= Сообщение: 6711 из 7402 ============================================= IPV6 = От : Alexey Vissarionov 2:5020/545 04 Jul 21 17:27:22 Кому : Victor Sudakov 04 Jul 21 17:27:22 Тема : Two ISPs and backup for a home network (dual-homing) FGHI : area://IPV6?msgid=2:5020/545+60e1ce69 На : area://IPV6?msgid=2:5005/49+60e14ba9 = Кодировка сообщения определена как: CP866 ================================== Ответ: area://IPV6?msgid=2:5005/49+610aadfa ============================================================================== Good ${greeting_time}, Victor!
04 Jul 2021 12:44:50, you wrote to me:
VS>>>>> I know that my home router can advertise multiple global IPv6 VS>>>>> prefixes into the LAN, but how will LAN hosts failover to the VS>>>>> backup gateway if the primary ISP fails? They will have IPv6 VS>>>>> addresses from both blocks, which should they choose for their VS>>>>> outgoing src address? AV>>>> This is the preferred mode of operation AV>>>> 1. All hosts in the LAN must be able to do the switching|balancing AV>>>> on thy own AV>>>> 2. This may require some manual configuration on every of them. VS>>> This is not feasible because most of those LAN hosts are VS>>> smartphones, smart TVs, vacuum cleaners, cameras and other IoT VS>>> devices. AV>> Most of these devices have Linux kernel, but crippled userspace.
In general, IoT devices should reside in a separate VLAN without any access to outer world. Whether you need to access any of them from outside, you have SSH running on the gateway for that.
VS>>>>> With two IPv4 ISPs and NAT, the setup is rather trivial, VS>>>>> outgoing connections will work via either of the ISPs because VS>>>>> the hosts needn't be aware of the failure, and their src VS>>>>> private IP is always the same. Can anyone enlighten me? AV>>>> This is second option, but you'd lose the main advantage of AV>>>> IPv6: the use of publicly routed addresses. VS>>> Indeed. I don't like the idea of using NAT in IPv6 even if I VS>>> could. So what's the solution? AV>> For dumb devices, especially portable, I'd suggest using NPT. VS> How well does NPT (being stateless) work with FTP, SIP and other VS> protocols which embed addresses into payload?
FTP is dead. SIP clients normally use only LAN (everything else should be performed by a gateway).
Well, I can imagine a SIP client connecting to the corporate SIP PBX. To work properly in a multi-link environment, it have to establish _two_ connections for the SIP control channels. Software PBXes (Asterisk and some others) are known to work. Clients running on a PDAs are unlikely.
AV>> Fully functional computers may be connected to some other VLANs AV>> (two at once in your case) and configured to use real addresses. VS> Speaking of those fully functional computers in the LAN, do you VS> mean the setup when there is a script pinging some outside hosts/ VS> interfaces and modifying the IPv6 routing table, or something more VS> advanced and interesting?
Trivial per-interface VRF.
-- Alexey V. Vissarionov aka Gremlin from Kremlin gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii
... god@universe:~ # cvs up && make world --- /bin/vi * Origin: ::1 (2:5020/545)