On Sun, 25 Apr 2021 18:20:37 +0800
I'm no expert on this, but the router must have a public, routable adress
to the internet, otherwise it can't function as a router. This address
is (usually) provided by the ISP.

It's using its pubic address to route packets to the internet and very
probably NAT to handle packets from and to the LAN.

So, the internal LAN does not have to use routable addresses.

The important difference I think here is that in IPv6 it is very normal to
have both a link local and a routable IP address on an interface. RFC 3927
speaks to this for IPv4 with:
IPv4 Link-Local addresses are not suitable for communication with
devices not directly connected to the same physical (or logical)
link, and are only used where stable, routable addresses are not
available (such as on ad hoc or isolated networks). This document
does not recommend that IPv4 Link-Local addresses and routable
addresses be configured simultaneously on the same interface.

Though technically you have not put a global uniq unicast address on the
outbound interface the fact your trying to route one via that interface
to a loopback interface puts you into the situation your attempting
to route global IP over a link local address.
So your wanting the kernel to pick a source address on another interface
for a packet going out a different interface, that is what seems wrong.

Though I think this could be solved by applying a technique used in
routers, and that is the concept of a host specific globally routeable
IP address that should be used for all non-local packets. This is useful
in complex multipath networks as the router is always accessable via
that IP address no mater which interfaces are routing packets correctly
as long as the routing protocols are maintaining a path to it.

But before going down that road, why are you putting your desired globally
routeable IP address on lo0 and not on the upstream interface which would
eliminate this problem? Is it because you have a complex multipath network,
or is it from an attempt to save some global IP's that would be needed
to run these on the link? Or?
I do not believe you well find anything that speaks to this issue for IPv4, as
your not really in the situation of RFC6724 which has to do with multiple IP
addresses on the same interface.

I take it you mean for IPv4 only?
Agree, this is pretty clear from specs.
This I am not clear on. RFC 3927 does bring up some of the
problems, and possible solutions, for a multihomed situation
with LL addresses. Section 3.2
Huh? We already do that.
I believe someplace in the bowls of all the IPv6 specs this
is a requirement. I could not find it quickly though.


Question: Should we allow a route to have a next hop of a LL(ipv4)?
Reason: RFC3927 2.6.2:
The host MUST NOT send a packet with an IPv4 Link-Local destination
address to any router for forwarding.

So, arguably, it is a violation to allow the default route to have
a LL next hop for ipv4. For that matter, it is a violation to allow
ANY ipv4 LL address to be the next hop in the routing table(s).

This is due to the fact that IPv6 is specified to have this type of
behavior. In v6 we have the idea of scope, that does not exist in
the v4 world, or at least at this time it does not. RFC3927 3.2 does
discuss the idea of scope and v4.
In my reply to Poul Henning I wrote that allowing a ipv4 LL address
as a next hop may be a violation of RFC, and is the root cause of
this address selection process.

It wont fix your issue, as once you remove that route your host
wont be able to send anything but link local packets. I am still
unclear why your putting your IP address on lo0 and attempting/expecting
that address to route over a link that is only configured with LL
addresses.

I'll investigate further and see if I can discover why we
do this, if it is or isnt in spec, etc.
Yep
No, that is explicity forbidden:
RFC 3927 at 2.7 paragraph 2:

An IPv4 packet whose source and/or destination address is in the
169.254/16 prefix MUST NOT be sent to any router for forwarding, and
any network device receiving such a packet MUST NOT forward it,
regardless of the TTL in the IPv4 header.

If dst=LL you must ARP for the destination is also in the
spec some place, no routing allowed.

Now if you had said dst != LL to any next-hop, that would
be true.

Yes, as the expectation in IPv4 is that a subnet is generally
only reachable on one interface and from one address and that
all host on a subnet are rechable from any interface on that
subnet, which does not work with the ipv4 LL logic as it is
today.
Poul correcting me, and I agree, my statment was rushed and wrong.
Ok. I think it might help to split this problem space over
that which exists for a "host" and that which exists for
a "multi-homed host", and that which exists for a "router".

The host I would say just put the globally routable IP
on the upstream interface and your done.

For the multi-homed host there needs to be a way to specify
that some v4 IP is that hosts globally reachable IP and
should be used as the source when the current logic only
finds a LL v4 address. This same logic should work for
a router, but may not be desireable for some reason.
But there is no guarantee that you can use those routeable IP addresses
on the other interfaces as source addresses on a LL interface only.

I now understand your problem space better, and I think the simplest
solution is to have a way to say "this IP address" is my globally
reachable IP address (it needs to be an address on SOME interface.)
And this globally reachable IP address should be used for a NON
local packet source address when the current logic would of ended
at the LL selection.

You often have such IP addresses when you configure full mesh multi-hop
iBGP that are injected into OSPF or other interior protocol and thus
are reachable via interface addresses. This address is often configured
on a loopback device, and exported into the interior protocol.

After googling and hunting I found a fairly old RFC 1122. The section 3.3.4.3 `Choosing a
Source Address` looks what I'm looking for.

I did not find any further RFCs that update the section 3.3.4.3 of RFC 1122. So I think it
still applies to hosts / routers with link-local addresses.

Then the source address selection falls into these three situation:
1. Multi-homed host with strong ES model.
2. Multi-homed host with weak ES model.
3. Router

Suppose the host / router has one interface configured with LL address, and routable
addresses configured on other interfaces, to respect RFC 3927 section 2.7, then
for situation 2 and 3, a routable address should be selected if the next-hop interface is
unnumbered, ie. the interface is configured with only LL addresses.
For situation 1, since it is strong ES model, and the interface is unnumbered, no routable
address is available, and the kernel should return a error EADDRNOTAVAIL .

I would like to borrow some rules from RFC 6724, for two addresses SA and SB from the
candidate set , a given destination address D

Rule 1. Prefer same address.
If SA = D, then prefer SA. Similarly, if SB = D, then prefer SB.

Rule 2. Prefer appropriate scope.
If Scope(SA) < Scope(SB): If Scope(SA) < Scope(D), then prefer SB and
otherwise prefer SA. Similarly, if Scope(SB) < Scope(SA): If
Scope(SB) < Scope(D), then prefer SA and otherwise prefer SB.

Rule 3. Prefer outgoing interface.
If SA is assigned to the interface that will be used to send to D and
SB is assigned to a different interface, then prefer SA. Similarly,
if SB is assigned to the interface that will be used to send to D and
SA is assigned to a different interface, then prefer SB.

Rule 4. Prefer directly connected.
If DirectlyConnected(SA, D) and not DirectlyConnected(SB, D) then prefer SA.
If DirectlyConnected(SB, D) and not DirectlyConnected(SA, D) then prefer SB.


For situation 1, the order of rules should be 1, 3, 2, 4. And that might result in un-routable
packets with LL source address sent to next-hop.

For situation 2 and 3, the order is 1, 2, 3, 4.


Feedbacks are welcome.

Thanks,
Zhenlei Huang