2020-01-24
Longest matching IPv6 address selection biting me
Trying to get devuan updates, I see:Err:5 http://nl.mirror.devuan.org/merged ascii Release 404 Not Found [IP: 2001:878:346::116 80] Err:6 http://nl.mirror.devuan.org/merged ascii-security Release 404 Not Found [IP: 2001:878:346::116 80] Err:7 http://nl.mirror.devuan.org/merged ascii-updates Release 404 Not Found [IP: 2001:878:346::116 80]While nl.mirror.devuan.org has no shortage of IPv6 and IPv4 addresses:;; ANSWER SECTION: nl.mirror.devuan.org. 78083 IN CNAME deb.devuan.org. deb.devuan.org. 78083 IN CNAME deb.roundr.devuan.org. deb.roundr.devuan.org. 845 IN AAAA 2001:638:a000:1021:21::1 deb.roundr.devuan.org. 845 IN AAAA 2a01:4f8:140:1102:2b76:955d:b48f:bdf3 deb.roundr.devuan.org. 845 IN AAAA 2001:878:346::116 deb.roundr.devuan.org. 845 IN AAAA 2a01:4f8:162:7293::14 deb.roundr.devuan.org. 845 IN AAAA 2800:a8:c001::a deb.roundr.devuan.org. 845 IN AAAA 2a01:4f9:2a:fa9::2 deb.roundr.devuan.org. 845 IN AAAA 2001:590:3803::31:151 deb.roundr.devuan.org. 845 IN AAAA 2001:4ca0:4300::1:19 deb.roundr.devuan.org. 845 IN AAAA 2a02:2a38:1:400:422a:422a:422a:422a deb.roundr.devuan.org. 845 IN AAAA 2a0a:e5c0:2:2:400:c8ff:fe68:bef3 ;; ANSWER SECTION: nl.mirror.devuan.org. 78063 IN CNAME deb.devuan.org. deb.devuan.org. 78063 IN CNAME deb.roundr.devuan.org. deb.roundr.devuan.org. 824 IN A 46.4.50.2 deb.roundr.devuan.org. 824 IN A 130.225.254.116 deb.roundr.devuan.org. 824 IN A 190.64.49.124 deb.roundr.devuan.org. 824 IN A 31.220.0.151 deb.roundr.devuan.org. 824 IN A 200.236.31.1 deb.roundr.devuan.org. 824 IN A 131.188.12.211 deb.roundr.devuan.org. 824 IN A 141.84.43.19 deb.roundr.devuan.org. 824 IN A 37.187.111.86 deb.roundr.devuan.org. 824 IN A 5.196.38.18 deb.roundr.devuan.org. 824 IN A 95.216.15.86 deb.roundr.devuan.org. 824 IN A 185.38.15.81I always get the error for 2001:878:346::116 when connecting. This site seems to have a problem with the devuan mirror at the moment, so I'd like to use another one, but apt keeps going back to the same source. This has to do with IPv6 address destination selection (RFC 3484 / RFC 6724). A good explanation at IPv6 Destination Address Selection – what, why, how - Karl Auer with:Rule 9, “use longest matching prefix“, will prefer the candidate destination address that shares the greatest number of contiguous leading bits with the source address that would be chosen for it. Such an address is likely to be topologically closer to the source address.Indeed that address is close to my home network addresses:2001:0878:0346:0000:0000:0000:0000:0116 2001:0980:14ca:0001::/64So the "roundr" round robin isn't very round for IPv6 users. Workaround: reject the address that is giving me problems:# ip -6 route add unreachable 2001:878:346::116 # apt update Get:1 http://nl.mirror.devuan.org/merged ascii InRelease [25.6 kB] Get:2 http://nl.mirror.devuan.org/merged ascii-security InRelease [25.6 kB] Get:3 http://nl.mirror.devuan.org/merged ascii-updates InRelease [25.6 kB] Get:5 http://nl.mirror.devuan.org/merged ascii-security/main Sources [185 kB] Hit:4 http://packages.roundr.devuan.org/merged ascii InRelease Get:6 http://nl.mirror.devuan.org/merged ascii-security/main amd64 Packages [480 kB]