IPv6 Policy-Based Routing [with patches]

1 post / 0 new
wsapplegate
IPv6 Policy-Based Routing [with patches]

Hi people,

I recently upgraded my routers to VC6.5, and was pleased to notice PBR had finally been implemented: This is a real nice addition for multihomed small sites. Still, there were a few showstoppers: First, I stumbled on bug #8364, as apparently the new method to specify the mangle chain on an interface only allows it to be applied in the in direction (I previously used firewall modify out for MSS clamping, so this doesn't work anymore). I kludged this temporarily, but then another issue bit me: There was no IPv6 support for PBR. Looking further, I discovered that Quagga had no support for this in the CLI, which I found strange, as it looked like the underlying function static_ipv6_func() could support it.

After a few false starts (I lost some time until I found out the IPv6-related functions in zebra/zebra_rib.c ignored the table number they were handed), I managed to cobble up some patches, which you can find on my FTP (those looking to test this specifically want the patches marked V6PBRONLY plus the vyatta-quagga.patch. You will need to apply them to a git tree branched on Pacifica, and rebuild all three packages. As always, I do not guarantee the code will work correctly).

My question is: As the Quagga patch is entirely trivial, does anyone know why this feature isn't in upstream anyway? I suppose there are lingering issues that prevent its addition, but the limited tests I did seemed to work, so I'm left without a clue.

Even though I now have IPv6 PBR apparently working, I'm still trying to find out how to implement the missing part for it to be really useful: NAT66. It's now available in kernel 3.7, but Pacifica uses a 3.3.8 kernel, and it looks like a lot of patches went in the NAT code between those versions, hence I'm unsure if that's feasible (I'll have a go at it anyway, I guess ;-)