Hi, On 06/03/2025 13:47, Jonas Lochmann wrote:
I tried to use a stateful source address rewriting instead. With nftables, this is easy to implement and it works if the prefix length of the uplink is longer (smaller subnet) than the internal network: Just keep the prefix and replace the bits after it with the original source address. With this, I can use local addresses in the local network and additionally provide the public address/es of one or more uplinks.
I am using this in production at one location since multiple years and thus know that this works. I am interested in other approaches, experiences and feedback for this method.
Can you please be more specific about this solution? Which IPv6 addresses do you use in your network? Is it a prefix of one of the providers, ULA or something else? Can you more elaborate on why the provider's prefix has to be longer? If internal prefix is fd12:dead:beef::/48 Provider A is using 2001:db8:a::/56 Provider B is using 2001:db8:b::/56 The translator receives packet from fe12:dead:beef:1234::1 and chooses provider A, will it translate its source address to 2001:db8:a:0034::1? If yes, what then happens with packets from fe12:dead:beef:ab34::1? Also, can you link the repository/PR regarding the patch you use? -- Best regards, Ondřej Caletka