Commit 02ae492, the addition of an extra vxlan interface for inter-gateway communication, has some nice advantages. Like keeping OSPF/iBGP traffic out of the public mesh zone. Or routing packets between the gateways without batman-adv.
One disadvantage though is: When two client devices in the same domain got different IPv6 routes assigned from different gateways, then they will now always route over the gateways to communicate with each other:
linus@vpn02:~$ ip -6 route get 2a03:2260:200f:401:70db:944f:a956:cc3a
2a03:2260:200f:401:xxxx:xxxx:xxxx:xxxx from :: via fd01::4 dev vxlan0 table freifunk proto bird src fd01::2 metric 1024 pref medium
Before, when only using bat-pl, for instance, without vxlan0 and OSPF on bat-pl a gateway would receive and also forward a packet back through bat-pl. Which would then trigger the Linux kernel to also send an ICMPv6 redirect back to the source:
https://elixir.bootlin.com/linux/v5.18.13/source/net/ipv6/ip6_output.c#L548
-> https://elixir.bootlin.com/linux/v5.18.13/source/net/ipv6/ip6_output.c#L555
-> https://elixir.bootlin.com/linux/v5.18.13/source/net/ipv6/ip6_output.c#L571
After receiving such an ICMPv6 redirect, the original source would have learned that its own and the destination subnet are on the same link. And that it can use IPv6 Neighbor Discovery to find the destination host on the link and that it can send to it directly, without a router.
Question: Would it make sense / would it be possible for a domain bat-X to:
- filter out OSPF/iBGP for domain bat-X routes from other gateways
- instead add these routes fixed on bat-X, instead of having them added on vxlan0 by bird
(not that familiar with bird, so not quite sure if that would be easy to configure?)
That way within a certain domain bat-X traffic should be routed back over bat-X instead of through vxlan0 and should then trigger ICMP redirect messages? Which would allow direct communication on the link without routing for clients which got their subnet from different gateways?