[Babel-users] IPv6 ULA GUA S2S routing problem

Daniel Gröber dxld at darkboxed.org
Mon Mar 13 09:51:50 GMT 2023 

Hi Jochen,

On Mon, Mar 13, 2023 at 09:50:31AM +0100, Jochen Demmer wrote:
> I though I could use babeld to just fill that gap and always have a
> route to the prefix I get at home. So even when there is a disconnect
> and a new prefix, I thought babeld will just fetch it and push it over
> to site B.
> 
> Is that a valid idea? If so, what would a configuration will look like?

You can definetly use babel here. You just need to add some config lines to
redistribute your prefixes. Quoting the manpage:

       By  default,  babeld  redistributes  all  local addresses, and no other
       routes.  In order to make sure that only the routes you specify are re‐
       distributed, you should include the line

              redistribute local deny

So that's a good start and then you just need to add filters to get the
prefixes in:

    redistribute local deny
    redistribute ip fd5e:ef07:ec1a::/48 #< Site A ULA prefix
    redistribute ip 2000::/3            #< Site X GUA prefixes

And that's pretty much it for the babel side. Just add the interface(s) you
want to run on to /etc/default/babeld (on Debian at least) and you should
be good to go.

There is one gotcha that I'd like to point out. babeld fucks with a number
of ip sysctls which you might not expect if your routers are already setup
as you want them. You can disable this using `skip-kernel-setup true`. Grep
the source for skip_kernel_setup to see the sysctls it touches.

Note that by default babeld will accept all routes from neighbours. You
might want to add `in` filters to prevent the other site from announcing
routes it's not allowed to send.

You can be more specific with the GUA prefixes if you like but that's a
local policy matter :)

> Do I just have to configure the wireguard interface on both sites or
> will I have to add filters?

To get babel to work on wg you have to 1) add a unique fe80::/64 interface
address on each side and 2) if using restrictive AllowedIPs include
fe80::/64 and ff02::1:6 in the list.

Let me know how it goes,
--Daniel

More information about the Babel-users mailing list