAT on the router until things go back to normal. But with IPv6, are there any quick solutions when one of the providers unexpectedly goes down ? switching to the other provider isn't as easy because it involves every machine on the lan having to get new addresses somehow. Doable in a matter of hours, but not as a quick switch-over.

I am wondering, are there any practical solutions to this ?
Title: Re: Are there any practical ways for ipv6 multihoming ?
Post by: lespinasse on July 11, 2021, 12:55:27 AM
I looked into it and found a few papers, but apparently it's complicated :)

Maybe another way would be to implement a quick switch from fully dual-stack to mostly-ipv4, at the name server level (so that it wouldn't involve config changes on every host), for those times where one's ipv6 routes aren't behaving. Something like https://tomthorp.me/blog/disabling-ipv6-name-resolution-bind-9x
Title: Re: Are there any practical ways for ipv6 multihoming ?
Post by: hmmsjan on August 04, 2021, 02:17:29 AM
Hi lespinasse,

If your router is Linux based and you're still using ip6tables, (I did not learn the new nftables yet), you can place two rules in the mangle table for the provider's  interface:
POSTROUTING chain target SNPT maps HE's prefix to provider
PREROUTING chain target DNTP maps provider's prefix to HE. 

If those rules are in place, you can safely switch the default IPv6 route to the provider and  both provider's addresses and HE addresses go to the provider. What surprised me is that the 5th segment of the /64 changed too, but that's the way to keep the packet's checksum alive....