Date: Sun, 28 Dec 2014 10:16:21 +0000 From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Jason Healy <jhealy@logn.net> Cc: freebsd-net@freebsd.org Subject: Re: IPv6 routes leaking between FIBs? Message-ID: <CC09274B-2A1A-4672-AF08-5752DB7B5AB0@FreeBSD.org> In-Reply-To: <C2295EFD-C052-438B-8524-974C17E1FBB6@logn.net> References: <C2295EFD-C052-438B-8524-974C17E1FBB6@logn.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 28 Dec 2014, at 03:19 , Jason Healy <jhealy@logn.net> wrote:
>=20
> Hello,
>=20
> Trying out FreeBSD for the first time to build a firewall box that=92s =
multi-core and runs PF. I=92m very interested in the FIB code, as it =
lines up well with the way my core networking equipment works and should =
allow me to route traffic on an interface that=92s logically separate =
from the management interfaces.
>=20
> I=92ve been playing for a bit with the FIB features, but I=92m getting =
hung up on IPv6. I=92m trying to set up two interfaces on my box to =
each have a different FIB, and to not leak routes between the =
interfaces:
>=20
> # sysctl net.add_addr_allfibs=3D0
> # ifconfig em1 inet 192.0.2.1/24 fib 1
> # ifconfig em1 inet6 2001:db8:dead:beef::1/64 fib 1
> # ifconfig em2 inet 203.0.113.1/24 fib 2
> # ifconfig em2 inet6 2001:db8:cafe:babe::1/64 fib 2
>=20
> If I then check the routing tables for each FIB, here=92s what I get:
>=20
> # setfib -F 1 netstat -rn
>=20
> Routing tables (fib: 1)
>=20
> Internet:
> Destination Gateway Flags Netif Expire
> 192.0.2.0/24 link#2 U em1
> 192.0.2.1 link#2 UHS lo0
>=20
> Internet6:
> Destination Gateway Flags =
Netif Expire
> 2001:db8:cafe:babe::/64 link#3 U =
em2
> 2001:db8:dead:beef::/64 link#2 U =
em1
> 2001:db8:dead:beef::1 link#2 UHS =
lo0
> fe80::%em1/64 link#2 U =
em1
> fe80::a00:27ff:fef6:162a%em1 link#2 UHS =
lo0
> fe80::%em2/64 link#3 U =
em2
> fe80::%lo0/64 link#5 U =
lo0
>=20
>=20
> # setfib -F 2 netstat -rn
>=20
> Routing tables (fib: 2)
>=20
> Internet:
> Destination Gateway Flags Netif Expire
> 203.0.113.0/24 link#3 U em2
> 203.0.113.1 link#3 UHS lo0
>=20
> Internet6:
> Destination Gateway Flags =
Netif Expire
> 2001:db8:cafe:babe::/64 link#3 U =
em2
> 2001:db8:cafe:babe::1 link#3 UHS =
lo0
> 2001:db8:dead:beef::/64 link#2 U =
em1
> fe80::%em1/64 link#2 U =
em1
> fe80::%em2/64 link#3 U =
em2
> fe80::a00:27ff:fe62:d267%em2 link#3 UHS =
lo0
> fe80::%lo0/64 link#5 U =
lo0
>=20
>=20
> Note that as expected, the IPv4 routes are constrained to their FIB =
(192.0.2.0 to FIB 1 and 203.0.113.0 to FIB 2). However, the IPv6 routes =
(deadbeef and cafebabe) leak between the FIBs; both prefixes that I add =
are listed in both FIBs (as well as the link-local stuff).
>=20
> According to:
>=20
> =
https://www.freebsd.org/news/status/report-2012-01-2012-03.html#Multi-FIB:=
-IPv6-Support-and-Other-Enhancements
>=20
> IPv6 parity is claimed for the FIB code, so I=92m not sure if I=92m =
doing it wrong, or if there=92s a problem with the FIB code and IPv6 =
routes.
>=20
> Thanks in advance for any help or clarification!
People simply broke it (again). Please file a bug report. You may =
mention that there are regression test scripts in src/tools/ somewhere =
to test all the cases for IPv6.
=97=20
Bjoern A. Zeeb Charles Haddon Spurgeon:
"Friendship is one of the sweetest joys of life. Many might have failed
beneath the bitterness of their trial had they not found a friend."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CC09274B-2A1A-4672-AF08-5752DB7B5AB0>