REPLY: 2:5001/100.1 60e19d4e
MSGID: 2:5005/49 610ab0eb
CHRS: CP866 2
TZUTC: 0700
TID: hpt/fbsd 1.9.0-cur 2019-12-05
Dear Dmitry,

04 Jul 21 13:51, you wrote to me:

 DP>>> For example - rerouting traffic via VPN to get thru RKN's DPI.
 DP>>> Real life scenario :)

 VS>> Why would you need NAT for that? Get a VPN/tunnel provider who
 VS>> offers a global /64 or /56 or even a /48, like HE does.

 DP> With he.net you'll loose access to local google caches and to local
 DP> CDNs. With ipv4 I can forward only blocked subnetworks via VPN, with
 DP> ipv6 and without NAT66 I can't do that.

Well, it's a valid point of course. The protocol designers are not required to
forsee the acts of malicious morons breaking the Internet intentionally. But
they could have provided for a simple failover mechanism.

OTOH, when I have to circumvent RKN, I prefer to start a new browser session
where all traffic goes via a VPN. Yes, I lose access to local google caches
and to local CDNs, but be it so.

 DP>>> Yeah, but you can have "host" part the same for several uplinks
 DP>>> and change prefix only on NPTv6 gateway. It's the best ipv6 can
 DP>>> offer for you, sorry.

 VS>> Too bad and a bit unexpected. There are/were rather complex
 VS>> things like Mobile IPv6 and HMIP, and they have not thought of a
 VS>> simple failover?

 DP> Mobile IPV6 is an operator controlled tool to keep your IPv6 address
 DP> intact. But you are asking for exactly the opposite solution - to
 DP> change your IPv6 address.

Not exactly "to change my IPv6 address", but rather provide some simple
failover mechanism for multihomed IPv6 hosts. It has just come to my mind: if
those multihomed hosts ran some kind of routing protocol (OSPFv3 or a simple
equivalent thereof) there would be absolutely no problem selecting the working
gateway.

 DP>>> It adds more complexity and cannot be implemented easily in
 DP>>> userland across multiple OSes.

 VS>> OK, let's start anew with a simple setup. If there are two
 VS>> routers in a home LAN advertising different global prefixes, and
 VS>> one of them goes offline, will IPv6 end hosts detect that and
 VS>> remove the corresponding addresses from their configuration?

 DP> Yes but you'll still have single routing table and timeout for client
 DP> to remove dead ipv6 address from interface and routing table is large
 DP> enough to be unacceptable for general use.

So, we need some simple routing protocol with keepalives, running both on end
hosts and the router?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
 * Origin: Ulthar (2:5005/49)
SEEN-BY: 1/123 50/109 90/1 105/81 120/340 123/131 124/5016 154/10
SEEN-BY: 203/0 221/1 6 360 226/30 227/702 229/424 426 428 550 700
SEEN-BY: 229/1016 230/0 240/1120 5138 5411 5824 5832 5853 249/206
SEEN-BY: 249/317 400 280/464 5003 5006 5555 282/1038 292/854 8125
SEEN-BY: 301/1 310/31 317/3 320/219 322/757 335/364 342/200 423/81
SEEN-BY: 423/120 460/58 463/68 467/239 888 633/280 712/848 770/1 2452/250
SEEN-BY: 2454/119 4500/1 5000/111 5001/100 5005/49 53 5015/46 5020/545
SEEN-BY: 5020/715 830 846 1042 2047 2140 4441 5053/54 5058/104 5064/56
SEEN-BY: 5083/1 444
PATH: 5005/49 5020/1042 221/6 1 280/464 240/5832 229/426