IPv6 not responding on some aliases (recent 8-stable)

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Thu Dec 22 19:37:09 UTC 2011 

On 22. Dec 2011, at 18:01 , Marcin Cieslak wrote:

>>> Bjoern A. Zeeb <bzeeb-lists at lists.zabbadoz.net> wrote:
> 
>> to cut the long story short and before we try to debug this in detail;
>> if you try to reach all these addresses on the local machine, does that work, eg. if you ping6 2001:abcd:f:abcd::100[0-5] from that host itself?
> 
> Yes, 
> 
> $ ping6 2001:abcd:f:abcd::1003
> PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1003 --> 2001:abcd:f:abcd::1003
> 16 bytes from 2001:abcd:f:abcd::1003, icmp_seq=0 hlim=64 time=0.392 ms
> ^C
> --- 2001:abcd:f:abcd::1003 ping6 statistics ---
> 1 packets transmitted, 1 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 0.392/0.392/0.392/0.000 ms
> 
> also:
> 
> $ ping6 -S 2001:abcd:f:abcd::1001 2001:abcd:f:abcd::1005
> PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1001 --> 2001:abcd:f:abcd::1005
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=0 hlim=64 time=0.387 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=1 hlim=64 time=0.201 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=2 hlim=64 time=0.188 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3 hlim=64 time=0.196 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=4 hlim=64 time=0.198 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=5 hlim=64 time=0.254 ms
> ^C
> --- 2001:abcd:f:abcd::1005 ping6 statistics ---
> 6 packets transmitted, 6 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 0.188/0.237/0.387/0.070 ms
> 
> When I "tcpdump -n -i sis0 ip6" when doing 
> 
> ping6 -S 2001:abcd:f:abcd::1000 www.freebsd.org
> 
> I see a whole bunch of 
> 
> 17:49:05.528465 IP6 2001:abcd:f:abcd::1000 > 2001:4f8:fff6::22: ICMP6, echo request, seq 42, length 16
> 
> When pinging from outside via IPv6 nothing appears except ND traffic:
> 
> 17:50:19.658275 IP6 fe80::21c:c0ff:fede:adbf > fe80::5:73ff:fea0:0: ICMP6, neighbor solicitation, who has fe80::5:73ff:fea0:0, length 32
> 17:50:19.662226 IP6 fe80::5:73ff:fea0:0 > fe80::21c:c0ff:fede:adbf: ICMP6, neighbor advertisement, tgt is fe80::5:73ff:fea0:0, length 24
> 17:50:24.674531 IP6 fe80::21e:79ff:fe1e:d400 > fe80::21c:c0ff:fede:adbf: ICMP6, neighbor solicitation, who has fe80::21c:c0ff:fe26:8103, length 32
> 17:50:24.674649 IP6 fe80::21c:c0ff:fede:adbf > fe80::21e:79ff:fe1e:d400: ICMP6, neighbor advertisement, tgt is fe80::21c:c0ff:fe26:8103, length 24
> 17:50:26.668789 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: UDP, length 72
> 17:50:29.660582 IP6 2001:abcd:f:abcd::1000.64756 > 2a01:xxxx:yyyy::1.53: 8351 [1au][|domain]
> 17:50:29.674096 IP6 fe80::21c:c0ff:fede:adbf > fe80::21e:79ff:fe1e:d400: ICMP6, neighbor solicitation, who has fe80::21e:79ff:fe1e:d400, length 32
> 17:50:29.682082 IP6 fe80::21e:79ff:fe1e:d400 > fe80::21c:c0ff:fede:adbf: ICMP6, neighbor advertisement, tgt is fe80::21e:79ff:fe1e:d400, length 24
> 17:50:34.637895 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: UDP, length 6
> 
> fe80::21c:c0ff:fede:abbf is the problematic host
> 
> When doing 
> 
> ping6 -S 2001:abcd:f:abcd::1000 2a01:xxx:yyy::1
> PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1000 --> 2a01:xxx:yyy::1
> ^C
> --- 2a01:xxx:yyy::1 ping6 statistics ---
> 29 packets transmitted, 0 packets received, 100.0% packet loss
> 
> The 2a01:xxx:yyy::1 host reports ICMPv6 via bpf:
> 
> 18:56:47.012614 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, echo request, seq 23, length 16
> 18:56:47.014426 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, echo reply, seq 23, length 16
> 18:56:48.012368 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, echo request, seq 24, length 16
> 18:56:48.013422 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, echo reply, seq 24, length 16
> 
> So it seems the packets are sent, the host just can't receive.
> 
> I initially thought it's a transport layer issue, since previously (before
> I changed configuration) 30%-50% SSH connection attempts succeeded
> (but prefix was wrong on the "primary" IPv6 address :1000).
> Now I get no packets on receiving side at all for those "broken" IPv6 addresses.

Talk to ywhomever is providing in front of you to
1) either relax nd6 table limits or
2) to route a /64 to your host to only have 1 entry in the neighbour table.

That's most likely the problem given my crystal ball and experience.

/bz

-- 
Bjoern A. Zeeb                                 You have to have visions!
         Stop bit received. Insert coin for new address family.

More information about the freebsd-net mailing list