Date: Tue, 05 Sep 2017 13:17:29 -0500 From: Greg Rivers <gcr+freebsd-stable@tharned.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru>, freebsd-stable@freebsd.org Subject: Re: SLAAC not working [solved] Message-ID: <4592443.rsZxAkcZRt@flake.tharned.org> In-Reply-To: <49c7a517-3f20-3629-9aaa-eb96bd506753@yandex.ru> References: <1646645.UkMcyRZBVl@flake.tharned.org> <17a5889c-3a62-9028-c2d2-96c2b55695e3@yandex.ru> <49c7a517-3f20-3629-9aaa-eb96bd506753@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, September 05, 2017 20:44:49 Andrey V. Elsukov wrote: > On 05.09.2017 20:09, Andrey V. Elsukov wrote: > >>>> $ ping6 fe80:XXXX:XXXX:4013:23::2%lagg0 > >>>> ping6: UDP connect: Network is unreachable > >>> > >>> Hmm. Can you show the second word of address in this example? > >>> Is it not zero? I.e. fe80:XXXX: is correct or you missed '::' part? > >>> > >> Correct, neither of the XXXX parts are zero; the :: part is at the end of the address: ...::2%lagg0. Sorry for the obfuscation, but policy at $WORK about company information on public lists is very strict. > > > > I think the problem is not with oce(4) driver. > > Unfortunately, your router uses IPv6 LLA that is not compatible with > > KAME based IPv6 stack that is used by all BSDs. > > To be sure, you can check the output of > # netstat -sp ip6 | grep 'scope rules' > This counter will be incremented for each RA from this server. > Indeed: # netstat -sp ip6 | grep 'scope rules' 63 packets that violated scope rules # rtsol -dD oce0 checking if oce0 is ready... oce0 is ready set timer for oce0 to 1s New timer is 1s timer expiration on oce0, state = 1 send RS on oce0, whose state is 2 set timer for oce0 to 4s New timer is 4s timer expiration on oce0, state = 2 send RS on oce0, whose state is 2 set timer for oce0 to 4s New timer is 4s timer expiration on oce0, state = 2 send RS on oce0, whose state is 2 set timer for oce0 to 1s New timer is 1s timer expiration on oce0, state = 2 No answer after sending 3 RSs stop timer for oce0 there is no timer # netstat -sp ip6 | grep 'scope rules' 73 packets that violated scope rules Looks like we've nailed it. The network engineering guys say that setting the LLA on the routers as they do is a Cisco convention. The value chosen reflects the /64 prefix being published in the RAs. I guess that makes it easy at a glance to see which prefix is in use on a given network. I'll see if I can get them to change it and report back. Thanks for your help! -- Greg Rivers
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4592443.rsZxAkcZRt>