{"id":549,"date":"2018-07-01T03:18:27","date_gmt":"2018-07-01T02:18:27","guid":{"rendered":"https:\/\/tollana.d-tor.org\/notes-to-self\/?p=549"},"modified":"2018-07-01T03:19:10","modified_gmt":"2018-07-01T02:19:10","slug":"multi-homed-telekom-vodafone-and-hetzner","status":"publish","type":"post","link":"https:\/\/tollana.d-tor.org\/notes-to-self\/?p=549","title":{"rendered":"Multi-homed: Telekom, Vodafone and Hetzner"},"content":{"rendered":"

Problem<\/h3>\n

I refined my network configuration a bit, because there was a problem: When I pinged the Vodafone IPv6 address of hadante from my new, shiny Hetzner box, it wouldn’t answer, because I got the policy routing wrong.<\/p>\n

Initially I routed everyting to<\/em> Hetzner via the Vodafone interface, but that’s plain wrong. This way hadante even sent packets originating from Telekom IP’s via the Vodafone interface, with the Telekom IP as source. What I really wanted:<\/p>\n

    \n
  1. answer requests to the Vodafone interface via Vodafone<\/li>\n
  2. make Telekom the default route<\/li>\n<\/ol>\n

    Answer requests to the Vodafone IP<\/h3>\n

    The solution was easy: create a rule to send everything from<\/em> the Vodafone interface out there. Unfortunately, nothing is as easy as it seems. Because the Vodafone-IPv6-Prefix is semi-static, systemd-networkd policy routing doesn’t work. The routing table can be filled automatically:<\/p>\n

    [Match] \r\nName=ext \r\n\r\n[Network] \r\nDHCP=yes \r\nIPv6Token=::dead:b0a1 \r\n\r\n[DHCP] \r\nRouteMetric=4096 \r\nRouteTable=199 \r\n\r\n[IPv6AcceptRA] \r\nRouteTable=199<\/pre>\n
    The RouteTable directive adds the routes acquired by DHCP and Router Announcments to the routing table 199 (aka kd, see \/etc\/iproute2\/rt_tables), but without a rule it doesn’t do anything. The IPv6Token directive sets the IPv6 address to <prefix>::dead:b0a1, by the way.<\/p>\n
    The rule is added by a perl script written by yours truly. It does something like this (pseudo perl code):<\/p>\n
    ...\r\n$old = <old IPv6 address>;\r\n$new = <new IPv6 address>;\r\n# match old prefix\r\n$old =~ m#^([[:xdigit:]]{1,4}:[[:xdigit:]]{1,4}:[[:xdigit:]]{1,4}:[[:xdigit:]]{1,4}:)#;\r\n# delete old rule\r\nsystem(\"\/usr\/bin\/ip -6 rule dele from $1:\/64 table kd\");\r\n# match new prefix\r\n$new =m#^([[:xdigit:]]{1,4}:[[:xdigit:]]{1,4}:[[:xdigit:]]{1,4}:[[:xdigit:]]{1,4}:)#;\r\n# add new rule\r\nsystem(\"\/usr\/bin\/ip -6 rule add from $1:\/64 lookup kd\");\r\n...<\/pre>\n
    This way both the Telekom IP and the Vodafone IP work from anywhere. As a bonus, IPv6 requests to Hetzner from the delegated Telekom IPv6 network now work, too \ud83d\ude42<\/p>\n
    Configuring the Telekom interface<\/h3>\n
    During my network configuration spree I tried to configure the Telekom interface with systemd-networkd instead of dhcpcd, but that didn’t work, unfortunately. I couldn’t get the prefix delegation to the internal interface to work. Supposedly systemd-networkd can do it, but the documentation is, let’s say, sparse at best. After several attempts I gave up and reverted to dhcpcd, as described in this post<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Problem I refined my network configuration a bit, because there was a problem: When I pinged the Vodafone IPv6 address of hadante from my new, shiny Hetzner box, it wouldn’t answer, because I got the policy routing wrong. Initially I routed everyting to Hetzner via the Vodafone interface, but that’s plain wrong. This way hadante … Continue reading Multi-homed: Telekom, Vodafone and Hetzner<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36,77,76],"tags":[70,131,55,129],"class_list":["post-549","post","type-post","status-publish","format-standard","hentry","category-hetzner","category-linux","category-network","tag-ipv6","tag-kd","tag-telekom","tag-vodafone"],"_links":{"self":[{"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/posts\/549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=549"}],"version-history":[{"count":2,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/posts\/549\/revisions"}],"predecessor-version":[{"id":551,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=\/wp\/v2\/posts\/549\/revisions\/551"}],"wp:attachment":[{"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tollana.d-tor.org\/notes-to-self\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}