ipv6 default router Operation not permitted

Schrodinger schrodinger at konundrum.org
Wed Mar 13 16:33:26 UTC 2013 

On 2013/03/13 16:29, Joe Holden wrote:
> Strange, I used this setup on an OVH machine a while ago, seemed to work 
> - perhaps something isn't properly configured at their end properly
> 

I have a ticket opened with OVH since yesterday to confirm or deny the
future of RA on their network.

Thankfully this discussion has helped to further understand what
*should* be happening and why RA is really more ideal.

This is for a new box and I have time to experiment, my old host uses 
/56 but it's not the right way to do it, IMHO.

C.

> Schrodinger wrote:
> > On 2013/03/13 15:52, Joe Holden wrote:
> >> Just use router solicitation to ask for the link-local gateway, that is 
> >> the "correct" way to do it.
> >>
> > 
> > Hi Joe,
> > 
> > If you read some of this thread you'll note that router advertisements
> > are being disabled by the hosting provider. While their documentation
> > indicates the use of router advertisments this does not solve the issue
> > that I get "Operation not permitted" when trying to ping the default
> > gateway.
> > 
> > Without ACCEPT_RTADV on re0 FreeBSD does not even perform NEIGHBOUR
> > solicitation for 2001:41d0:2:e7ff:ff:ff:ff:ff - presumably because it
> > thinks that this is not on the same link as re0.
> > 
> > C.
> > 
> >> Schrodinger wrote:
> >>> Damien, 
> >>>
> >>> I appreciate your replies very much, but I'm a subscriber so just reply
> >>> to the mailing list. Thanks.
> >>>
> >>> On 2013/03/13 14:19, Fleuriot Damien wrote:
> >>>
> >>> [SNARF]
> >>>
> >>>> These are indeed correct, thanks for clarifying.
> >>>>
> >>> I thought that's what I said in my first email ;) Sorry for any
> >>> confusion.
> >>>
> >>>> Find below the config I'm using on an old OVH box.
> >>>> Said config might be outdated now (as per OVH's guide on setting up IPv6 [1]) , however that was at the time the only way to get things working properly.
> >>>>
> >>>> rc.conf
> >>>> ===
> >>>> #Range IPv6: 2001:41D0:2:613b::/64
> >>>> ipv6_enable="YES"
> >>>> ipv6_ifconfig_re0="fe80::21c:c0ff:fef3:31fa/64 scopeid 0x1"
> >>>> ipv6_ifconfig_re0_alias0="2001:41d0:2:613b::dead:beef/56"
> >>>> ipv6_defaultrouter="2001:41d0:2:61ff:ff:ff:ff:ff"
> >>>> ===
> >>>>
> >>> You have /56 and this is what I believe to be the incorrect way to get
> >>> this to Just Work. I think this assume that anyone else in this /56 is
> >>> in the same layer two segment as you.... 
> >>>
> >>>> routing table
> >>>> ===
> >>> [SNARF]
> >>>> ===
> >>>>
> >>>>
> >>>>
> >>>> Notice that said config actually works:
> >>>> ===
> >>>> $ ping6 www.google.com
> >>>> PING6(56=40+8+8 bytes) 2001:41d0:2:613b::dead:beef --> 2a00:1450:4007:804::1014
> >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=0 hlim=57 time=4.461 ms
> >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=1 hlim=57 time=4.462 ms
> >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=2 hlim=57 time=4.405 ms
> >>>> ^C
> >>>> --- www.google.com ping6 statistics ---
> >>>> 3 packets transmitted, 3 packets received, 0.0% packet loss
> >>>> round-trip min/avg/max/std-dev = 4.405/4.443/4.462/0.027 ms
> >>>> ===
> >>>>
> >>>> Either way, you might want to have a look at OVH's guide [1] but in my own case, using a /56 was, at the time, the only way to get things working in a clean way.
> >>>>
> >>>> [1] http://help.ovh.com/Ipv4Ipv6#link10
> >>>>
> >>> I read this, I made sure to read this and then I read it a second time.
> >>> No where does it indicate the use of a /56. I am in the process of a
> >>> migration from an old OVH server to a new OVH server. My old box uses
> >>> the /56 prefix length "fix" but based on the documentation this is
> >>> incorrect and IMO this assumes that anyone else in the /56 is in the 
> >>> same segment as me and if they are using /64 - well, There Be Dragons.
> >>>
> >>> Also from the information I have received, router advertisements may be
> >>> turned off in the future, my host should simply Neighbour Solicit for
> >>> the global scope unicast address of my default gateway. And as pointed
> >>> out in previous emails without ACCEPT_RTADV for re0 - FreeBSD does not
> >>> perform this action.
> >>>
> >>> So again, what is the correct way ? I think this is a debate of IPv6
> >>> Protocol vs. IPv6 Policy vs. Network architecture.
> >>>
> >>> I'll go and get Tina Turner. You get Masterblaster and we'll meet in
> >>> Thunderdome.
> >>>
> >>> C.
> > 
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

-- 
+---------------------------------------------------------------+
Quidquid latine dictum sit, altum sonatur.
MSN: schro5 at hotmail.com
ICQ: 112562229
GPG: http://www.konundrum.org/schro.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20130313/a9310a62/attachment.sig>

More information about the freebsd-net mailing list