[Babel-users] preferred source address vs babel

Christof Schulze christof.schulze at gmx.net
Fri Jul 6 23:01:36 BST 2018 

On Fri, Jul 06, 2018 at 11:38:28PM +0200, Juliusz Chroboczek wrote:
>> The packets never traverse the 2a02-network yet it is showing up in the
>> traceroute and that way the 2a02 addresses are leaking into the mesh
>> revealing information about the node that should not be revealed.
>> Sacondly packets originating from the node like DNS may leave the node
>> with an inappropriate ipv6 address and could possibly be routed out
>> through the wan interface of the node.
>
>I understand what you're trying to do.  I want to understand why.
>
>Which interface is the address in 2a02 installed on?  If it's a different
>interface, then according to RFC 6724 Section 5 rule 5, the other address
>should be chosen.  If the address is installed on the same interface, then
>I'd like to understand why.
2a02 is assigned to br-wan
2a06 is assigned to local-node which is a veth-pair bridged into 
br-client. The mesh is mesh0, mesh1 and so on.
The node can be addressed by its 2a06 address. This is the default setup 
of gluon.
When now communicating over the mesh, neither the 2a02 nor the 2a06 
address is on the interface used for the communication so it seems that 
sometimes one or the other is chosen by the kernel. I have not followed 
this up in the code though.

This might be resolvable by applying network namespaces. I have to say 
though that I am not sure if we should be relying on that mechanism as 
it seems rather complex for such a seemingly simple thing.


> > > I have no objection (and I'd be glad to apply a well-written patch
> > > that does that), but I don't think this should be necessary.
>
> > I opened a PR for this
>
>https://github.com/jech/babeld/pull/15
>
>As I've said there, I don't think it should be a command-line option --
>it should live in the configuration file. If people want to put it on
>the command-line, they should be using "-C".
>
>What's more, I don't think it makes sense for it to be a global option,
>since with multiple interfaces you don't usually want to use the same
>address with all interfaces. I can see the following:
>
> - it could be an interface option, in which case it would apply to all
> routes going out through that interface;
> - it could be a filter option, in which case it would apply to 
> matching routes.
I agree that having this set as a global option is probably a little too
crude. Between those two options I think the first should be sufficient
for most use cases and I am willing to listen to other opinions here.

Christof

-- 
()  ascii ribbon campaign - against html e-mail
/\  against proprietary attachments

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/babel-users/attachments/20180707/b053991a/attachment.sig>

More information about the Babel-users mailing list