From owner-freebsd-net@FreeBSD.ORG Mon Jul 4 21:08:21 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53768106566B for ; Mon, 4 Jul 2011 21:08:21 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 2AD128FC17 for ; Mon, 4 Jul 2011 21:08:21 +0000 (UTC) Received: from julian-mac.elischer.org (home-nat.elischer.org [67.100.89.137]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id p64L8Gx5027698 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 4 Jul 2011 14:08:19 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <4E122BBE.5030809@freebsd.org> Date: Mon, 04 Jul 2011 14:08:14 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11 MIME-Version: 1.0 To: Paul Schenkeveld References: <20110704122457.GA43696@psconsult.nl> In-Reply-To: <20110704122457.GA43696@psconsult.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Multiple IPv6 ISPs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2011 21:08:21 -0000 On 7/4/11 5:24 AM, Paul Schenkeveld wrote: > Hi, > > At one of my customers we have had 2 ISPs for a long time but now we > have to support IPv6 too. > > In the IPv4 world I used ipfw for policy-based routing to separate > traffic from the two public address ranges: > > ipfw add 1010 allow ip from any to MY_IP_RANGES > ipfw add 1020 fwd ISP1_GW ip from ISP1_SUBNET to any > ipfw add 1030 fwd ISP2_GW ip from ISP2_SUBNET to any > > When I try the same with IPv6, it appears that ipfw(8) does not support > an IPv6 destination with the fwd statement, the packet matching part > seems to work fine. This appears documented in bin/117214 (Oct 2007) > but never solved. > > Before asking the list I went looking for other options, setfib came to > mind but it appears that setfib only works on IPv4, is that correct or > am I overlooking something? no, setfib for IPV6 is not complete I know that work is underway to fix that, it may be possible to use netgraph and vnetjails to simulate it somehow as vnet supports ipv6. > Pf is used for firewalling and doing both filtering and policy based > routing in pf doesn't work. > > Anyway, how do other people solve this? I need to run services on both > address ranges so flipping a default gateway when pinging the next hop > fails does not solve it for me. > > Soon, having IPv6 is no longer an option but rather a necessity. > > Regards, > > Paul Schenkeveld > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >