Dear All,

What if I had two IPv6-capable ISPs for my home, and a /64 or a /56 from each of them? Is it possible to setup a backup link this way?

I know that my home router can advertise multiple global IPv6 prefixes into the LAN, but how will LAN hosts failover to the backup gateway if the primary ISP fails? They will have IPv6 addresses from both blocks, which should they choose for their outgoing src address?

With two IPv4 ISPs and NAT, the setup is rather trivial, outgoing connections will work via either of the ISPs because the hosts needn't be aware of the failure, and their src private IP is always the same.

Can anyone enlighten me?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Hello, Victor!

Monday June 28 2021 21:07, from Victor Sudakov -> All:

What if I had two IPv6-capable ISPs for my home, and a /64 or a /56
from each of them? Is it possible to setup a backup link this way?

[...skip...]

Can anyone enlighten me?

I don't see how iPv6 differs from IPv4 in this regard. Is it like you have multiple A DNS records vs multiple AAAA records to point to your node host name?

Best Regards, Nil
--- GoldED+/LNX 1.1.5
* Origin: VDS-OVZ-��������: 1 ��, 512��, 10��, 1 IP - 90�/��� (2:5015/46)

Good ${greeting_time}, Victor!

28 Jun 2021 21:07:18, you wrote to All:

What if I had two IPv6-capable ISPs for my home, and a /64 or a /56
from each of them? Is it possible to setup a backup link this way?

Yes.

I know that my home router can advertise multiple global IPv6
prefixes into the LAN, but how will LAN hosts failover to the
backup gateway if the primary ISP fails? They will have IPv6
addresses from both blocks, which should they choose for their
outgoing src address?

This is the preferred mode of operation, but it has (only) two disadvantages: 1. All hosts in the LAN must be able to do the switching|balancing on thy own (that means, run Linux; the BSD-style networking stack, like the one used in Windoze, has very limited functionality).
2. This may require some manual configuration on every of them. Not really a problem, but may be boring.

With two IPv4 ISPs and NAT, the setup is rather trivial, outgoing connections will work via either of the ISPs because the hosts
needn't be aware of the failure, and their src private IP is always
the same. Can anyone enlighten me?

This is second option, but you'd lose the main advantage of IPv6: the use of publicly routed addresses.


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

... god@universe:~ # cvs up && make world
--- /bin/vi
* Origin: ::1 (2:5020/545)

Hello, Victor!

Monday June 28 2021 21:07, you wrote to All:

What if I had two IPv6-capable ISPs for my home, and a /64 or a /56
from each of them? Is it possible to setup a backup link this way?

Sure.

I know that my home router can advertise multiple global IPv6 prefixes into the LAN, but how will LAN hosts failover to the backup gateway if
the primary ISP fails? They will have IPv6 addresses from both blocks, which should they choose for their outgoing src address?

NPTv6 is the answer (RFC 6296).
Not sure if your router can handle it.

Best regards,
dp.
--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: No rest for the wicked (2:5001/100.1)

Hello, Alexey!

Monday June 28 2021 23:45, you wrote to Victor Sudakov:

This is the preferred mode of operation, but it has (only) two disadvantages: 1. All hosts in the LAN must be able to do the switching|balancing on thy own (that means, run Linux; the BSD-style networking stack, like the one used in Windoze, has very limited functionality).

Sounds like a bullshit. You don't need linux for this because it's also sux for such scenarios.

This is second option, but you'd lose the main advantage of IPv6: the
use of publicly routed addresses.

In most of the cases it's just a disaster.

Best regards,
dp.
--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: No rest for the wicked (2:5001/100.1)

Dear Nil,

28 Jun 21 18:15, you wrote to me:

What if I had two IPv6-capable ISPs for my home, and a /64 or a
/56 from each of them? Is it possible to setup a backup link this
way?

[...skip...]

Can anyone enlighten me?

I don't see how iPv6 differs from IPv4 in this regard.

I'll clarify. In the case of IPv4, a LAN device has exactly one private IP address and one default route, the failover is done in the router, the devices are not aware of ISP failure.

In the case of IPv6, all LAN devices have at least two global addresses (from ISP1 block and from ISP2 block), so they must decide for themselves what outgoing address to choose.

Is it like you
have multiple A DNS records vs multiple AAAA records to point to your
node host name?

I did not say a word about DNS. I'm speaking about outgoing traffic on Layer 3.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Dear Alexey,

28 Jun 21 23:45, you wrote to me:

What if I had two IPv6-capable ISPs for my home, and a /64 or a
/56 from each of them? Is it possible to setup a backup link this
way?

Yes.

I know that my home router can advertise multiple global IPv6
prefixes into the LAN, but how will LAN hosts failover to the
backup gateway if the primary ISP fails? They will have IPv6
addresses from both blocks, which should they choose for their
outgoing src address?

This is the preferred mode of operation, but it has (only) two disadvantages: 1. All hosts in the LAN must be able to do the switching|balancing on thy own (that means, run Linux; the BSD-style networking stack, like the one used in Windoze, has very limited functionality). 2. This may require some manual configuration on every
of them. Not really a problem, but may be boring.

This is not feasible because most of those LAN hosts are smartphones, smart TVs, vacuum cleaners, cameras and other IoT devices.

With two IPv4 ISPs and NAT, the setup is rather trivial, outgoing
connections will work via either of the ISPs because the hosts
needn't be aware of the failure, and their src private IP is
always the same. Can anyone enlighten me?

This is second option, but you'd lose the main advantage of IPv6: the
use of publicly routed addresses.

Indeed. I don't like the idea of using NAT in IPv6 even if I could. So what's the solution?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Dear Dmitry,

29 Jun 21 00:08, you wrote to me:

What if I had two IPv6-capable ISPs for my home, and a /64 or a
/56 from each of them? Is it possible to setup a backup link this
way?

Sure.

I'm not so sure already.

I know that my home router can advertise multiple global IPv6
prefixes into the LAN, but how will LAN hosts failover to the
backup gateway if the primary ISP fails? They will have IPv6
addresses from both blocks, which should they choose for their
outgoing src address?

NPTv6 is the answer (RFC 6296).

It's not a good answer. One of the key priorities of IPv6 as touted by its proponents is the end-to-end connectivity, freedom from NAT.

Not sure if your router can handle it.

Do not want :-)

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Good ${greeting_time}, Victor!

29 Jun 2021 21:43:24, you wrote to me:

I know that my home router can advertise multiple global IPv6
prefixes into the LAN, but how will LAN hosts failover to the
backup gateway if the primary ISP fails? They will have IPv6
addresses from both blocks, which should they choose for their
outgoing src address?

This is the preferred mode of operation, but it has (only) two
disadvantages: 1. All hosts in the LAN must be able to do the
switching|balancing on thy own (that means, run Linux; the
BSD-style networking stack, like the one used in Windoze, has
very limited functionality). 2. This may require some manual
configuration on every of them. Not really a problem, but may
be boring.

This is not feasible because most of those LAN hosts are smartphones, smart TVs, vacuum cleaners, cameras and other IoT devices.

Most of these devices have Linux kernel, but crippled userspace.

With two IPv4 ISPs and NAT, the setup is rather trivial, outgoing
connections will work via either of the ISPs because the hosts
needn't be aware of the failure, and their src private IP is
always the same. Can anyone enlighten me?

This is second option, but you'd lose the main advantage of IPv6:
the use of publicly routed addresses.

Indeed. I don't like the idea of using NAT in IPv6 even if I could.
So what's the solution?

For dumb devices, especially portable, I'd suggest using NPT. Fully functional computers may be connected to some other VLANs (two at once in your case) and configured to use real addresses.


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

... GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
--- /bin/vi
* Origin: ::1 (2:5020/545)

*** Answering a msg posted in area carbonArea (Carbon Area).

Hello, Victor!

Tuesday June 29 2021 21:46, you wrote to me:

NPTv6 is the answer (RFC 6296).

It's not a good answer. One of the key priorities of IPv6 as touted by
its proponents is the end-to-end connectivity, freedom from NAT.

NAT66 is what NAT for ipv6 is called. NPTv6 is not a NAT, it's stateless solution.


Best regards,
dp.
--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: No rest for the wicked (2:5001/100.1)

Dear Dmitry,

30 Jun 21 00:09, you wrote to me:

NPTv6 is the answer (RFC 6296).

It's not a good answer. One of the key priorities of IPv6 as
touted by its proponents is the end-to-end connectivity, freedom
from NAT.

NAT66 is what NAT for ipv6 is called.

What was the incentive to create such an abomination?

NPTv6 is not a NAT, it's
stateless solution.

Even if NPT is called "prefix translation" and is stateless, it is still a NAT (in IPv4 terms, a type of a one-to-one NAT).

However, the creators of IPv6 had better invent something like "dead gateway detection" or some other way for end devices to select a working outgoing address when they have several global prefixes (and gateways) available. I thought my knowledge was lacking, but it turns out the new and flashy protocol stack is lacking.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

*** Answering a msg posted in area carbonArea (Carbon Area).

Hello, Victor!

Thursday July 01 2021 00:19, you wrote to me:

NAT66 is what NAT for ipv6 is called.

What was the incentive to create such an abomination?

"There are more things in heaven and earth, Horatio,
Than are dreamt of in your philosophy."(c)Shakespeare

And original ipv6 was just a miserable philosophy, created by people with limited knowledge about real life.

NPTv6 is not a NAT, it's
stateless solution.

Even if NPT is called "prefix translation" and is stateless, it is
still a NAT (in IPv4 terms, a type of a one-to-one NAT).

NPTv6 is for prefix translation only, not for address translation.
It's much more lightweight and easy to implement.

However, the creators of IPv6 had better invent something like "dead gateway detection" or some other way for end devices to select a
working outgoing address when they have several global prefixes (and gateways) available. I thought my knowledge was lacking, but it turns
out the new and flashy protocol stack is lacking.

Do you have a time machine to send some ideas to ipv6 creators? :)

Best regards,
dp.

--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: No rest for the wicked (2:5001/100.1)

Hello, Alexey!

Wednesday June 30 2021 05:24, you wrote to Victor Sudakov:

Most of these devices have Linux kernel, but crippled userspace.

Linux kernel is not enough for that, it's actually useless if you don't have proper userland software to control it.


Best regards,
dp.
--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: No rest for the wicked (2:5001/100.1)

Dear Dmitry,

30 Jun 21 23:17, you wrote to me:

NAT66 is what NAT for ipv6 is called.

What was the incentive to create such an abomination?

"There are more things in heaven and earth, Horatio,
Than are dreamt of in your philosophy."(c)Shakespeare

And original ipv6 was just a miserable philosophy, created by people
with limited knowledge about real life.

The original IPv4 was also miserable with its classful networks, RIPv1 etc. I still cannot imagine however what "real life" problem they are solving by creating NAT for ipv6.

NPTv6 is not a NAT, it's
stateless solution.

Even if NPT is called "prefix translation" and is stateless, it
is still a NAT (in IPv4 terms, a type of a one-to-one NAT).

NPTv6 is for prefix translation only, not for address translation.
It's much more lightweight and easy to implement.

Either you translate only the higher 64 bits of the address, or the whole 128 bits of the address, you still rewrite the packet. True, you don't do PAT, that's why I said that it looks like a one-to-one IPv4 NAT (much like in AWS VPC "public" subnets).

However, the creators of IPv6 had better invent something like
"dead gateway detection" or some other way for end devices to
select a working outgoing address when they have several global
prefixes (and gateways) available. I thought my knowledge was
lacking, but it turns out the new and flashy protocol stack is
lacking.

Do you have a time machine to send some ideas to ipv6 creators? :)

Nope, but I think $subj can be implemented today, e.g. via some field in RAs etc. In FreeBSD (and I'm sure in other IPv6 implementations) you can select the prerred source address, you only have to add some way to change it automatically when a "dead gateway" is detected.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Hello, Victor!

Thursday July 01 2021 20:31, you wrote to me:

The original IPv4 was also miserable with its classful networks, RIPv1 etc. I still cannot imagine however what "real life" problem they are solving by creating NAT for ipv6.

For example - rerouting traffic via VPN to get thru RKN's DPI.
Real life scenario :)

translation. It's much more lightweight and easy to implement.

Either you translate only the higher 64 bits of the address, or the
whole 128 bits of the address, you still rewrite the packet. True, you don't do PAT, that's why I said that it looks like a one-to-one IPv4
NAT (much like in AWS VPC "public" subnets).

Yeah, but you can have "host" part the same for several uplinks and change prefix only on NPTv6 gateway.
It's the best ipv6 can offer for you, sorry.

Nope, but I think $subj can be implemented today, e.g. via some field
in RAs etc. In FreeBSD (and I'm sure in other IPv6 implementations)
you can select the prerred source address, you only have to add some
way to change it automatically when a "dead gateway" is detected.

It adds more complexity and cannot be implemented easily in userland across multiple OSes.


Best regards,
dp.
--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: No rest for the wicked (2:5001/100.1)

Dear Dmitry,

01 Jul 21 16:46, you wrote to me:

The original IPv4 was also miserable with its classful networks,
RIPv1 etc. I still cannot imagine however what "real life"
problem they are solving by creating NAT for ipv6.

For example - rerouting traffic via VPN to get thru RKN's DPI.
Real life scenario :)

Why would you need NAT for that? Get a VPN/tunnel provider who offers a global /64 or /56 or even a /48, like HE does.

translation. It's much more lightweight and easy to implement.

Either you translate only the higher 64 bits of the address, or
the whole 128 bits of the address, you still rewrite the packet.
True, you don't do PAT, that's why I said that it looks like a
one-to-one IPv4 NAT (much like in AWS VPC "public" subnets).

Yeah, but you can have "host" part the same for several uplinks and
change prefix only on NPTv6 gateway. It's the best ipv6 can offer for
you, sorry.

Too bad and a bit unexpected. There are/were rather complex things like Mobile IPv6 and HMIP, and they have not thought of a simple failover?

Nope, but I think $subj can be implemented today, e.g. via some
field in RAs etc. In FreeBSD (and I'm sure in other IPv6
implementations) you can select the prerred source address, you
only have to add some way to change it automatically when a "dead
gateway" is detected.

It adds more complexity and cannot be implemented easily in userland across multiple OSes.

OK, let's start anew with a simple setup. If there are two routers in a home LAN advertising different global prefixes, and one of them goes offline, will IPv6 end hosts detect that and remove the corresponding addresses from their configuration?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Dear Alexey,

30 Jun 21 05:24, you wrote to me:

I know that my home router can advertise multiple global IPv6
prefixes into the LAN, but how will LAN hosts failover to the
backup gateway if the primary ISP fails? They will have IPv6
addresses from both blocks, which should they choose for their
outgoing src address?

This is the preferred mode of operation, but it has (only) two
disadvantages: 1. All hosts in the LAN must be able to do the
switching|balancing on thy own (that means, run Linux; the
BSD-style networking stack, like the one used in Windoze, has
very limited functionality). 2. This may require some manual
configuration on every of them. Not really a problem, but may
be boring.

This is not feasible because most of those LAN hosts are
smartphones, smart TVs, vacuum cleaners, cameras and other IoT
devices.

Most of these devices have Linux kernel, but crippled userspace.

With two IPv4 ISPs and NAT, the setup is rather trivial,
outgoing connections will work via either of the ISPs because
the hosts needn't be aware of the failure, and their src
private IP is always the same. Can anyone enlighten me?

This is second option, but you'd lose the main advantage of
IPv6: the use of publicly routed addresses.

Indeed. I don't like the idea of using NAT in IPv6 even if I
could. So what's the solution?

For dumb devices, especially portable, I'd suggest using NPT.

How well does NPT (being stateless) work with FTP, SIP and other protocols which embed addresses into payload?

Fully
functional computers may be connected to some other VLANs (two at once
in your case) and configured to use real addresses.

Speaking of those fully functional computers in the LAN, do you mean the setup when there is a script pinging some outside hosts/interfaces and modifying the IPv6 routing table, or something more advanced and interesting?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

*** Answering a msg posted in area carbonArea (Carbon Area).

Hello, Victor!

Sunday July 04 2021 12:36, you wrote to me:

For example - rerouting traffic via VPN to get thru RKN's DPI.
Real life scenario :)

Why would you need NAT for that? Get a VPN/tunnel provider who offers
a global /64 or /56 or even a /48, like HE does.

With he.net you'll loose access to local google caches and to local CDNs.
With ipv4 I can forward only blocked subnetworks via VPN, with ipv6 and without NAT66 I can't do that.

Yeah, but you can have "host" part the same for several uplinks
and change prefix only on NPTv6 gateway. It's the best ipv6 can
offer for you, sorry.

Too bad and a bit unexpected. There are/were rather complex things
like Mobile IPv6 and HMIP, and they have not thought of a simple
failover?

Mobile IPV6 is an operator controlled tool to keep your IPv6 address intact. But you are asking for exactly the opposite solution - to change your IPv6 address.

It adds more complexity and cannot be implemented easily in
userland across multiple OSes.

OK, let's start anew with a simple setup. If there are two routers in
a home LAN advertising different global prefixes, and one of them goes offline, will IPv6 end hosts detect that and remove the corresponding addresses from their configuration?

Yes but you'll still have single routing table and timeout for client to remove dead ipv6 address from interface and routing table is large enough to be unacceptable for general use.

Best regards,
dp.
--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: No rest for the wicked (2:5001/100.1)

Good ${greeting_time}, Victor!

04 Jul 2021 12:44:50, you wrote to me:

I know that my home router can advertise multiple global IPv6
prefixes into the LAN, but how will LAN hosts failover to the
backup gateway if the primary ISP fails? They will have IPv6
addresses from both blocks, which should they choose for their
outgoing src address?

This is the preferred mode of operation
1. All hosts in the LAN must be able to do the switching|balancing
on thy own
2. This may require some manual configuration on every of them.

This is not feasible because most of those LAN hosts are
smartphones, smart TVs, vacuum cleaners, cameras and other IoT
devices.

Most of these devices have Linux kernel, but crippled userspace.

In general, IoT devices should reside in a separate VLAN without any access to outer world. Whether you need to access any of them from outside, you have SSH running on the gateway for that.

With two IPv4 ISPs and NAT, the setup is rather trivial,
outgoing connections will work via either of the ISPs because
the hosts needn't be aware of the failure, and their src
private IP is always the same. Can anyone enlighten me?

This is second option, but you'd lose the main advantage of
IPv6: the use of publicly routed addresses.

Indeed. I don't like the idea of using NAT in IPv6 even if I
could. So what's the solution?

For dumb devices, especially portable, I'd suggest using NPT.

How well does NPT (being stateless) work with FTP, SIP and other
protocols which embed addresses into payload?

FTP is dead. SIP clients normally use only LAN (everything else should be performed by a gateway).

Well, I can imagine a SIP client connecting to the corporate SIP PBX. To work properly in a multi-link environment, it have to establish _two_ connections for the SIP control channels. Software PBXes (Asterisk and some others) are known to work. Clients running on a PDAs are unlikely.

Fully functional computers may be connected to some other VLANs
(two at once in your case) and configured to use real addresses.

Speaking of those fully functional computers in the LAN, do you
mean the setup when there is a script pinging some outside hosts/ interfaces and modifying the IPv6 routing table, or something more advanced and interesting?

Trivial per-interface VRF.


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

... god@universe:~ # cvs up && make world
--- /bin/vi
* Origin: ::1 (2:5020/545)

Hello Nil!

28 Jun 2021 18:15, Nil A wrote to Victor Sudakov:

I don't see how iPv6 differs from IPv4 in this regard. Is it like you have multiple A DNS records vs multiple AAAA records to point to your node host name?

ask isp to deliver with hardware peer bundled modems, the ipv6 router does not need to know its 2 fysicly lines on the outside

hardware exists for 2 lines, and imho up to 8 phone lines, each can then add more stable connection and more speed, even if each of the lines is diffrent central, but in most cases it would not be good since ping time would then not be equal, but in teori it could be prioter to make compensation for that


Regards Benny

... too late to die young :)
--- Msged/LNX 6.1.2 (Linux/5.12.19-gentoo-dist (x86_64))
* Origin: gopher://fido.junc.eu/ (2:230/0)

Dear Alexey,

04 Jul 21 17:27, you wrote to me:

I know that my home router can advertise multiple global IPv6
prefixes into the LAN, but how will LAN hosts failover to the
backup gateway if the primary ISP fails? They will have IPv6
addresses from both blocks, which should they choose for
their outgoing src address?

This is the preferred mode of operation
1. All hosts in the LAN must be able to do the
switching|balancing on thy own 2. This may require some manual
configuration on every of them.

This is not feasible because most of those LAN hosts are
smartphones, smart TVs, vacuum cleaners, cameras and other IoT
devices.

Most of these devices have Linux kernel, but crippled userspace.

In general, IoT devices should reside in a separate VLAN without any access to outer world.

Most of the value of IoT devices depends on their access to the outer world. By denying them access, you lose this value.

Whether you need to access any of them from
outside, you have SSH running on the gateway for that.

Who in their right mind would access their smart vacuum cleaner, thermostat or security camera by SSH? I want the vaccuum cleaner to notify me on the mobile app when it's finished or stuck.

I can agree that ingress access to the IoT device network is usually unnecessary, egress access is enough for them.

With two IPv4 ISPs and NAT, the setup is rather trivial,
outgoing connections will work via either of the ISPs because
the hosts needn't be aware of the failure, and their src
private IP is always the same. Can anyone enlighten me?

This is second option, but you'd lose the main advantage of
IPv6: the use of publicly routed addresses.

Indeed. I don't like the idea of using NAT in IPv6 even if I
could. So what's the solution?

For dumb devices, especially portable, I'd suggest using NPT.

How well does NPT (being stateless) work with FTP, SIP and other
protocols which embed addresses into payload?

FTP is dead.

It is not. You just don't know.

SIP clients normally use only LAN (everything else should
be performed by a gateway).

Tell that to sipnet.ru and many other VoIP providers. I've seen even semi-private VoIP networks (for admins) working over the Internet.

Well, I can imagine a SIP client connecting to the corporate SIP PBX.
To work properly in a multi-link environment, it have to establish
_two_ connections for the SIP control channels.

May be so, if a SIP client itself is multihomed. In this case, it may survive the disconnection of one of the uplinks, is that what you mean?

Fully functional computers may be connected to some other VLANs
(two at once in your case) and configured to use real addresses.

Speaking of those fully functional computers in the LAN, do you
mean the setup when there is a script pinging some outside hosts/
interfaces and modifying the IPv6 routing table, or something
more advanced and interesting?

Trivial per-interface VRF.

And how do applications (e.g. a Web browser) decide which VRF to use for outgoing connections? If one of the VRFs has no connection to the Internet, as was the original question. The application must know that this VRF is currently "disconnected" and act accordingly, how do you handle that?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Dear Dmitry,

04 Jul 21 13:51, you wrote to me:

For example - rerouting traffic via VPN to get thru RKN's DPI.
Real life scenario :)

Why would you need NAT for that? Get a VPN/tunnel provider who
offers a global /64 or /56 or even a /48, like HE does.

With he.net you'll loose access to local google caches and to local
CDNs. With ipv4 I can forward only blocked subnetworks via VPN, with
ipv6 and without NAT66 I can't do that.

Well, it's a valid point of course. The protocol designers are not required to forsee the acts of malicious morons breaking the Internet intentionally. But they could have provided for a simple failover mechanism.

OTOH, when I have to circumvent RKN, I prefer to start a new browser session where all traffic goes via a VPN. Yes, I lose access to local google caches and to local CDNs, but be it so.

Yeah, but you can have "host" part the same for several uplinks
and change prefix only on NPTv6 gateway. It's the best ipv6 can
offer for you, sorry.

Too bad and a bit unexpected. There are/were rather complex
things like Mobile IPv6 and HMIP, and they have not thought of a
simple failover?

Mobile IPV6 is an operator controlled tool to keep your IPv6 address intact. But you are asking for exactly the opposite solution - to
change your IPv6 address.

Not exactly "to change my IPv6 address", but rather provide some simple failover mechanism for multihomed IPv6 hosts. It has just come to my mind: if those multihomed hosts ran some kind of routing protocol (OSPFv3 or a simple equivalent thereof) there would be absolutely no problem selecting the working gateway.

It adds more complexity and cannot be implemented easily in
userland across multiple OSes.

OK, let's start anew with a simple setup. If there are two
routers in a home LAN advertising different global prefixes, and
one of them goes offline, will IPv6 end hosts detect that and
remove the corresponding addresses from their configuration?

Yes but you'll still have single routing table and timeout for client
to remove dead ipv6 address from interface and routing table is large enough to be unacceptable for general use.

So, we need some simple routing protocol with keepalives, running both on end hosts and the router?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Hello, Victor!

Wednesday August 04 2021 22:12, you wrote to me:

Well, it's a valid point of course. The protocol designers are not required to forsee the acts of malicious morons breaking the Internet intentionally. But they could have provided for a simple failover mechanism.

I am taking a break. My idea is to redesign my home network according to new insight from Rostelecom about their DPI's ipv6 support.
Will come back with new thoughts later :)

Best regards,
dp.

--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: No rest for the wicked (2:5001/100.1)