IPv6 Source Address Selection in 9.x

Mark Kamichoff prox at prolixium.com
Mon Oct 14 20:39:32 UTC 2013 

Hi - 

A colleague of mine recently stumbled upon an IPv6-related quirk in
FreeBSD that seems to have appeared in the 9.x series.

It appears that more often than not, IPv6 is not chosen as the default
address family when initiating outbound connections, even in cases where
there's an IPv6 address on the outgoing interface and the DNS returns at
least one AAAA for the destination host.

For example:

(dax:16:23)% host he.net.
he.net has address 216.218.186.2
he.net has IPv6 address 2001:470:0:76::2
he.net mail is handled by 1 he.net.
(dax:16:23)% telnet he.net. 80
Trying 216.218.186.2...
Connected to he.net.
Escape character is '^]'.
^]^D
telnet> Connection closed.

he.net. clearly has an AAAA, but FreeBSD connects using IPv4, instead of
IPv6.

Forcing the address family does still work, though:

(dax:16:23)% telnet -6 he.net. 80
Trying 2001:470:0:76::2...
Connected to he.net.
Escape character is '^]'.
^]^D
telnet> Connection closed.

The above was taken on a FreeBSD-9.1-RELEASE-p4 host with a static
default route to the Internet and static IPv6 addressing on the outgoing
interface.  Although there are tunnels on the machine, the default route
does not exit through a tunnel interace.

Here is some sanitized output from ifconfig and route:

(dax:16:31)% ifconfig em0
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 00:24:8c:36:57:ad
        inet 10.9.189.182 netmask 0xfffffffc broadcast 10.9.189.183
        inet6 fe80::224:8cff:fe26:57ad%em0 prefixlen 64 scopeid 0x1 
        inet6 2001:db8:1:2::2 prefixlen 64 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active

(dax:16:35)% netstat -f inet6 -n -r|grep default
default                           2001:db8:1:2::1              UG1 em0

This behavior has been reproduced on 9.2, as well.  It has not been seen
on any prior version of FreeBSD that supports IPv6.

I took a quick look through /etc/default/rc.conf to see if there were
any new variables that might influence source address selection or name
resolution, but did not see anything relevant.

Has anyone else experienced a problem like this?

- Mark

-- 
Mark Kamichoff
prox at prolixium.com
http://www.prolixium.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20131014/667eb0b1/attachment.sig>

More information about the freebsd-net mailing list