On Thu, Mar 06, 2025 at 04:41:46PM +0100, Ondřej Caletka wrote:
Can you please be more specific about this solution? Which IPv6 addresses do you use in your network? Is it a prefix of one of the providers, ULA or something else?
Right now ULA + prefix from one provider. I used prefixes from both providers in the past. I see no limit regarding the combinations.
Can you more elaborate on why the provider's prefix has to be longer?
It does not have to. My statement was misleading. The point was that it can be longer and this method continues working.
If internal prefix is fd12:dead:beef::/48 Provider A is using 2001:db8:a::/56 Provider B is using 2001:db8:b::/56
The translator receives packet from fe12:dead:beef:1234::1 and chooses provider A, will it translate its source address to 2001:db8:a:0034::1?
Yes
If yes, what then happens with packets from fe12:dead:beef:ab34::1?
The same: It is rewritten to 2001:db8:a:0034::1
Also, can you link the repository/PR regarding the patch you use?
https://patchwork.ozlabs.org/project/openwrt/patch/20250112131635.8660-1-ope... The core aspect is this nftables snippet that is filled according to the current prefix delegation: "snat ip6 to ip6 saddr and " + suffix_mask + " or " + base_addr This shows how powerful the expressions in nftables are: Logical operations with IPs are possible. In the example, the generated action would be: snat ip6 to ip6 saddr and ::ff:ffff:ffff:ffff:ffff or 2001:db8:a:: Before that, an accept rule is generated if the source address already matches the uplink IP so that this snat action is skipped.