From owner-freebsd-net@FreeBSD.ORG  Mon Jul  4 12:39:19 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D7413106564A
	for <freebsd-net@freebsd.org>; Mon,  4 Jul 2011 12:39:19 +0000 (UTC)
	(envelope-from freebsd@psconsult.nl)
Received: from mx1.psconsult.nl (mx1.psconsult.nl [80.89.238.138])
	by mx1.freebsd.org (Postfix) with ESMTP id 60BC98FC17
	for <freebsd-net@freebsd.org>; Mon,  4 Jul 2011 12:39:18 +0000 (UTC)
Received: from mx1.psconsult.nl ([80.89.238.138])
	by mx1.psconsult.nl (8.14.4/8.14.4) with ESMTP id p64COviN044031
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-net@freebsd.org>; Mon, 4 Jul 2011 14:25:03 +0200 (CEST)
	(envelope-from freebsd@psconsult.nl)
Received: (from paul@localhost)
	by mx1.psconsult.nl (8.14.4/8.14.4/Submit) id p64COvM2044030
	for freebsd-net@freebsd.org; Mon, 4 Jul 2011 14:24:57 +0200 (CEST)
	(envelope-from freebsd@psconsult.nl)
X-Authentication-Warning: mx1.psconsult.nl: paul set sender to
	freebsd@psconsult.nl using -f
Date: Mon, 4 Jul 2011 14:24:57 +0200
From: Paul Schenkeveld <freebsd@psconsult.nl>
To: freebsd-net@freebsd.org
Message-ID: <20110704122457.GA43696@psconsult.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Multiple IPv6 ISPs
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2011 12:39:19 -0000

Hi,

At one of my customers we have had 2 ISPs for a long time but now we
have to support IPv6 too.

In the IPv4 world I used ipfw for policy-based routing to separate
traffic from the two public address ranges:

    ipfw add 1010 allow ip from any to MY_IP_RANGES
    ipfw add 1020 fwd ISP1_GW ip from ISP1_SUBNET to any
    ipfw add 1030 fwd ISP2_GW ip from ISP2_SUBNET to any

When I try the same with IPv6, it appears that ipfw(8) does not support
an IPv6 destination with the fwd statement, the packet matching part
seems to work fine.  This appears documented in bin/117214 (Oct 2007)
but never solved.

Before asking the list I went looking for other options, setfib came to
mind but it appears that setfib only works on IPv4, is that correct or
am I overlooking something?

Pf is used for firewalling and doing both filtering and policy based
routing in pf doesn't work.

Anyway, how do other people solve this?  I need to run services on both
address ranges so flipping a default gateway when pinging the next hop
fails does not solve it for me.

Soon, having IPv6 is no longer an option but rather a necessity.

Regards,

Paul Schenkeveld