Date: Tue, 12 Aug 2008 01:34:03 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Mathieu Arnold <mat@FreeBSD.org> Cc: stable@freebsd.org Subject: Re: neighbor discovery problem Message-ID: <20080812083403.GA2150@eos.sc1.parodius.com> In-Reply-To: <2D4221F0175C7261ECD00191@atuin.in.mat.cc> References: <2D4221F0175C7261ECD00191@atuin.in.mat.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 12, 2008 at 09:45:48AM +0200, Mathieu Arnold wrote: > Since I added IPv6 to my network, and started really using it, I'm seeing > some strange things happening. > > For instance, I'm on machine 2a01:678:1:443::443, and I do : > > $ traceroute6 -n 2a01:678:100:2:: > traceroute6 to 2a01:678:100:2:: (2a01:678:100:2::) from > 2a01:678:1:443::443, 64 hops max, 12 byte packets > 1 2a01:678:1:443:: 0.636 ms 0.602 ms 0.525 ms > 2 2a01:678:1:443:: 2999.665 ms !A 2999.636 ms !A 2999.680 ms !A > > 2a01:678:1:443:: is it's default gateway, and is also directly connected to > 2a01:678:100:2::, but it does not seem to be able to contact it. > > If I log onto the gateway, and I : > > $ ping6 -c 1 2a01:678:100:2:: > PING6(56=40+8+8 bytes) 2a01:678:100:: --> 2a01:678:100:2:: > 16 bytes from 2a01:678:100:2::, icmp_seq=0 hlim=64 time=1.146 ms > > --- 2a01:678:100:2:: ping6 statistics --- > 1 packets transmitted, 1 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev = 1.146/1.146/1.146/0.000 ms > > It works, and now, I can : > $ traceroute6 -n 2a01:678:100:2:: > traceroute6 to 2a01:678:100:2:: (2a01:678:100:2::) from > 2a01:678:1:443::443, 64 hops max, 12 byte packets > 1 2a01:678:1:443:: 0.647 ms 0.671 ms 0.417 ms > 2 2a01:678:100:2:: 0.852 ms 0.790 ms 0.669 ms > > Maybe I'm doing something wrong, but, well, I can't seem to find ou what. > > 2a01:678:1:443::443 is a 7.0 > 2a01:678:1:443:: is a 6.2 > 2a01:678:100:2:: is a 6.0 > > Those are not up to date to the latest thing you can get, but they're > production machines, and I'm not really willing to upgrade them unless I > really need to :-) Important note: I know absolutely nothing about IPv6. Do you have ACLs on any of these machines? !A in traceroute commonly means there's an ACL blocking said packets: !A (communication with destination network administratively prohibited) A ping from the other host might cause a stateful firewall to begin allowing said traffic to/from the machine which previously wasn't working. If you use a firewall on these machines (ipfw, pf, etc.), I'd recommend posting your problem to the freebsd-pf list instead. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080812083403.GA2150>