how does FreeBSD decide between two IPv4 addresses on the same interface, I have a public /32 and a private address, but it always picks the private address, on Linux it picks the first, but the /32 public address is first yet freebsd is still sending http/icmp traffic using the second address (private address) which will be dropped by the router when trying to access the internet

polarian: man ifconfig; prefer_source

polarian: you should also ensure the non-preffered ip(s) are listed as alias

zi: thats IPv6 only

rgr, check the alias bits

hmm alright, alias is meant to be deprefered, yet it seems to have no affect, I swap around the two addresses, one alias one not, and it still picks the same one regardless of which way around or whether its an alias or not :/

public /32 eh? what's that default route eh

polarian: the easiest way to do this is to simply route the IPv4 /32s via IPv6 link local addresses, then you don't need to care about arp or ptp

if my switch sees the mac addresses of the hosts i'm trying to ping, then how else can i diagnose why arp who has / pings don't work

my bridge doesn't need an IP, does it

rtprio: a layer 2 switch does not need an IP address, but if you want the switch to be able to ping hosts, it needs an IP address on that vlan

i have a few hosts on the vlan. the 2 physical hosts ping ok, the 3rd is a bhyve vm.

the bhyve vm seems deaf, which is unfortunate as it's acting as the dhcpd

it was working last night, but i don't think i changed anything;

show ifconfig for the bridge, the bridge members and any other relevant interfaces

standard `vm switch ` config

interface lagg0.4000 appears not to be up?

what the shit

vlans interfaces don't come up by default, you need ifconfig_lagg0_4000="up"

yeah, that appears to be it

thank you

now i can move onto the yak of why i can't pxe with boot.efi

i assume you don't literally mean PXE, since that only works with BIOS boot, as far as i'm aware. UEFI netboot is something else

hm, maybe that's not true actually

i was able to `filename "/boot/loader.efi";` on my bhyve vms and they netboot no problem

there are a number of different netboot protocols at this point, but referring to them all as pxe is ubiquitous unless one is talking about specific support

but on this hardware system, i get the

... can't find it now, basically 'that blob is too large'

it gets very confusing

ivy: didn't realise you could mix the inet families...

in fact I thought you explicitly couldn't

rtprio: the default route is a point to point address

but for some reason freebsd IP priority doesnt seem to do anything

it doesnt matter which one I alias, and which I add, in whatever order, it selects the exact same IP no matter what

hello, aloha and al-salam aleyqom. sup y'all?

much more than should be

ivy, we did it! cgit.freebsd.org/src/commit/?id=de3…a85d8f99d260cbfa6242dd8e4ece693e4f8

good job team

hey

i have question about ipv6 autoconfig. On my FreeBSD machine, IPv6 is autoconfigured when i plug the ethernet wire but it doesn't configure the IPv6 default gateway

i don't have this problem with other operating systems

(note that i enabled ipv6_gateway for other purposes)

how can i ask to FreeBSD to also autoconfigure the default IPv6 gateway

titou: please show the output of ifconfig for the interface you expected to get a default route via

ivy: you gotta modify the default route right? in his case i mean.

scottpedia: no, IPv6 default route configuration is supposed to be automatic when an RA is received

RA?

router advertisement

okay

(also IPv6 autoconfig is quite long.. it takes several minutes before the interface got its IPv6

)

for instance i just restarted the machine and as you can see the IPv6 is not set yet

titou: your interface doesn't have an IPv6 link local address. try setting ifconfig_igb0_ipv6="up" in /etc/rc.conf and rebooting

that should cause a link local address to be assigned immediately when the system boots, which is required for SLAAC to work correctly

for instance the IPv6 got its configuration now

ok i will try

in fact in my rc.conf I had: ifconfig_igb0_ipv6="inet6 accept_rtadv"

that's not good?

titou: try adding auto_linklocal to that: it isn't usually required, but for some reason it doesn't seem to be happening automatically on your system

in fact you don't have any nd6 flags at all, which is quite odd

what FreeBSD version is this?

13.4

sorry 14.3

so: inet6 accept_rtadv auto_linklocal ?

yes

are you sure you included the full ifconfig output in your first paste? it's quite odd not to have nd6 options there

indeed i'm sure

i will reboot and try again

at least by default every interface should have PERFORMNUD,IFDISABLED

now I got the local IPv6 after reboot

and after IPv6 has been configured on the interface route is not set.. Thus when I try to ping an IPv6 server I got ping6: UDP connect: No route to host

if I manually set it, it works

run 'tcpdump -evi igb0 icmp6', wait for an RA to be sent (it might take a few minutes) and show what it looks like

you could temporarily increase the RA interval on the router to make that easier

[icmp6 sum ok] ICMP6, neighbor advertisement ...

but no route is configured..

show the full packet please

sorry, this is the wrong packet, i'd like to see the router advertisement (RA), not the ND/NS

oh sorry

ivy: pastebin.com/gbbQGhgp

while we're waiting, could you show 'netstat -rn -f inet6' and 'netstat -in -f inet6'?

ivy: what do these two cmds do?

scottpedia: netstat -r shows the routing table, netstat -i shows an overview of interfaces and assigned IP addresses. -n disabled DNS resolution, and -f inet6 restricts the output to IPv6

don't care about vlan*

titou: okay, one more question, is the net.inet6.ip6.forwarding sysctl enabled?

yes

[11:53] <titou> (note that i enabled ipv6_gateway for other purposes)

titou: try setting net.inet6.ip6.rfc6204w3=1

done

usually, routers are not allowed to configured routes based on RAs, that sysctl enables this anyway

you may need to wait for another ra-interval to see if it worked (or just reboot)

yup

ok!

ivy: man how long've you been playing with fbsd or linux?

you seem extra-knowledgeable

scottpedia: i've been using FreeBSD since around 3.4, before that i used NetBSD. Linux i started around Debian hamm (2.0)

when was that?

FreeBSD 3.4 was 1999, Debian 2.0 was 1998

NetBSD <3 :)

okay that's hardcore

my first Unix system was NetBSD 1.0, around 1996

so you must be at least 20 years my senior I suppose

I must leave. I'll check and tell you ivy!

thank you so much for your time

titou: np

what was the computer you used those stuff on? ivy

scottpedia: NetBSD and Debian on an Amiga, later i moved to PC. i started using FreeBSD on servers (Pentium III, i think)

okay alright

dunno too much about those ones

Amiga PPC ?

maccampus: 68030

it ran Debian Linux ?

what's their performance like?

maccampus: yes, Debian was one of the best platforms for m68k Linux at the time. NetBSD was the other one

scottpedia: slow. as in, leave it overnight to run make world

pfff, God needed 7 days

okay so what did people use those stuff to do back then? ivy

scottpedia: everything they on computers. at the time a 68030 was a relatively decent CPU, if not the fastest you could buy

s/they on/they did on/

maccampus: 6 to be accurate. the seventh is the first sabbath

what were the typical applications?

as in "use cases"

uh... again, anything people did on computers. play games, send email, write documents, developer software...

oh, then it's correct, the song i mean, "on the 7th day he chilled out"

what kind of games can you play on that kind of hardware?

1990s games

on Mac 030 you could play Command & Conquer

ivy

are an amiga user?

you know video games have existed since the 1980s, right?

even before i think

mosaid: not anymore, i used to be

yeah I know but the firsts I played were like on xbox already

ivy: Main computer back then PPC?

can't imagine games played on "microcontrollers"

mosaid: m68k

an xbox consist also of a "Microcontroller"

scottpedia: the 68030 is not a microcontroller, it's a fully-featured CPU designed to run Unix

So you never upgraded to PPC

mosaid: no, i moved to PC

scottpedia: youtube.com/watch?v=tVwScInZfP8

the pc runs which OS ?

scottpedia: have you heard of Sun (the company)? their entire line of computers, and SunOS, was built on m68k until they switched to SPARC

Not Windows i hope

maccampus: I was a Macintosh user

ivy: yeah I know about Sun, where Gosling worked. but still they seem ancient cause I've never touched any of that kind of hardware. my first laptop was a macbook air in 2014.

i was indded

maccampus: uh, are you asking what i use now? my desktop is a Mac, i have a Windows PC for work and gaming, our home server runs FreeBSD and i have some hosting stuff that also runs FreeBSD

mosaid: so am I I guess

scottpedia: they are ancient. you can still buy m68k CPUs but they're firmly targeted at embedded, and they're much slower than basically any modern CPU. but in the 1990s, the m68k was competitive with the Intel 386/486. it's really the Pentium era where that changed; that's why AIM introduced PowerPC

my desktop is a Mac, i have a Windows PC from work and gaming i do on Playstation, my server runs Linux on a PPC Mac

ivy: in face of my overwhelming lack of knowledge, what do you recommend I do so that I may get a grasp of the age of computing before I was born?

I will move away from Mac/MacOS though as i will not buy an Apple CPU

scottpedia: i'm not the right person to ask about that, i don't need to read about that era since i lived it :-)

i'm sure there must be some books about it though

maccampus: same. after more than 10 years of using mac. I am compelled to move away because of apple's increasingly bad designs.

it'd become unprofitable if I keep using a mac

it's true sadly

did you work in the technical sector back then? like when Sun was still alive? ivy

last time i criticised Apple i got an angry message on the freebsd slack, so i won't say anything about this :-)

You get that when you put your stuff in the wrong hole

scottpedia: during the 1990s no, i was in a high school. i did work in tech when Sun was around

okay alright

I think the last great mbp was the 2015 version

since then apple's been abusing the consumers based on a solid "brand loyalty"

no replaceable parts, etc...

yeah or replaable , but only by Apple splied hw

I have the 2017 iMac, the last desktop that offered some freedom

maccampus: I was using Macintosh Classic 1990

System 6

I was trying to upgrade to 7

you can't put replaceable parts in a laptop nowadays, LPDDR only provides such good power efficiency because it's connected directly to the CPU. everyone is switching to this, not just Apple

My first Mac was an 040 Duo & a PPC 7500

i've been procrastinating since a long time ago because of various life events. I should have done the migration already.

upgradeable laptops will be limited to enthusiast market which is willing to sacrifice battery life, like Framework

the 040 fell from the sky (;

ivy: I won't accept a arm processor on my laptop/desktop.

scottpedia: who mentioned ARM?

oh, Apple

ivy: i mean apple is switching full-scale to arm processors on mbps

the Mx is ARM

scottpedia: but you said your complaint was about replaceable parts. actually it's about the CPU architecture?

both

sorry gotta go nice chatting

i would accept it if the system would remain being modular & upgrdable & the OS wasn't closed down to unacceptable

they are taking too much away these days

I think the first Sun was on a difernt CPU before 68k

when they took away 32bit support basically all my steam games went to garbege

gargage*

garbage*

and they also plan to take out tun/tap support in a future version

what i want to know about Apple is when they stop supporting M1 Macs. this determines if they actually care about ewaste, or they're just lying about it to please their customer base

what does ewaster have to do with this? you can't recycle an m1 anyways.

i thik OS 28 will unsupport M1

maccampus: Sun-1 (1982) was M68000

scottpedia: once they end macOS support for M1 Macs, everyone will throw away their M1 Macs and buy new Macs. that creates ewaste.

scottpedia: by extending OS support to M1, which are still perfectly capable machines, they can reduce ewaste.

the ssd's will be burned up by then anyway so waste

maccampus: can you share the statistics / evidence your statement is based on?

maccampus: i assume you have something showing that SSD wear will render M1 Macs unusable in a particular time frame?

i cn tell you i already seen in reallife, 2 cases of worned up SSD's in M1 Macs because user ook to few Ram

2 cases, okay. how many M1 Macs did they sell again?

The virtualRam on SSD R/W constants so those chips die the virtual ram moves, the SSD keeps shrinking

As OS & Suftware gets newer they ned more Ram, so even those with adecaute ram will bcome too few & get in this cycle

Does not matter how much they sell, what does mater is that i know ew Mac users in reallife

few *

unfortunally Half of them are Mac users because of me, so i hear their complains first & loudest

evn though i did always say double the Ram, don't take the minimum

ivy: it worked!!! Thanks a lot :)

titou: great

aright I am starting to think there is no way to do this in freebsd, the man pages contain nothing...

theres interface priority

(metric)

polarian: do what?

ivy: prioritise/default a IPv4 when theres multiple on an interface

alias is meant to deprioritise but it doesn't

polarian: if you don't need arp, just put the aliases on lo0

if you do need arp, fix your network to not need arp

...

...

I dont see how that helps

it helps because aliases on lo0 will never be picked as the outgoing address

you are going to need arp, unless you are using IPv6, like you suggested using the lladdr to route the addresses over, but afaik you cant mix inet and inet6 like that!?!?

ivy: I need the address to be the outgoing address though

yes, you can route inet addresses over an inet6 nexthop, everything supports this

the interface has a ptp address which is simply for connecting it to the router

the address I want used is not being used

polarian: put *the* outgoing address on ix0 (or whatever your external interface is), put the other addresses on lo0

freebsd keeps sending a RFC1918 src address when its trying to reach WAN and its being dropped by the router (for obvious reasons)

ivy: that will break arp

will it not?

polarian: so stop using arp. route the /32s to where they're meant to go

I tried that, without arp freebsd throws no route errors

despite adding a route

well ping throws no route

then you did something wrong, show ifconfig + netstat -rn

also I thought arp was mandatory

how would L2 work without arp?!?

arp is not mandatory if you route using IPv6 nexthops, but if you don't want to do that, put *one* IPv4 address on the interface and route the rest via that address

right... so stick the public IP address on lo?

i don't know what significance "the public IP address" has here

alright

do you have an RFC1918 network where you want to route one non-RFC1918 address to an internal machine?

I did some yapping last night when I was trying different ways of trying to assign a /32 address to a client which is behind a router

I was told the only way to make it work is if I use a /31 (or /30) private range between router and client

and then route the /32 public IP over that

if you do this over IPv4, then yes, you need at least one /31 or /30 on the link net, but that can be RFC1918 space

however I was told this works on Linux, where the first IP on the iface is the default, for some reason on FreeBSD it just picks the private IP, no matter which one I put as an alias (alias is meant to deprioritise it)

ivy: thats what I did

but the src header is ALWAYS the /31 address

polarian: yes, the IP address on the interface is the default outgoing address

fetch 1.1.1.1

ivy: theres two addresses right now

which is why I am asking how to change the default

as freebsd no matter what I do (flip the order, alias the /31 address) I cant make it use the /32 address

polarian: do you have an RFC1918 internal network and you want to route a /32 to a specific machine, and that machine should use the public /32 as its default outgoing address?

alright the client is connected to a switch which is the sole client on a vlan which is on my router, the vlan on my router is setup to pass all packets from the /32 to WAN

ivy: "support" wdym support? i am using an 2018 intel mbp and it's been running perfectly without no "support" from Apple.

I was originally just going to NAT it but my friend moaned that I should be allocating the public IP directly to the client so its easier for him

you use AA right? and you have a /28 or whatever and you want to route one address from that /28 to an internal system?

ivy: pretty much

also its a /29, I have been on AA for years, the /28 is a recent thing

rumour has it they have handed out /27 and /26 as well on request :P

~and if you can justify why you need it~

anyways regardless of the point

I do not simply want to allocate a /29, lose a gateway addr, network address and broadcast, and also limit it to one vlan

my original plan was to just allocate a /32 per vlan and nat it, therefore meaning to change IP addresses, I can do it entirely router side

no need to modify any server network configs

this sounds awful and i don't think you should do this

but like I said, friend moaned I am being lazy and demanded I stuck the /32 onto the client

is your internal entirely IPv6 native?

s/internal/internal network

err... on the wifi vlan there is :P

G.U.Y.S.

on this vlan there is a /64 block allocated to it

but not setup

although ideally I would stick the /64 on the host and route it via lladdr

polarian: my suggestion is to start by deploying IPv6 internally, then route your /32s over IPv6 nexthops. trust me, this is *much* easier

no need to waste an address on the gateway

ivy: giving up on this will piss me off though :/

polarian: there's a reason basically all SP networks are switching to this design, and it still applies on the home network scale

I want to get it to work

ivy: when you finish with him, I'd love to continue our conversation.

I can make it better in the future

also ivy wont freebsd just drop a packet if there is no IPv4 route

scottpedia: sorry, i'm not interesting in discussing Apple hardware support any further

like I said I have not heard of IPv4 addresses routing via lladdr

polarian: you may not have heard of it, but it exists and works fine

ivy: okay what about other stuff?

so is it as simple as sticking the gateway addr as the lladdr of the router and then sticking the /32 onto the interface, or is there more to it?

11!rose ~# route get 46.235.229.111

route to: nightshade.ipv4.le-fay.org

destination: nightshade.ipv4.le-fay.org

gateway: fe80::2%vmnet.nightshad

...

does the IPv4 packet get encapsulated in an IPv6 packet then?

no, it just uses IPv6 ND to find the Ethernet address of the nexthop, then it sends the IPv4 packet normally

ohhh

so you are basically replacing arp with IPv6 ND

yes

alright so you have the src mac, dest mac, and src IP

what about the dest IP?

?

the dest IPv4 address is in the packet header

if the router iface has no inet address whats the dest IPv4?

you use IPv6 ND for the dest mac no? but if you arent using IPv4 at all what is in the dest IPv4 packet header

the destination address

which would mean the iface on the router still needs an IPv4 address...

no?

it does, but not because of this, i think you're misunderstanding something

I definitely am

a router never modifies the destination address of a routed packet

oh shit nevermind I am an idiot

like in my route above, say someone sends a packet to 46.235.229.111, the destination address in the header is 46.235.229.111

I was assuming you were only sending to the router, but this would prevent that

there is no IPv4 link to the router

the router simply hops the packet along

im an idiot nevermind :D

nah I get it I was just being an idiot

polarian: but you're right, you *do* need an IPv4 address on the interfaces for this to work properly, but that address can be a /32

it does mean router <--> client is IPv6 only

but thats not an issue

that address will be used for locally-originated traffic and for ICMP errors

you can do all your local traffic over lladdr

oh

so you allocate one /32 to your router and put that /32 on all its interface

wont it just forward

the /32 is held on pppoe0

you can put the same /32 on pppoe0, ix0, igb0, whatever

one system = one IPv4 address

Yeah I know that

but you said assign it to every iface, but its already assigned to one, so it is usable on all just not the default

no, if it's on one interface, it's only usable on that interface

you need to assign an IPv4 address to every interface that passes IPv4 traffic

I can ping my router with an IP address allocated to a separate subnet :)

yes, but you break ICMP error delivery and locally originated traffic

you *must* have one IPv4 address on *every* interface that passes IPv4 traffic

yes... but this is meant to be a client which is WAN-only

no local traffic

so it doesnt matter...

surely?

you still need an IPv4 address on the interface or locally-originated traffic won't work

hm...

for example, if the default route is via igb0, the kernel will pick an IP address on igb0 to be the default source address, if igb0 has no IPv4 addresses, the default source address will be 0.0.0.0

this complicates shit though, the pppoe0 address is set when pppoe0 is established, theres no clean way to then set that addr on another iface too :/

polarian: AA's WAN addresses are static, just set it in /etc/rc.conf

nah that will piss me off

also my router is OpenBSD

OpenBSD works the same way

well hostname.if(8)

(although i don't know off hand if they support ipv6 nexthops for ipv4)

not rc.conf(5)

ivy: well I can always try

but I still want to get this working v4-only

if you insist on using obsolete network protocols then you need at least one /31 and will waste IP addresses

I died on the same hill when I refused to use a bridge and spent a month getting routes to work instead

not the same hill. not using bridge is fine. refusing to use industry-standard networks protocols is just making work for yourself

its more me wanting to get it to work without using ipv6 stuff :P

obviously I will try the IPv6 stuff after...

okay, well, if your goal is to come up with the worst possible solution, good luck with that

ivy: I have been told by others that you can do this with only a /32 and a /31 block of RFC1918

(On Linux)

the issue is they dont know BSD...

it works in BSD in exactly the same way as Linux

what I have been told (on Linux) is the first address allocated is the default, so you would allocated the /32 first (therefore the default src is the public IP address) and then use the /31 to link the router to the client

route the additional /32s via the /31 address

arp is happy

and the public IP should be used

arp is not involved if you do this properly

other than for the /31, which obviously requires arp

ivy: I did... it still picks the /31

thats why I was asking how to set src addr priority

which I dont believe is possible

I spent last night switching the order I added, switched which one I added as an alias

it would *ALWAYS* use the /31 and get dropped router side as RFC1918 wont be forwarded to WAN

so I got pissed off and went to bed :P

there is no way to set preferred source address for a route

you are looking for Linux's prefsrc, which we don't implement

yeah, so i assume this approach is impossible on freebsd then?

freebsd simply will not use the /32 as the src header no matter what I try...

maybe? i haven't used IPv4-only networks for years

but probably yes

:/

fuck so I guess IPv6 nethop is mandatory to do this then

question

what if you used a RFC1918 /32 address on the router iface

and used IPv6 nexthop instead of arp

well IPv6 ND

that's fine

hmmm

I guess I will try IPv6 nexthop then

believe me, once you realise how much easier things like this are on IPv6-native networks, you will never go back to the old way

question though, I know v4 is legacy and all but surely it is still a good idea to support an v4-only solution for those who cant use IPv6?

ivy: oh I know how much nicer IPv6 is

as i said earlier: there's a reason *all* SP networks are moving to this setup

but I also dont like the idea of just using IPv6isms to solve all IPv4 problems

IPv6 native everywhere, IPv4 routes distributed via BGP

why? probably because I hate myself

when will AAISP support pppoe via IPv6?

huh? AA has always supported IPv6 over PPPoE

seriously?

I heard that you couldn't

uh...

someone told me they had eliminated v4 apart from pppoe

PPPoE runs over Ethernet

it doesn't need either IPv4 or IPv6 to work

you can run IPv4 and IPv6 *on top of* PPPoE

sure... but not sure how it would work

? the same way it always works, PPPoE doesn't know or care about IP

it runs over Ethernet, it's a layer 2 protocol

I connect to AAISP via PPPoE, during negotiation AAISP hands back a IPv4 address and the gateway, and the route is added

well, you can disable that in your PPP client

I guess you could just set a static IPv6 address for it and a static route

provided you know IPv6 endpoint

hmmm, I guess if I asked AAISP what the gateway addr is for IPv6 it would be possible

but afaik its nowhere in the control panel

i don't know exactly how AA's LCP works over IPv6 but it does hand out a link local prefix

oh right forgot about lladdr

i think it will also hand out a /32 if you ask nicely but it is a terrible idea to rely on that

hmmm tbh I dont think the pppoe between home and AAISP is a big deal

just take a /128 and assign that to your router and put it on the ppp interface

s/32/128

well everyone gets a /48 block

good luck using 2^96 addresses

i know that, that's not what i'm talking about

yeah my point is asking for a /128 seems silly

if you use lladdr do you even need to worry about having a /128 on the pppoe interface?

the point is to provide an external IP address to the router, for locally-originated traffic and ICMP errors, etc

but i think it's a bad idea to rely on this, just allocate one /128 to your router

hmmm well making my network IPv6-only is not my priority right now, bigger fish to fry

but in the future it would be fun to look into

you don't need to make it IPv6-only, you need to make it IPv6-native, i.e. every host can reach every other host via IPv6

sure

i would not suggest anyone make their network IPv6-only right now

I have also wanted to make wifi NAT64

I will do network improvements... eventually

ivy: yeah sorry I meant IPv6-native

203!tansy /src/bsd/main [main]% git rebase -i freebsd/main

mv: .git/COMMIT_EDITMSG: set owner/group (was: 10006/0): Operation not permitted

that's weird