FreeBSD Mail Archives

Date:      Sun, 23 Nov 2014 16:58:28 -0500
From:      Jon Radel <jon@radel.com>
To:        pepe <plaine@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: IPv6 aliases on FreeBSD 10
Message-ID:  <54725884.5060006@radel.com>
In-Reply-To: <CANNwXrY-BAVfD2nLhYo8ZsXr9EkC1hr12ZQrCUmBxpzurVue_g@mail.gmail.com>
References:  <CANNwXrYNw3bdnXDLdEVDhfWBxn2wu1Joyd3WpobweHDjUzFfgQ@mail.gmail.com> <5447AD3F.8060304@bytecamp.net> <CANNwXra7nhsH4m52-SX2PqBwHLP1NoqtZmGx-MF4B8VE8HJFTQ@mail.gmail.com> <CANNwXrZ75XtVv84adpum-DU_kf=KjuJfnFpuhZucXJhqBT3K%2Bw@mail.gmail.com> <54490752.7080504@radel.com> <CANNwXrb89ryxdsw7emsP9b6AKQAcS%2B6z=Vr2ChNkX9CcZCMdDQ@mail.gmail.com> <544BEBB8.7000408@radel.com> <CANNwXrY-BAVfD2nLhYo8ZsXr9EkC1hr12ZQrCUmBxpzurVue_g@mail.gmail.com>

This is a cryptographically signed message in MIME format.

--------------ms050500060608070008000205
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

On 11/23/14, 5:14 AM, pepe wrote:
>   I also tried adding
> aliases with /128 instead of /64, but it changed nothing.
> With /128 it worked just the same way.
As one of the people mentioning /128s, I'd like to retract that=20
suggestion; I've been reading the ipv6 related documentation given that=20
I'm bringing up my first 10.1 box with ipv6.....and things have changed=20
a bit since 8.4.
>
> Current rc.conf is:
> ipv6_activate_all_interfaces=3D"YES"
> #ipv6_defaultrouter=3D"2001:14b8:1801::1"
> ipv6_defaultrouter=3D"fe80::1%em0"
> ifconfig_em0_ipv6=3D"inet6 2001:14b8:1801::c001 prefixlen 64"
> ifconfig_em0_alias59=3D"inet6 2001:14b8:1801::2 prefixlen 64"
> ifconfig_em0_alias60=3D"inet6 2001:14b8:1801::c002 prefixlen 64"
> ifconfig_em0_alias61=3D"inet6 2001:14b8:1801::3 prefixlen 64"
> ifconfig_em0_alias62=3D"inet6 2001:14b8:1801:1:: prefixlen 64"
> ifconfig_em0_alias63=3D"inet6 2001:14b8:1801:1::1 prefixlen 64"
>
Just making sure that you realize that if the ISP's equipment is=20
addressed 2001:14b8:1801::1/64, it wouldn't necessarily do good things=20
with your address 2001:14b8:1801:1::/64 unless it had a route to that=20
network.  But that's an aside and doesn't appear to be the root issue=20
you're dealing with.

>
> I'm starting to think it's problem on ISP side and not ours. But just t=
o
> sure - anyone have any ideas what more to try?
>
>
I read through this thread, and as far as I can tell, you've told us=20
almost nothing useful about the topology of your network.  Where does=20
the cable from em0 go?  Directly into the ISP's equipment?  If so, what=20
kind of equipment are we talking about?  What type of media?    I admit=20
complete ignorance of the industry norms specific to Finland, but around =

these parts it makes a world of difference whether you're talking=20
directly to a cable carrier's "modem" or a point-to-point circuit into a =

high-end router.

What I would do, given what little I know about your topology:

1)  Run "ndp -an" on your machine.   All the addresses you expect to=20
work should show up as permanent entries in this table.

2)  You're not doing any firewalling are you?

3)  If you don't run em0 into a switch, insert one (preferably one that=20
does L3 and port mirroring, if you just happen to have access to one=20
like that) between the server and your ISP.

4)  Attach another ipv6 speaking machine  to the switch.   Can it ping=20
all the addresses?   Does its ndp table show the proper mac address for=20
all the addresses?

5)  Optional:  mirror all the traffic on the switch port attached to the =

ISP the test machine you added and using tcpdump or wireshark or=20
what-have-you look at the traffic between the ISP and your server.

If the test machine in #4 reaches all the server addresses just fine=20
even though the ISP doesn't, particularly if #5 shows the ISP never=20
sending the traffic that should be going to the "non-functional"=20
addresses, my leading suspicion would be that that the ISP's equipment=20
has very, very limited capacity for a L2 address table, quite possibly=20
as a matter of deliberate configuration, and after it learns about N=20
neighbors, where N is a very small number, it simply ignores any=20
additional addresses.  Other than getting your ISP to do something about =

that, the only fix I can think of is to put a router (which is where a=20
L3 switch would be handy) between your ISP and your server.  Then, in=20
theory, your ISP's equipment should have to deal with the only addresses =

on the outside of your router in L2 and everything else would be L3=20
routing.   My big concern about that, however, is that the default=20
address they've given you is actually in your /48, so it's unclear to me =

what the heck they're doing with the routing.  So you probably have to=20
talk to them in any case about what the outside interface of your router =

should be addressed as.

--Jon Radel
jon@radel.com






--------------ms050500060608070008000205
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILBDCC
BRowggQCoAMCAQICEG0Z6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoT
FVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3Qu
Y29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQg
RW1haWwwHhcNMTEwNDI4MDAwMDAwWhcNMjAwNTMwMTA0ODM4WjCBkzELMAkGA1UEBhMCR0Ix
GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
ChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVudGlj
YXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJKEhFtLV5jUXi+LpOFAyKNTWF9mZfEyTvefMn1V0HhMVbdClOD5J3EHxcZppLkyxPFA
GpDMJ1Zifxe1cWmu5SAb5MtjXmDKokH2auGj/7jfH0htZUOMKi4rYzh337EXrMLaggLW1DJq
1GdvIBOPXDX65VSAr9hxCh03CgJQU2yVHakQFLSZlVkSMf8JotJM3FLb3uJAAVtIaN3FSrTg
7SQfOq9xXwfjrL8UO7AlcWg99A/WF1hGFYE8aIuLgw9teiFX5jSw2zJ+40rhpVJyZCaRTqWS
D//gsWD9Gm9oUZljjRqLpcxCm5t9ImPTqaD8zp6Q30QZ9FxbNboW86eb/8ECAwEAAaOCAUsw
ggFHMB8GA1UdIwQYMBaAFImCZ33EnSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBR6E04AdFvG
eGNkJ8Ev4qBbvHnFezAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADARBgNV
HSAECjAIMAYGBFUdIAAwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDovL2NybC51c2VydHJ1c3Qu
Y29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwdAYI
KwYBBQUHAQEEaDBmMD0GCCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVRO
QWRkVHJ1c3RDbGllbnRfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCF1r54V1VtM39EUv5C1QaoAQOAivsNsv1Kv/av
QUn1G1rF0q0bc24+6SZ85kyYwTAo38v7QjyhJT4KddbQPTmGZtGhm7VNm2+vKGwdr+XqdFqo
2rHA8XV6L566k3nK/uKRHlZ0sviN0+BDchvtj/1gOSBH+4uvOmVIPJg9pSW/ve9g4EnlFsjr
P0OD8ODuDcHTzTNfm9C9YGqzO/761Mk6PB/tm/+bSTO+Qik5g+4zaS6CnUVNqGnagBsePdIa
XXxHmaWbCG0SmYbWXVcHG6cwvktJRLiQfsrReTjrtDP6oDpdJlieYVUYtCHVmdXgQ0BCML7q
peeU0rD+83X5f27nMIIF4jCCBMqgAwIBAgIQUaWQdTU6RvxxeOjTUN4DtDANBgkqhkiG9w0B
AQUFADCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENP
TU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xMjAz
MjcwMDAwMDBaFw0xNTAzMjcyMzU5NTlaMIH6MQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMjIx
NTAxCzAJBgNVBAgTAlZBMRQwEgYDVQQHEwtTcHJpbmdmaWVsZDEaMBgGA1UECRMRNjkxNyBS
aWRnZXdheSBEci4xFTATBgNVBAoTDEpvbiBULiBSYWRlbDEyMDAGA1UECxMpSXNzdWVkIHRo
cm91Z2ggSm9uIFQuIFJhZGVsIEUtUEtJIE1hbmFnZXIxHzAdBgNVBAsTFkNvcnBvcmF0ZSBT
ZWN1cmUgRW1haWwxEjAQBgNVBAMTCUpvbiBSYWRlbDEcMBoGCSqGSIb3DQEJARYNam9uQHJh
ZGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMuufqoh9QnyjZTH7UdO
wpx6XnRz/94zoK1C1SaAepIRMyInXiwOVwT7iXKtkeRGEQA2vwTyqu5JVcvWkGxlTWPACgDW
dDE3296Up2K9CFfrm+RKdlc6xfMklR7qQWyNw5ULkeOZZOIoSAlVAJPhjIvHcf0UPxjTqgtP
4JafBBvL8RFhMAm74I1kWltMcFPVm1sLFDR1CDZ48/zqmhK/0ppbiBGapi8vAO382laFgHaN
8ODBFBffom5zjL/I9SggGGAdtwi7Vp2cjzgtuNVyORPv5Jz9zLylVKlhNvyq3VjbWXuJNw0E
J03F/UkjQsqsCkQnSdHAxtPkGhoBw/UvqEsCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFHoT
TgB0W8Z4Y2QnwS/ioFu8ecV7MB0GA1UdDgQWBBR8oxwxzLSB4/equQ4EqdH5Fld3sTAOBgNV
HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUH
AwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9z
ZWN1cmUuY29tb2RvLm5ldC9DUFMwVwYDVR0fBFAwTjBMoEqgSIZGaHR0cDovL2NybC5jb21v
ZG9jYS5jb20vQ09NT0RPQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNy
bDCBiAYIKwYBBQUHAQEEfDB6MFIGCCsGAQUFBzAChkZodHRwOi8vY3J0LmNvbW9kb2NhLmNv
bS9DT01PRE9DbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsG
AQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wGAYDVR0RBBEwD4ENam9uQHJhZGVs
LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAJB+JWM2MbG5rR7/RCEm8bQRziBfl/FztfoV6dDGU
Y0uTRegiwM2LA/GHGju7xtp49MrcmEciZs6Di2pvGzS5m/v5IBT0gMK6dyplBmBe4BXzwckE
1MH/iui+VstVHds+36SsQqPCtVmFWlX6QN56F6aGSCjI27f2mUYL3NBr6DPsslRIhF9PamKQ
Bp4Y25/hnd+paEGIF6AZM3Uv7TvsTdCaBOt3dLrwUIpyQex5yqO8GPKWwgEPKxKiro7uLNNY
yZU4dEEenQIi/4SD49XHd9Zqwf60jKVPeZjcrK7QSSQ8dlOYOGH60WBBFVwD1CCBCLSJnglY
Dwh5wcgQG9ZRvjGCBBkwggQVAgEBMIGoMIGTMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0Eg
TGltaXRlZDE5MDcGA1UEAxMwQ09NT0RPIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2Vj
dXJlIEVtYWlsIENBAhBRpZB1NTpG/HF46NNQ3gO0MAkGBSsOAwIaBQCgggJFMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE0MTEyMzIxNTgyOFowIwYJKoZI
hvcNAQkEMRYEFF/T/3LACaMwu6E901ymaoXWEzszMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZI
AWUDBAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI
hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgbkGCSsGAQQBgjcQBDGBqzCBqDCB
kzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMH
U2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBD
bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQUaWQdTU6RvxxeOjT
UN4DtDCBuwYLKoZIhvcNAQkQAgsxgauggagwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH
cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBT
ZWN1cmUgRW1haWwgQ0ECEFGlkHU1Okb8cXjo01DeA7QwDQYJKoZIhvcNAQEBBQAEggEAkFkJ
mW2uxfttgKfdQQ/Mg2JDlQRirBFJLzwcqhdIR0ekTm7YEaW51BQnR6idmYudF9UqURQtP75L
WP9st8PeR4BtMHIuWuvsZRit3r9wr+MDB1N843qxR9WyMUaGyBaDD5O6feQ9kzc89eS4Xsbo
U7HZd1WomZM99LIGRurwuvd28vB0bEcgnMvu8GnbMCNhat74iOETBlLdpA9rYE9MtQNmDBVN
H6lDgkBFXvCDW9+GWD41AxGW0I5mWpMrbr/JmIpGPbEDhz78xV4QrTQV8PmDvxvM0v1FUdJU
hzNhgq9CNkrhP+9RJO648dVt1hNmYeaUUlg8gAFhv3lotRYOQQAAAAAAAA==
--------------ms050500060608070008000205--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54725884.5060006>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation