routing to a directly attached subnet without an address in
this subnet
Lionel Fourquaux
lionel.fourquaux+freebsd-questions at normalesup.org
Mon Apr 25 22:05:38 UTC 2011
On Mon, Apr 25, 2011 at 10:17:40PM +1000, Daniel Marsh wrote:
>What you need to verify is the default routes on the client hosts. It's very
>likely your packets and your initial route add commands on your dual host
>machine are correct, yet the return route on the other clients are
>incorrect.
I have checked that. Actually, I can ping the router from the clients.
What does not work is initiating a packet exchange from the router's side.
Short reminder:
em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1
em1 has address fe80::1234:56ff:fe78:9abd
default route is to em0
2001:db8:0:1::/64 is router to em1
(route add -inet6 2001:db8:0:1::/64 -iface em1)
clients connected to em1 have addresses in 2001:db8:0:1::/64 and default
route to fe80::1234:56ff:fe78:9abd
If I reboot the router, then try to ping a client in 2001:db8:0:1::/64,
directly connected to em1, ping6 fails with "sendmsg: Operation not
permitted". tcpdump does not show anything being sent to this client. The
client's MAC does not show up in "ndp -a".
If I ping the router from the client, I get answers. The client's MAC
show up in the NDP table, and I can ping the client from the router as
long as it is still listed in the NDP table. If I clear the table with
"ndp -c", I can't ping from the router any more. If I reboot and add
a static entry for the client in the NDP table, I can ping this client.
All this seems to point to NDP as the root of the problem: it looks like
it is not aware of the addition of 2001:db8:0:1::/64 to the routing
table. I do not see any way to give the missing information to NDP
other than adding an address to em1. (Adding static entries for all the
clients would not be manageable in the long run).
Google seems to turn up some mentions of "cloning routes" that look like
a way to solve this (I'm not quite sure), but this was apparently
removed in a recent reimplementation of ARP+NDP (arp-v2). Maybe some
functionality was lost in the process, but I don't know about this.
More information about the freebsd-questions
mailing list