Date: Tue, 05 Sep 2017 13:17:29 -0500 From: Greg Rivers <gcr+freebsd-stable@tharned.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru>, freebsd-stable@freebsd.org Subject: Re: SLAAC not working [solved] Message-ID: <4592443.rsZxAkcZRt@flake.tharned.org> In-Reply-To: <49c7a517-3f20-3629-9aaa-eb96bd506753@yandex.ru> References: <1646645.UkMcyRZBVl@flake.tharned.org> <17a5889c-3a62-9028-c2d2-96c2b55695e3@yandex.ru> <49c7a517-3f20-3629-9aaa-eb96bd506753@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, September 05, 2017 20:44:49 Andrey V. Elsukov wrote:
> On 05.09.2017 20:09, Andrey V. Elsukov wrote:
> >>>> $ ping6 fe80:XXXX:XXXX:4013:23::2%lagg0
> >>>> ping6: UDP connect: Network is unreachable
> >>>
> >>> Hmm. Can you show the second word of address in this example?
> >>> Is it not zero? I.e. fe80:XXXX: is correct or you missed '::' part?
> >>>
> >> Correct, neither of the XXXX parts are zero; the :: part is at the end of the address: ...::2%lagg0. Sorry for the obfuscation, but policy at $WORK about company information on public lists is very strict.
> >
> > I think the problem is not with oce(4) driver.
> > Unfortunately, your router uses IPv6 LLA that is not compatible with
> > KAME based IPv6 stack that is used by all BSDs.
>
> To be sure, you can check the output of
> # netstat -sp ip6 | grep 'scope rules'
> This counter will be incremented for each RA from this server.
>
Indeed:
# netstat -sp ip6 | grep 'scope rules'
63 packets that violated scope rules
# rtsol -dD oce0
checking if oce0 is ready...
oce0 is ready
set timer for oce0 to 1s
New timer is 1s
timer expiration on oce0, state = 1
send RS on oce0, whose state is 2
set timer for oce0 to 4s
New timer is 4s
timer expiration on oce0, state = 2
send RS on oce0, whose state is 2
set timer for oce0 to 4s
New timer is 4s
timer expiration on oce0, state = 2
send RS on oce0, whose state is 2
set timer for oce0 to 1s
New timer is 1s
timer expiration on oce0, state = 2
No answer after sending 3 RSs
stop timer for oce0
there is no timer
# netstat -sp ip6 | grep 'scope rules'
73 packets that violated scope rules
Looks like we've nailed it.
The network engineering guys say that setting the LLA on the routers as they do is a Cisco convention. The value chosen reflects the /64 prefix being published in the RAs. I guess that makes it easy at a glance to see which prefix is in use on a given network. I'll see if I can get them to change it and report back.
Thanks for your help!
--
Greg Rivers
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4592443.rsZxAkcZRt>