-
-
Save b4ldr/599efdc62793f60a05a7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21:37 < balder> anyone care to look at this https://lists.quagga.net/pipermail/quagga-dev/2014-September/011523.html and let me know if | |
21:37 < balder> this is a bug or if im missing something? | |
21:37 < balder> quagga mailing list seems to be pretty dead | |
21:39 < balder> small note that i get same behaviour on 0.99.23 (which is current stable i belive) | |
21:40 < pppingme>| is that writeup from you, or just one you found similar to your issue? | |
21:40 < balder> its from me | |
21:42 < balder> the follow up threads show a bit more progress i have had but still not got a complete work around | |
21:43 < pppingme>| I'd start out by saying your addressing scheme is BAD.. its conflicting | |
21:43 < illuminated>| yay backstreet boys :D | |
21:43 < balder> the post is using example address space on purpose | |
21:43 < pppingme>| an individual IP should never have a mask/prefixsize of larger than /64.. so your ip address of x:x::42/48 on the interface is WRONG | |
21:44 < pppingme>| and of course it conflicts with the ip on eth0 | |
21:44 < pppingme>| (looking at router1) | |
21:44 < balder> well im not sure i agree this is an anycast address that is on a /48 network | |
21:44 < pppingme>| so before we can even think about addressing a bug, you need to clean up your network | |
21:44 < balder> however the initial issue did come about from a mistake | |
21:45 < balder> and it should have been addressed as a /128 | |
21:45 < pppingme>| C>* 2001:db8::/48 is directly connected, dummy0 | |
21:45 < pppingme>| C>* 2001:db8:1::/64 is directly connected, eth0 | |
21:45 < balder> however im trying to understand the issue | |
21:45 < pppingme>| there's yoru conflict, those are overlapping networks | |
21:45 < pppingme>| period | |
21:45 < pppingme>| issue solved | |
21:45 < pppingme>| anycast isn't the issue here | |
21:45 < balder> yes there was an error in the config and it should have been different | |
21:46 & almostworking waits for the yea but still and is not disappointed | |
21:46 < balder> however it is a valid config | |
21:46 < pppingme>| with a conflicting address, so no, its not valid | |
21:46 < balder> and i would not expect bgp to choose and link-local next hop based on the name | |
21:46 < pppingme>| the same IP can not appear on two locally connected subnets | |
21:46 < balder> its not the same ip | |
21:47 < pppingme>| the 2nd falls within the range of the 1st.. | |
21:47 < pppingme>| so yes, its conflicting | |
21:48 < Daemoen>| ok, can someone else more senior than me explain how in the hell ATT is being allowed to mislead customers into believing that Fiber is an inferior product to classic RJ11, thus | |
RJ11 they can provide up to 45Mbps, but on FTTP/FTTH they will only allow 24Mbps | |
21:48 < pppingme>| fix the problem, create new dumps of all your configs if you want us to look again, and see if what you call the bug is still there.. | |
21:48 < balder> its to ip's on overlapping networks, if you can point me to an rfc that says that is invalid then i will cease | |
21:48 & Daemoen cannot wrap his head around how in the hell ATT has this so screwed up that having fiber to the home grants him a lower connection than twisted pair.... | |
21:49 < pppingme>| oh, crap, this is a common sense issue | |
21:49 nick ~ smeaaagle_ is now smeaaagle | |
21:49 < balder> yes i know its a common sense issue but mistakes happen, this is rfc complient so quagga should behavie in a | |
21:49 < balder> predictable way so i can put in messures for someone fucking up in future | |
21:49 < pppingme>| you can not have a host with connected to two networks with overlapping ip ranges, the host would never know how to route a packet that could potentially fall on both networks | |
21:49 < almostworki>| actually no customer ISP provides sustained transfer of anything decent, im on fiber i get like 1Mpbs up, even with this new SYmantrical ooooo , internet. pffffft | |
21:50 < almostworki>| im moving to japan | |
21:50 < almostworki>| well 1mbps up on SSH , so throttling me | |
21:50 < pppingme>| its like giving two people the same phone number, when someone calls it, which should ring? | |
21:50 < balder> pppingme: thats not correct at all. in te above case it should use the most specific route | |
21:50 < pppingme>| its not addressed in RFC's because its too basic of a common sense issue | |
21:50 < balder> i.e. the /64 over the /48 | |
21:50 < Daemoen>| almostworking: thats not my problem, im in a very new area, cost of living is insane, but we get fiber to the homefor att.... | |
21:50 < pppingme>| its not a ROUTE its an INTERFACE ADDRESS... | |
21:51 < balder> which creates a connected route | |
21:51 < Daemoen>| they have their 45mbps package in our complex, but apparently, ONLY if i use twisted pair for delivery | |
21:51 < balder> as you pasted above | |
21:51 < pppingme>| you are correct, *IF IT WERE AN INJECTED ROUTE* we were talking about, but its not | |
21:51 < balder> its still a route on the host | |
21:51 < Daemoen>| since im on their fiber to the premise, they wont let me have the 45mbps, they want to keep me on 24.... or i can convert to the legacy rj11 and get back 45mbps | |
21:51 < pppingme>| no, its an interface | |
21:52 < balder> no its a connected route on the host as you pasted above | |
21:52 < pppingme>| I'm not going to argue this anymore, your config is wacked and shows poor understanding of IP management. | |
21:57 < balder> pppingme: on re-reading your post im fine with that as you obvioulsy did not get far enough to understand the problem | |
21:57 < balder> as 2001:db8::/48 and 2001:db8:1::/64 do not overlap. | |
21:58 & Daemoen peers at balder | |
21:58 < Daemoen>| ummm... | |
21:58 < Daemoen>| .. | |
21:58 < pppingme> balder the 2nd falls within the first THATS FUCKING CALLED OVERLAP | |
21:58 < almostworki>| HA | |
21:58 < balder> no it dosen't | |
21:58 < Daemoen> balder: do you not understand how the ipv6 subnets work? | |
21:59 < Daemoen>| that /64 is 1/16 of the /64 subnets sliced from that /48 | |
21:59 < balder> do you https://gist.github.com/b4ldr/2817aa728f4148fd999c they do not overlap | |
21:59 < Daemoen>| so yes, to have that /64, you *have* to be a part of that /48 | |
21:59 < balder> it is the /47 that overlaps | |
21:59 < pppingme>| yeah, and when you do the /47, you BREAK... | |
21:59 < pppingme>| duh.. | |
22:00 < Daemoen>| is anyone even issuing /47s ? | |
22:00 < Daemoen>| the largest assignment ive even seen so far is a /48 | |
22:00 < pppingme>| not that I'm aware of | |
22:00 < almostworki>| nope | |
22:00 < pppingme>| oh, no, you can get much larger | |
22:00 < balder> wat are you talking about many networks announc /32 | |
22:02 < Dagger2> balder: you should basically never have anything that's not /64 assigned to an interface. the only possible exception is something like /126 on a ptp link; you should definitely never | |
have anything shorter | |
22:03 < Dagger2>| if you're assigning something other than that, somebody screwed up somewhere | |
22:03 < pclov3r>| Comcast assigns /128s to WANs | |
22:03 < pppingme>| pclov3r because he doesn't get ip addressing, and then he wonders why bgp pukes when he changes that to a /47 in an attempt to fix something else | |
22:03 < balder> Dagger2: yes someone did screw up | |
22:03 < balder> imjust trying to understand if quagga should have delat with it better | |
22:03 < pclov3r>| what's wrong with a /64 of interfaces? | |
22:03 < balder> i.e. it should have picked a better link-local to insert into the routing table | |
22:04 < pppingme> balder you should never have a interface (not a route, an interface) with a prefix length shorter than /64 | |
22:08 < Daemoen>| or perhaps, moderated, so only "voiced" communications allowed | |
22:08 < balder> pppingme: i know im coming accross overly academic but is that a spec thing or just best practice. in anycast networks | |
22:08 < balder> it is common to have only one ip in a /48 dig ns . are all examples of this. i agree that in theses cases you can and | |
22:08 < balder> imo should use a /128.Ibut if its the only ip in the network then why is it wrong | |
22:16 < Dagger2> balder: if I had a /48 routed to a machine and I want to use just a single IP from it, I'd probably assign it with /128 on lo | |
22:17 < balder> Dagger2: we use a dummy interface and that is how we configure it. from testing i couldn't work out how to assign a | |
22:17 < balder> global scope ipv6 address to lo in linux. which would help as lo does not have a link local | |
22:18 < Dagger2>| a /48 is a bunch of /64s, and /64s are assigned to networks. if you have no network to assign one to, then using /64 (let alone /48) on either lo or a dummy interface feels kinda | |
wrong | |
22:19 < balder> Dagger2: i completly agree, i will say again this was not how we are ment to configure the network, someone made a | |
22:19 < balder> mistake however i dont see why it should have cause a problem | |
22:19 < Dagger2> balder: `ip addr add 2001:db8::42/128 dev lo` ought to work | |
22:23 < balder> Dagger2: thanks it does i think i must have only checked via network onfig scripts, this could help thanks | |
22:23 < Dagger2>| which for you in the /47 case is dummy0 | |
22:24 < balder> Dagger2: yes im just starting my vm's now to see how quagga deals with it if the /47 is on the lo | |
22:29 < Dagger2> balder: I guess it'll happen to work because lo sorts after eth0. best to use /128 so that it works regardless of the order though | |
22:30 < Dagger2>| having your network behavior depend on the names of the interfaces is, uh, non-ideal | |
22:30 < pppingme>| the whole concept of putting a lo or dummy interface on a /47 is just stupidity.. | |
22:30 < pclov3r>| what does it prove? | |
22:30 < pppingme>| routing to it, is a different concept though | |
22:31 < pppingme>| I duno what his idea is, but it basically makses the entire /47 unusable for anything else | |
22:32 < balder> Dagger2: thanks using the lo stops the wrong link-local address been used as lo does not have one | |
22:33 < balder> and i will say again i agree the iterface should be on a /128 but people make mistakes and i want to minimise the | |
22:33 < balder> impact of a mistake happening again | |
22:36 < balder> Dagger2: just for the record i tried it with eth renamed as zzz to make sure it was not just because of sort order | |
22:39 < Dagger2> balder: fair enough | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment