I've found, that implementation of 6rd tunnels is broken. Here is a list of a founded bugs:
- 6rd options can be set for any type of tunnel. Must be limited to "sit" only. We must add two checks:
- If encapsulation is already set and it is not "sit" then deny to use 6rd options.
- And vice versa - if "6rd" options is already set, deny to set any encapsulations, except "sit".
- Following to RFC5969, we must able to configure:
- IPv4MaskLen (presented, but not functional). IPv4MaskLen can be calculated from 6rd-relay_prefix but VyOS trying to validate it as IP host address (must be network address). Due this ip tunnel command can't configure 6rd options property.
- 6rdPrefix (presented)
- 6rdPrefixLen (presented)
- 6rdBRIPv4Address (not presented, but can be configured through routes)
- Configuration allow to create tunnel with 6rd-prefix with length different, than 32 without 6rd-relay_prefix option. Due to 6rd implementation in iproute2 this will not work.
- Tunnel configuration allow to add more than one 6rd-prefix. This is not allowed by RFC.
- Tunnel can't be created without remote-ip option. This option not required for 6rd-tunnels.
I think, that we must rework this 6rd tunnels implementation and test it again.