"
I live in a condo and unfortunately I have no way of changing ISPs.
What I do have is two separate symmetric 100Mbps pipes, with very different properties.
The first one is native IPv6, and it delivers a dynamic - albeit fairly sticky - /56 but no separate WAN IP address. IPv4 is delivered via DS-Lite only, which means CG-NAT.
The second is the exact opposite: one public static IPv4 (that I pay extra for but at least the option is there), no DHCP but no support for IPv6 at all. Connectivity to anything that is not a major CDN or out of the country is atrocious using these guys, to boot.
What I have managed so far is to get both pipes running, the first with IPv4 and IPv6 via establishing a GIF tunnel for DS-Lite, and the second as IPv4 only.
I then managed to setup IPv4 load balancing via adding the resulting two IPv4 gateways to a group with monitoring, appropriate firewall rules and some additions to force traffic to some IPv4 destinations through the first ISP.
Is there a way I can set up a second GIF tunnel with TunnelBroker to have IPv6 connectivity on the second pipe and balance IPv6 traffic as well?
Two things worry me:
The second one in particular would break everything if it goes wrong.
RANT FOLLOWS
As a aside, why is it so hard to get IPv6 in general (ISPs being absolute dicks in how they provide it) and load balancing in particular working? I've gone through EdgeOS (I used an Ubiquiti EdgeRouter Lite before ISP1 moved to DS-Lite, which broke hardware offload and made it unable to keep up), VyOS and now OPNSense (I still have to try OpenWRT, but it refuses to boot on the box I have available) and there is always something along the way that blocks me.
What I do have is two separate symmetric 100Mbps pipes, with very different properties.
The first one is native IPv6, and it delivers a dynamic - albeit fairly sticky - /56 but no separate WAN IP address. IPv4 is delivered via DS-Lite only, which means CG-NAT.
The second is the exact opposite: one public static IPv4 (that I pay extra for but at least the option is there), no DHCP but no support for IPv6 at all. Connectivity to anything that is not a major CDN or out of the country is atrocious using these guys, to boot.
What I have managed so far is to get both pipes running, the first with IPv4 and IPv6 via establishing a GIF tunnel for DS-Lite, and the second as IPv4 only.
I then managed to setup IPv4 load balancing via adding the resulting two IPv4 gateways to a group with monitoring, appropriate firewall rules and some additions to force traffic to some IPv4 destinations through the first ISP.
Is there a way I can set up a second GIF tunnel with TunnelBroker to have IPv6 connectivity on the second pipe and balance IPv6 traffic as well?
Two things worry me:
- I cannot see a way to have NPT rules track prefix delegations, which means that every time ISP 1's assigned /56 changes the setup breaks
- Is there a way to ensure IPv6 traffic to establish the DS-Lite gif tunnel only ever goes through ISP 1 instead of TunnelBroker? And to ensure IPv4 traffic to establish the TunnelBroker tunnel only goes through ISP2 instead of the DS-Lite tunnel?
The second one in particular would break everything if it goes wrong.
RANT FOLLOWS
As a aside, why is it so hard to get IPv6 in general (ISPs being absolute dicks in how they provide it) and load balancing in particular working? I've gone through EdgeOS (I used an Ubiquiti EdgeRouter Lite before ISP1 moved to DS-Lite, which broke hardware offload and made it unable to keep up), VyOS and now OPNSense (I still have to try OpenWRT, but it refuses to boot on the box I have available) and there is always something along the way that blocks me.
