Date: Thu, 22 Dec 2011 19:37:03 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Marcin Cieslak <saper@saper.info> Cc: freebsd-net@freebsd.org Subject: Re: IPv6 not responding on some aliases (recent 8-stable) Message-ID: <C72FCBE6-AC3B-486B-B487-DA1FDA1F4474@lists.zabbadoz.net> In-Reply-To: <slrnjf6s3g.i0d.saper@saper.info> References: <slrnjf53o4.2d1.saper@saper.info> <F2005BBF-1808-4E63-B5F3-71361A95008A@lists.zabbadoz.net> <slrnjf6s3g.i0d.saper@saper.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22. Dec 2011, at 18:01 , Marcin Cieslak wrote:
>>> Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote:
>=20
>> to cut the long story short and before we try to debug this in =
detail;
>> if you try to reach all these addresses on the local machine, does =
that work, eg. if you ping6 2001:abcd:f:abcd::100[0-5] from that host =
itself?
>=20
> Yes,=20
>=20
> $ ping6 2001:abcd:f:abcd::1003
> PING6(56=3D40+8+8 bytes) 2001:abcd:f:abcd::1003 --> =
2001:abcd:f:abcd::1003
> 16 bytes from 2001:abcd:f:abcd::1003, icmp_seq=3D0 hlim=3D64 =
time=3D0.392 ms
> ^C
> --- 2001:abcd:f:abcd::1003 ping6 statistics ---
> 1 packets transmitted, 1 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev =3D 0.392/0.392/0.392/0.000 ms
>=20
> also:
>=20
> $ ping6 -S 2001:abcd:f:abcd::1001 2001:abcd:f:abcd::1005
> PING6(56=3D40+8+8 bytes) 2001:abcd:f:abcd::1001 --> =
2001:abcd:f:abcd::1005
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D0 hlim=3D64 =
time=3D0.387 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D1 hlim=3D64 =
time=3D0.201 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D2 hlim=3D64 =
time=3D0.188 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D3 hlim=3D64 =
time=3D0.196 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D4 hlim=3D64 =
time=3D0.198 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D5 hlim=3D64 =
time=3D0.254 ms
> ^C
> --- 2001:abcd:f:abcd::1005 ping6 statistics ---
> 6 packets transmitted, 6 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev =3D 0.188/0.237/0.387/0.070 ms
>=20
> When I "tcpdump -n -i sis0 ip6" when doing=20
>=20
> ping6 -S 2001:abcd:f:abcd::1000 www.freebsd.org
>=20
> I see a whole bunch of=20
>=20
> 17:49:05.528465 IP6 2001:abcd:f:abcd::1000 > 2001:4f8:fff6::22: ICMP6, =
echo request, seq 42, length 16
>=20
> When pinging from outside via IPv6 nothing appears except ND traffic:
>=20
> 17:50:19.658275 IP6 fe80::21c:c0ff:fede:adbf > fe80::5:73ff:fea0:0: =
ICMP6, neighbor solicitation, who has fe80::5:73ff:fea0:0, length 32
> 17:50:19.662226 IP6 fe80::5:73ff:fea0:0 > fe80::21c:c0ff:fede:adbf: =
ICMP6, neighbor advertisement, tgt is fe80::5:73ff:fea0:0, length 24
> 17:50:24.674531 IP6 fe80::21e:79ff:fe1e:d400 > =
fe80::21c:c0ff:fede:adbf: ICMP6, neighbor solicitation, who has =
fe80::21c:c0ff:fe26:8103, length 32
> 17:50:24.674649 IP6 fe80::21c:c0ff:fede:adbf > =
fe80::21e:79ff:fe1e:d400: ICMP6, neighbor advertisement, tgt is =
fe80::21c:c0ff:fe26:8103, length 24
> 17:50:26.668789 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: =
UDP, length 72
> 17:50:29.660582 IP6 2001:abcd:f:abcd::1000.64756 > =
2a01:xxxx:yyyy::1.53: 8351 [1au][|domain]
> 17:50:29.674096 IP6 fe80::21c:c0ff:fede:adbf > =
fe80::21e:79ff:fe1e:d400: ICMP6, neighbor solicitation, who has =
fe80::21e:79ff:fe1e:d400, length 32
> 17:50:29.682082 IP6 fe80::21e:79ff:fe1e:d400 > =
fe80::21c:c0ff:fede:adbf: ICMP6, neighbor advertisement, tgt is =
fe80::21e:79ff:fe1e:d400, length 24
> 17:50:34.637895 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: =
UDP, length 6
>=20
> fe80::21c:c0ff:fede:abbf is the problematic host
>=20
> When doing=20
>=20
> ping6 -S 2001:abcd:f:abcd::1000 2a01:xxx:yyy::1
> PING6(56=3D40+8+8 bytes) 2001:abcd:f:abcd::1000 --> 2a01:xxx:yyy::1
> ^C
> --- 2a01:xxx:yyy::1 ping6 statistics ---
> 29 packets transmitted, 0 packets received, 100.0% packet loss
>=20
> The 2a01:xxx:yyy::1 host reports ICMPv6 via bpf:
>=20
> 18:56:47.012614 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, =
echo request, seq 23, length 16
> 18:56:47.014426 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, =
echo reply, seq 23, length 16
> 18:56:48.012368 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, =
echo request, seq 24, length 16
> 18:56:48.013422 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, =
echo reply, seq 24, length 16
>=20
> So it seems the packets are sent, the host just can't receive.
>=20
> I initially thought it's a transport layer issue, since previously =
(before
> I changed configuration) 30%-50% SSH connection attempts succeeded
> (but prefix was wrong on the "primary" IPv6 address :1000).
> Now I get no packets on receiving side at all for those "broken" IPv6 =
addresses.
Talk to ywhomever is providing in front of you to
1) either relax nd6 table limits or
2) to route a /64 to your host to only have 1 entry in the neighbour =
table.
That's most likely the problem given my crystal ball and experience.
/bz
--=20
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C72FCBE6-AC3B-486B-B487-DA1FDA1F4474>