• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Using routed /64 or /48 as source IP

Started by jrowens, December 12, 2008, 01:58:19 AM

Previous topic - Next topic

lukec

You state:-
Quote... I've just noticed that the IPv6 address of the tunnel (user side) does NOT need to be xxxx::2. Can be changed to xxxx::666, or I guess, pretty much anything except xxxx::1 which is assigned server-side.

This is perfectly normal for the tunnel endpoint. As the tunnel "network" is a /64 the address of your end of the tunnel can be any address in that /64
i.e. if your /64 prefix is
2001:470:xxxx:yyyy: (64 bits) with the 2001:0470::/32 being HE and the xxxx:yyyy being what HE have allocated to your /64 tunnel

Then your end can be numbered between

0000:0000:0000:0000 - FFFF:FFFF:FFFF:FFFF (the other 64bits)

Regards
lukec

Ninho

Quote from: lukec on September 21, 2010, 11:33:15 PM

This is perfectly normal for the tunnel endpoint. As the tunnel "network" is a /64 the address of your end of the tunnel can be any address in that /64

This is what I've been pointing out isn't it ? Well I guess your point is that it was self-evident, and while I don't deny there is some evidence in it working like it does, I had not seen it mentionned before.
Moreover when I mentioned changing this address way back, it was replied to me it was not a possibility and I did not investigate back then...

So, evident or not, I think it was worth our time mentioning selecting a non standard tunnel endpoint address doeswork.

Have a good day & Thank you...

lukec

Apologies for
A) Stating the obvious
B) Assuming your tunnel terminated on a router rather than a host.

I guess that explains why HE use a /64 on their tunnels as opposed to a /126 ?

Although, thoughts on:

Switch on IP routing on the host - set a default gateway to the /64 remote tunnel :1 (HE end i.e.through the tunnel) - allocate an address from your (different) routed /64 to your host NIC

Would that then allow "client" software to source from the NIC address as opposed to the tunnel address? Additionally any other machine you had on that LAN using the tunnel host as their default gateway?


Regards
lukec

Ninho

Quote from: lukec on September 22, 2010, 04:14:40 PM
... thoughts on:

Switch on IP routing on the host - set a default gateway to the /64 remote tunnel :1 (HE end i.e.through the tunnel) - allocate an address from your (different) routed /64 to your host NIC

Would that then allow "client" software to source from the NIC address as opposed to the tunnel address? Additionally any other machine you had on that LAN using the tunnel host as their default gateway?

My Win 2k is set up in the way you propose of course, acting as the default IPv6 gateway & address allocator (by way of router advertisements) for the other hosts on the LAN (including any virtual machines running on this OS). Those other hosts IPv6 communications are hence sourced from the routed /64 address space alright, but communications from /this/ host stay by default sourced from the local tunnel address. In absence of customisable "policy" settings in this (primitive) version of the MS TCPIPv6 stack, it seems difficult to hack this behaviour. Not a big deal per se ;=)


lukec

Thanks for the info...as you say not a big deal - but definately worth  knowing...I'd guess that'll be the same for XP...will look ..
Regards
lukec

Ninho

#20
Reviving this old thread since I've got some fresh info that might or might not be interesting.

Reminder : I terminate the HE tunnel at a PC, not a dedicated router, on my home LAN, and running either Linux or Windows 2000.

What I've newly found is that one may allocate to the local end of the TUNNEL interface an IP v6 FROM the ROUTED /64 (instead of an address, usually ::2, FROM the /64 that is "officially" the tunnel's) ! It seems to make no difference to the broker, and there is no need to assign the other (from the "official" tunnel /64 allocation) address in addiditon !
[Edited, to add :] actually there is, it seems,  no need for the user end of the tunnel to have an IPv6 address at all, as long as you don't need or want to source v6 packets from the tunnel itself...

With this unorthodox setting, internet applications running on the Linux or Windows system (my end of the tunnel & acting as the IPv6 router on my LAN) now are using the address from the routed /64 as source IPv6 by default, without any other tweaking. As a bonus this address can be changed instantly, for fun or profit... :=)

Hope this helps; as for me, I consider it has solved the (not biggie) problem at last.