Create a gist now

Instantly share code, notes, and snippets.

@b4ldr /irc.log Secret
Created Sep 6, 2014

Embed
What would you like to do?
21:37 < balder> anyone care to look at this https://lists.quagga.net/pipermail/quagga-dev/2014-September/011523.html and let me know if
21:37 < balder> this is a bug or if im missing something?
21:37 < balder> quagga mailing list seems to be pretty dead
21:39 < balder> small note that i get same behaviour on 0.99.23 (which is current stable i belive)
21:40 < pppingme>| is that writeup from you, or just one you found similar to your issue?
21:40 < balder> its from me
21:42 < balder> the follow up threads show a bit more progress i have had but still not got a complete work around
21:43 < pppingme>| I'd start out by saying your addressing scheme is BAD.. its conflicting
21:43 < illuminated>| yay backstreet boys :D
21:43 < balder> the post is using example address space on purpose
21:43 < pppingme>| an individual IP should never have a mask/prefixsize of larger than /64.. so your ip address of x:x::42/48 on the interface is WRONG
21:44 < pppingme>| and of course it conflicts with the ip on eth0
21:44 < pppingme>| (looking at router1)
21:44 < balder> well im not sure i agree this is an anycast address that is on a /48 network
21:44 < pppingme>| so before we can even think about addressing a bug, you need to clean up your network
21:44 < balder> however the initial issue did come about from a mistake
21:45 < balder> and it should have been addressed as a /128
21:45 < pppingme>| C>* 2001:db8::/48 is directly connected, dummy0
21:45 < pppingme>| C>* 2001:db8:1::/64 is directly connected, eth0
21:45 < balder> however im trying to understand the issue
21:45 < pppingme>| there's yoru conflict, those are overlapping networks
21:45 < pppingme>| period
21:45 < pppingme>| issue solved
21:45 < pppingme>| anycast isn't the issue here
21:45 < balder> yes there was an error in the config and it should have been different
21:46 & almostworking waits for the yea but still and is not disappointed
21:46 < balder> however it is a valid config
21:46 < pppingme>| with a conflicting address, so no, its not valid
21:46 < balder> and i would not expect bgp to choose and link-local next hop based on the name
21:46 < pppingme>| the same IP can not appear on two locally connected subnets
21:46 < balder> its not the same ip
21:47 < pppingme>| the 2nd falls within the range of the 1st..
21:47 < pppingme>| so yes, its conflicting
21:48 < Daemoen>| ok, can someone else more senior than me explain how in the hell ATT is being allowed to mislead customers into believing that Fiber is an inferior product to classic RJ11, thus
RJ11 they can provide up to 45Mbps, but on FTTP/FTTH they will only allow 24Mbps
21:48 < pppingme>| fix the problem, create new dumps of all your configs if you want us to look again, and see if what you call the bug is still there..
21:48 < balder> its to ip's on overlapping networks, if you can point me to an rfc that says that is invalid then i will cease
21:48 & Daemoen cannot wrap his head around how in the hell ATT has this so screwed up that having fiber to the home grants him a lower connection than twisted pair....
21:49 < pppingme>| oh, crap, this is a common sense issue
21:49 nick ~ smeaaagle_ is now smeaaagle
21:49 < balder> yes i know its a common sense issue but mistakes happen, this is rfc complient so quagga should behavie in a
21:49 < balder> predictable way so i can put in messures for someone fucking up in future
21:49 < pppingme>| you can not have a host with connected to two networks with overlapping ip ranges, the host would never know how to route a packet that could potentially fall on both networks
21:49 < almostworki>| actually no customer ISP provides sustained transfer of anything decent, im on fiber i get like 1Mpbs up, even with this new SYmantrical ooooo , internet. pffffft
21:50 < almostworki>| im moving to japan
21:50 < almostworki>| well 1mbps up on SSH , so throttling me
21:50 < pppingme>| its like giving two people the same phone number, when someone calls it, which should ring?
21:50 < balder> pppingme: thats not correct at all. in te above case it should use the most specific route
21:50 < pppingme>| its not addressed in RFC's because its too basic of a common sense issue
21:50 < balder> i.e. the /64 over the /48
21:50 < Daemoen>| almostworking: thats not my problem, im in a very new area, cost of living is insane, but we get fiber to the homefor att....
21:50 < pppingme>| its not a ROUTE its an INTERFACE ADDRESS...
21:51 < balder> which creates a connected route
21:51 < Daemoen>| they have their 45mbps package in our complex, but apparently, ONLY if i use twisted pair for delivery
21:51 < balder> as you pasted above
21:51 < pppingme>| you are correct, *IF IT WERE AN INJECTED ROUTE* we were talking about, but its not
21:51 < balder> its still a route on the host
21:51 < Daemoen>| since im on their fiber to the premise, they wont let me have the 45mbps, they want to keep me on 24.... or i can convert to the legacy rj11 and get back 45mbps
21:51 < pppingme>| no, its an interface
21:52 < balder> no its a connected route on the host as you pasted above
21:52 < pppingme>| I'm not going to argue this anymore, your config is wacked and shows poor understanding of IP management.
21:57 < balder> pppingme: on re-reading your post im fine with that as you obvioulsy did not get far enough to understand the problem
21:57 < balder> as 2001:db8::/48 and 2001:db8:1::/64 do not overlap.
21:58 & Daemoen peers at balder
21:58 < Daemoen>| ummm...
21:58 < Daemoen>| ..
21:58 < pppingme> balder the 2nd falls within the first THATS FUCKING CALLED OVERLAP
21:58 < almostworki>| HA
21:58 < balder> no it dosen't
21:58 < Daemoen> balder: do you not understand how the ipv6 subnets work?
21:59 < Daemoen>| that /64 is 1/16 of the /64 subnets sliced from that /48
21:59 < balder> do you https://gist.github.com/b4ldr/2817aa728f4148fd999c they do not overlap
21:59 < Daemoen>| so yes, to have that /64, you *have* to be a part of that /48
21:59 < balder> it is the /47 that overlaps
21:59 < pppingme>| yeah, and when you do the /47, you BREAK...
21:59 < pppingme>| duh..
22:00 < Daemoen>| is anyone even issuing /47s ?
22:00 < Daemoen>| the largest assignment ive even seen so far is a /48
22:00 < pppingme>| not that I'm aware of
22:00 < almostworki>| nope
22:00 < pppingme>| oh, no, you can get much larger
22:00 < balder> wat are you talking about many networks announc /32
22:02 < Dagger2> balder: you should basically never have anything that's not /64 assigned to an interface. the only possible exception is something like /126 on a ptp link; you should definitely never
have anything shorter
22:03 < Dagger2>| if you're assigning something other than that, somebody screwed up somewhere
22:03 < pclov3r>| Comcast assigns /128s to WANs
22:03 < pppingme>| pclov3r because he doesn't get ip addressing, and then he wonders why bgp pukes when he changes that to a /47 in an attempt to fix something else
22:03 < balder> Dagger2: yes someone did screw up
22:03 < balder> imjust trying to understand if quagga should have delat with it better
22:03 < pclov3r>| what's wrong with a /64 of interfaces?
22:03 < balder> i.e. it should have picked a better link-local to insert into the routing table
22:04 < pppingme> balder you should never have a interface (not a route, an interface) with a prefix length shorter than /64
22:08 < Daemoen>| or perhaps, moderated, so only "voiced" communications allowed
22:08 < balder> pppingme: i know im coming accross overly academic but is that a spec thing or just best practice. in anycast networks
22:08 < balder> it is common to have only one ip in a /48 dig ns . are all examples of this. i agree that in theses cases you can and
22:08 < balder> imo should use a /128.Ibut if its the only ip in the network then why is it wrong
22:16 < Dagger2> balder: if I had a /48 routed to a machine and I want to use just a single IP from it, I'd probably assign it with /128 on lo
22:17 < balder> Dagger2: we use a dummy interface and that is how we configure it. from testing i couldn't work out how to assign a
22:17 < balder> global scope ipv6 address to lo in linux. which would help as lo does not have a link local
22:18 < Dagger2>| a /48 is a bunch of /64s, and /64s are assigned to networks. if you have no network to assign one to, then using /64 (let alone /48) on either lo or a dummy interface feels kinda
wrong
22:19 < balder> Dagger2: i completly agree, i will say again this was not how we are ment to configure the network, someone made a
22:19 < balder> mistake however i dont see why it should have cause a problem
22:19 < Dagger2> balder: `ip addr add 2001:db8::42/128 dev lo` ought to work
22:23 < balder> Dagger2: thanks it does i think i must have only checked via network onfig scripts, this could help thanks
22:23 < Dagger2>| which for you in the /47 case is dummy0
22:24 < balder> Dagger2: yes im just starting my vm's now to see how quagga deals with it if the /47 is on the lo
22:29 < Dagger2> balder: I guess it'll happen to work because lo sorts after eth0. best to use /128 so that it works regardless of the order though
22:30 < Dagger2>| having your network behavior depend on the names of the interfaces is, uh, non-ideal
22:30 < pppingme>| the whole concept of putting a lo or dummy interface on a /47 is just stupidity..
22:30 < pclov3r>| what does it prove?
22:30 < pppingme>| routing to it, is a different concept though
22:31 < pppingme>| I duno what his idea is, but it basically makses the entire /47 unusable for anything else
22:32 < balder> Dagger2: thanks using the lo stops the wrong link-local address been used as lo does not have one
22:33 < balder> and i will say again i agree the iterface should be on a /128 but people make mistakes and i want to minimise the
22:33 < balder> impact of a mistake happening again
22:36 < balder> Dagger2: just for the record i tried it with eth renamed as zzz to make sure it was not just because of sort order
22:39 < Dagger2> balder: fair enough
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment