• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Are there any practical ways for ipv6 multihoming ?

Started by lespinasse, July 10, 2021, 03:24:58 AM

Previous topic - Next topic

lespinasse

So I have two IPv6 providers - my ISP gives me native IPv6 (but with some limitations such as no reverse DNS, and DHCP prefix delegation which is not guaranteed not to change), and he.net gives me an IPv6 tunnel. I use both on different segments of my home network - native on the guest lan, tunnel where I run most of my (small) servers.

Today the tunnel is having some issues, and it got me to think - in a v4 context, I could very easily switch over to my other provider, by just doing NAT on the router until things go back to normal. But with IPv6, are there any quick solutions when one of the providers unexpectedly goes down ? switching to the other provider isn't as easy because it involves every machine on the lan having to get new addresses somehow. Doable in a matter of hours, but not as a quick switch-over.

I am wondering, are there any practical solutions to this ?

lespinasse

I looked into it and found a few papers, but apparently it's complicated :)

Maybe another way would be to implement a quick switch from fully dual-stack to mostly-ipv4, at the name server level (so that it wouldn't involve config changes on every host), for those times where one's ipv6 routes aren't behaving. Something like https://tomthorp.me/blog/disabling-ipv6-name-resolution-bind-9x

hmmsjan

Hi lespinasse,

If your router is Linux based and you're still using ip6tables, (I did not learn the new nftables yet), you can place two rules in the mangle table for the provider's  interface:
POSTROUTING chain target SNPT maps HE's prefix to provider
PREROUTING chain target DNTP maps provider's prefix to HE. 

If those rules are in place, you can safely switch the default IPv6 route to the provider and  both provider's addresses and HE addresses go to the provider. What surprised me is that the 5th segment of the /64 changed too, but that's the way to keep the packet's checksum alive....