ipv6 default router Operation not permitted

Schrodinger schrodinger at konundrum.org
Wed Mar 13 15:59:40 UTC 2013 

On 2013/03/13 15:52, Joe Holden wrote:
> Just use router solicitation to ask for the link-local gateway, that is 
> the "correct" way to do it.
> 

Hi Joe,

If you read some of this thread you'll note that router advertisements
are being disabled by the hosting provider. While their documentation
indicates the use of router advertisments this does not solve the issue
that I get "Operation not permitted" when trying to ping the default
gateway.

Without ACCEPT_RTADV on re0 FreeBSD does not even perform NEIGHBOUR
solicitation for 2001:41d0:2:e7ff:ff:ff:ff:ff - presumably because it
thinks that this is not on the same link as re0.

C.

> Schrodinger wrote:
> > Damien, 
> > 
> > I appreciate your replies very much, but I'm a subscriber so just reply
> > to the mailing list. Thanks.
> > 
> > On 2013/03/13 14:19, Fleuriot Damien wrote:
> > 
> > [SNARF]
> > 
> >>
> >> These are indeed correct, thanks for clarifying.
> >>
> > 
> > I thought that's what I said in my first email ;) Sorry for any
> > confusion.
> > 
> >> Find below the config I'm using on an old OVH box.
> >> Said config might be outdated now (as per OVH's guide on setting up IPv6 [1]) , however that was at the time the only way to get things working properly.
> >>
> >> rc.conf
> >> ===
> >> #Range IPv6: 2001:41D0:2:613b::/64
> >> ipv6_enable="YES"
> >> ipv6_ifconfig_re0="fe80::21c:c0ff:fef3:31fa/64 scopeid 0x1"
> >> ipv6_ifconfig_re0_alias0="2001:41d0:2:613b::dead:beef/56"
> >> ipv6_defaultrouter="2001:41d0:2:61ff:ff:ff:ff:ff"
> >> ===
> >>
> > 
> > You have /56 and this is what I believe to be the incorrect way to get
> > this to Just Work. I think this assume that anyone else in this /56 is
> > in the same layer two segment as you.... 
> > 
> >> routing table
> >> ===
> > [SNARF]
> >> ===
> >>
> >>
> >>
> >> Notice that said config actually works:
> >> ===
> >> $ ping6 www.google.com
> >> PING6(56=40+8+8 bytes) 2001:41d0:2:613b::dead:beef --> 2a00:1450:4007:804::1014
> >> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=0 hlim=57 time=4.461 ms
> >> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=1 hlim=57 time=4.462 ms
> >> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=2 hlim=57 time=4.405 ms
> >> ^C
> >> --- www.google.com ping6 statistics ---
> >> 3 packets transmitted, 3 packets received, 0.0% packet loss
> >> round-trip min/avg/max/std-dev = 4.405/4.443/4.462/0.027 ms
> >> ===
> >>
> >> Either way, you might want to have a look at OVH's guide [1] but in my own case, using a /56 was, at the time, the only way to get things working in a clean way.
> >>
> >> [1] http://help.ovh.com/Ipv4Ipv6#link10
> >>
> > 
> > I read this, I made sure to read this and then I read it a second time.
> > No where does it indicate the use of a /56. I am in the process of a
> > migration from an old OVH server to a new OVH server. My old box uses
> > the /56 prefix length "fix" but based on the documentation this is
> > incorrect and IMO this assumes that anyone else in the /56 is in the 
> > same segment as me and if they are using /64 - well, There Be Dragons.
> > 
> > Also from the information I have received, router advertisements may be
> > turned off in the future, my host should simply Neighbour Solicit for
> > the global scope unicast address of my default gateway. And as pointed
> > out in previous emails without ACCEPT_RTADV for re0 - FreeBSD does not
> > perform this action.
> > 
> > So again, what is the correct way ? I think this is a debate of IPv6
> > Protocol vs. IPv6 Policy vs. Network architecture.
> > 
> > I'll go and get Tina Turner. You get Masterblaster and we'll meet in
> > Thunderdome.
> > 
> > C.
> 

-- 
+---------------------------------------------------------------+
Quidquid latine dictum sit, altum sonatur.
MSN: schro5 at hotmail.com
ICQ: 112562229
GPG: http://www.konundrum.org/schro.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20130313/ed52117e/attachment.sig>

More information about the freebsd-net mailing list