Date: Tue, 26 Apr 2011 00:05:35 +0200 From: Lionel Fourquaux <lionel.fourquaux+freebsd-questions@normalesup.org> To: Daniel Marsh <daniel@stiw.org> Cc: freebsd-questions@freebsd.org Subject: Re: routing to a directly attached subnet without an address in this subnet Message-ID: <20110425220535.GA9237@phare.normalesup.org> In-Reply-To: <BANLkTikn9v5-wMVKRhkCaZ1AJbDHti7U=Q@mail.gmail.com> References: <20110424202954.GA16373@phare.normalesup.org> <201104242343.p3ONhBld001779@mail.r-bonomi.com> <20110425115313.GB4647@phare.normalesup.org> <BANLkTikn9v5-wMVKRhkCaZ1AJbDHti7U=Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 25, 2011 at 10:17:40PM +1000, Daniel Marsh wrote: >What you need to verify is the default routes on the client hosts. It's very >likely your packets and your initial route add commands on your dual host >machine are correct, yet the return route on the other clients are >incorrect. I have checked that. Actually, I can ping the router from the clients. What does not work is initiating a packet exchange from the router's side. Short reminder: em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd default route is to em0 2001:db8:0:1::/64 is router to em1 (route add -inet6 2001:db8:0:1::/64 -iface em1) clients connected to em1 have addresses in 2001:db8:0:1::/64 and default route to fe80::1234:56ff:fe78:9abd If I reboot the router, then try to ping a client in 2001:db8:0:1::/64, directly connected to em1, ping6 fails with "sendmsg: Operation not permitted". tcpdump does not show anything being sent to this client. The client's MAC does not show up in "ndp -a". If I ping the router from the client, I get answers. The client's MAC show up in the NDP table, and I can ping the client from the router as long as it is still listed in the NDP table. If I clear the table with "ndp -c", I can't ping from the router any more. If I reboot and add a static entry for the client in the NDP table, I can ping this client. All this seems to point to NDP as the root of the problem: it looks like it is not aware of the addition of 2001:db8:0:1::/64 to the routing table. I do not see any way to give the missing information to NDP other than adding an address to em1. (Adding static entries for all the clients would not be manageable in the long run). Google seems to turn up some mentions of "cloning routes" that look like a way to solve this (I'm not quite sure), but this was apparently removed in a recent reimplementation of ARP+NDP (arp-v2). Maybe some functionality was lost in the process, but I don't know about this.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110425220535.GA9237>