W dniu 6.02.2022 o 18:04, Mike Fischer pisze:
Hi Łukasz,
Am 06.02.2022 um 12:08 schrieb Łukasz Moskała <[email protected]>:
W dniu 6.02.2022 o 05:28, Mike Fischer pisze:
OpenBSD 7.0 stable amf64
My host has two ethernet interfaces, em0 and em1.
Note: The host is a VM with two virtual interfaces.
Both interfaces are configured like this for IPv6 in the /etc/hostname.em0 and
/etc/hostname.em1 files:
inet6 autoconf -temporary -soii
They are connected to the same LAN and each produces a unique IPv6 address
using the same prefix and an EUI64 interface identifier as expected*.
$ ifconfig em0|grep inet6|grep -vE '(fe80:| fd|temporary|deprecated)'
inet6 2001:db8::20c:29ff:fd9c:4b7 prefixlen 64 autoconf pltime 1070
vltime 7043
$ ifconfig em1|grep inet6|grep -vE '(fe80:| fd|temporary|deprecated)‘
inet6 2001:db8::20c:29ff:fd9c:4c1 prefixlen 64 autoconf pltime 1032
vltime 7005
DNS records have been set up*:
$ dig +short a.example.com aaaa
2001:db8::20c:29ff:fd9c:4b7
$ dig +short b.example.com aaaa
2001:db8::20c:29ff:fd9c:4c1
$
My httpd.conf looks like this*:
ipa = "2001:db8::20c:29ff:fd9c:4b7"
ipb = "2001:db8::20c:29ff:fd9c:4c1"
server "a.example.com" {
listen on $ipa port 80
directory index index.html
location "/*" {
root "/htdocs/a"
}
}
server "b.example.com" {
listen on $ipb port 80
directory index index.html
location "/*" {
root "/htdocs/b"
}
}
/var/www/htdocs/a/index.html and /var/www/htdocs/b/index.html exist and each
contains a minimal HTML page.
httpd -n sees no problem.
rcctl start httpd works fine.
However trying to access http://a.example.com or
http://[2001:db8::20c:29ff:fd9c:4b7] gets a timeout.
Accessing http://b.example.com or http://[2001:db8::20c:29ff:fd9c:4c1] works
fine.
Trying to find the cause I checked:
$ netstat -an|grep LISTEN
…
tcp6 0 0 2001:db8::.80 *.* LISTEN
tcp6 0 0 2001:db8::.80 *.* LISTEN
…
$
Which seems weird because only the prefix is listed not the complete IPv6
addresses.
Am I seeing a bug or is my expectation that both servers (virtual hosts) work
wrong?
*) Hostnames and IPs anonymized.
Thanks!
Mike
"They are connected to the same LAN"
This is most likely your problem. Having two IPs on two interfaces in the same
subnet will usually cause problems. Most likely you also have two default
routes.
Yes, you are right. There are 2 default routes for IPv6.
Not sure why IPv6 works like this but that’s what I’m trying to learn. I am
using this machine as a test bed for figuring out IPv6. My expectation was that
IPv6 would work just like IPv4 in this scenario.
Note: For IPv4 the same setup works fine, yielding a web server that serves
both a.example.com and b.example.com on different IPs. The expectation would be
that replies would be send through the same interface the request came in on.
IPv4 has the drawback that I only have 1 public IPv4 address. So I need to
differentiate bei port number on the Internet side of my router to map to the
correct LAN IP.
So I learned something here, which was my goal. Thanks!
You can work around it by putting both interfaces in diffrent rdomains, then
running two httpd instances, one in rdomain with first IP, second in rdomain
with second IP.
I’ll look into this (more as a way to learn more about how this works than to
actually fill a pressing need). Thanks for the idea.
Or, assign both IPs statically to em0 (one with prefix /64, second with prefix
/128), then remove em1 - I'm 99% sure this will solve your problem.
Yes. But in my experimental setup this would not be practical because the IPv6
prefix is dynamic. Assigning a static IPv6 address will cease to work when the
prefix changes, at least for connections from the Internet. There are issues
with the setup of port forwarding on my router as well. I thought I could get
around all of these issues by using the second interface.
For this experiment the goal was get a single host to serve two websites on
separate IPv6 addresses. All this in a LAN setting where the public IPv6 prefix
is dynamic. Getting it to work short term is easy using static IPs. But
ensuring it will work across prefix changes is more complicated. I do have a
script that triggers on prefix changes and could be used to adjust the static
IPs and the httpd.conf as needed. I don’t much like that solution though.
Thanks for your reply!
Mike
If that's the case, then I'd just serve both websites on the same IP. I
think that would be the most "clean" way to solve your problem, but
that's ignoring point of your experiment.
However, I think that every datacenter you will get static prefix, so
that you will not have to worry about it, if you will ever do it outside
of home network.
Best regards
--
Łukasz Moskała
