Experiments with native OVH IPv6 aren't good, and that doesn't offer IP portability, so perhaps a HE tunnel is better?
If we could put a tunnel on router-001 and assign IP relative to it, that would be a good idea too.
A GRE tunnel on the top on Drake is less a good idea.
If not, a tunnel directly on web-001 is acceptable.
| rOPS Nasqueron Operations | |||
| D3519 | rOPS344f51ee1d23 Use prefixlen 56 for OVH IPv6 | ||
| D3078 | rOPS5fc89c1c92cd Setup native IPv6 connectivity on web-001 | ||
| D3077 | rOPS2fd842db91ed Allow to determine IPv6 routing strategy | ||
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | Epic | None | T1898 Decommission Ysul | ||
| Open | dereckson | T1803 Move and migrate Ysul production services elsewhere | |||
| Open | dereckson | T1828 Provide Alkane, Nasqueron PaaS to serve PHP and static sites | |||
| Resolved | dereckson | T1853 Setup IPv6 connectivity on web-001 |
Experiments with native OVH IPv6 aren't good
Identified as an issue with NDP, fixed in https://reviews.freebsd.org/D23695.
So it's expected that works fine on web-001 (FreeBSD 13.2, with that fix) but can't be repro on router-001 (FreeBSD 13.1, without that fix).
For T1854, I'm currently upgrading router-001 to FreeBSD 13.2.
Note that only seems to solve OUTGOING connectivity, and not ingoing connectivity. So for web-001, a tunnel is probably best.
With proper route configuration, I've in/out IPv6 connectivity for web-001 with OVH native IP.
Routing:
In term of configuration file that means, we need to provide this with Salt:
ipv6_static_routes="gw default" ipv6_route_gw="2001:41d0:0303:d9ff:00ff:00ff:00ff:00ff -iface vmx1" ipv6_route_default="default 2001:41d0:0303:d9ff:00ff:00ff:00ff:00ff"
We need to figure how to express the idea "GW isn't in our prefix" to use that syntax
instead of the more straightforward "ipv6_defaultrouter=..." which is the current Salt config.
FYI, ipv6_defaultrouter defines static_routes as "_default" and creates a _default route:
*)
ipv6_static_routes="${ipv6_static_routes} _default"
ipv6_route__default="default ${ipv6_defaultrouter}"
;;(Note how this syntax solves one of the T1757 extra route issue: by including the variable even empty, we're sure not to overwrite the current routing)
Incoming connectivity:
$ ping -6 www-alkane.nasqueron.org PING6(56=40+8+8 bytes) 2001:bc8:6005:5:aa1e:84ff:fef3:5d9c --> 2001:41d0:303:d971::517e:c0de 16 bytes from 2001:41d0:303:d971::517e:c0de, icmp_seq=0 hlim=53 time=5.707 ms 16 bytes from 2001:41d0:303:d971::517e:c0de, icmp_seq=1 hlim=53 time=5.777 ms 16 bytes from 2001:41d0:303:d971::517e:c0de, icmp_seq=2 hlim=53 time=5.682 ms 16 bytes from 2001:41d0:303:d971::517e:c0de, icmp_seq=3 hlim=53 time=5.743 ms 16 bytes from 2001:41d0:303:d971::517e:c0de, icmp_seq=4 hlim=53 time=5.758 ms
We need to figure how to express the idea "GW isn't in our prefix" to use that syntax
instead of the more straightforward "ipv6_defaultrouter=..." which is the current Salt config.
D3077 introduced a new network_utils.can_directly_be_discovered method for that.
When true, we can use ipv6_defaultrouter. When false, we use the two routes.
[ Priority high, as it's a blocker to switch ready sites - like MediaWiki and the static ones - to Alkane ]