From nobody Thu Apr 07 21:22:47 2022 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3EC921A867D7 for ; Thu, 7 Apr 2022 21:22:52 +0000 (UTC) (envelope-from freebsd@dsllsn.net) Received: from mail.disillusion.net (mail.disillusion.net [96.126.127.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.disillusion.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KZDqv2g3Wz3mvh for ; Thu, 7 Apr 2022 21:22:51 +0000 (UTC) (envelope-from freebsd@dsllsn.net) Received: from roast.disillusion.net (localhost [127.0.0.1]) by roast.disillusion.net (OpenSMTPD) with ESMTP id a7e575e8 for ; Thu, 7 Apr 2022 16:22:47 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dsllsn.net; h=from :content-type:content-transfer-encoding:mime-version:subject :message-id:date:to; s=drip; bh=Ek0PnOvVurlT19CnJ7EkCVQyDh4JKSJe DUWBLvTYn0k=; b=R62BvBm2GFL99/mJas8LHR07elnLm4X6NlioQTeie+HFb8pH mE6MsIXLvFxn3TscXSAJV0kUPyl00yAvA61rMJjEICMS5vyEx2YiSJUfBE1Jn2iz X7utY8s6qIpNvBLuIXa+XE4R/eaIMuCkLi5JvCtLQ72iPW6GjoGXJfu/i7E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=dsllsn.net; h=from :content-type:content-transfer-encoding:mime-version:subject :message-id:date:to; q=dns; s=drip; b=oZTL5jk+mXc0LrW4cQbruKWZhW M7rWz1963NtgeGb8yF77nuJrAU1iqb3J41q1klJNK9AtFJBNW2BfmbOm05smS2/K YP6G4e9D4mdXG6iZgPrI+qHaph1Qct7TVdRZzLHhTZ0PsU1FLqWCiM4Ac9fUK0ZX LaS1xVFUCaefVo26A= Received: by mail.disillusion.net (OpenSMTPD) with ESMTPSA id b5b94f60 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Thu, 7 Apr 2022 16:22:47 -0500 (CDT) From: William Carson Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\)) Subject: IPv6 system not responding to Neighbor Solicitation Message-Id: Date: Thu, 7 Apr 2022 16:22:47 -0500 To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3608.120.23.2.7) X-Rspamd-Queue-Id: 4KZDqv2g3Wz3mvh X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=dsllsn.net header.s=drip header.b=R62BvBm2; dmarc=pass (policy=reject) header.from=dsllsn.net; spf=pass (mx1.freebsd.org: domain of freebsd@dsllsn.net designates 96.126.127.161 as permitted sender) smtp.mailfrom=freebsd@dsllsn.net X-Spamd-Result: default: False [-3.50 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[dsllsn.net:s=drip]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[dsllsn.net:+]; DMARC_POLICY_ALLOW(-0.50)[dsllsn.net,reject]; NEURAL_HAM_SHORT(-1.00)[-0.998]; MLMMJ_DEST(0.00)[freebsd-net]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:63949, ipnet:96.126.112.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Hello, recently after enabling ipv6_privacy in /etc/rc.conf and = rebooting, I've been unable to get IPv6 connectivity to work in a hosted = environment. (I don't know if this is a red herring or not.) I've tried = disabling it, and even after rebooting, it still doesn't work. (Doesn't = work meaning: I'm unable to ping6 hosts on the Internet that are = reachable, e.g. ipv6.google.com.) I confirmed ipv6_privacy is actually = disabled: # sysctl -a | grep tempaddr net.inet6.ip6.use_tempaddr: 0 net.inet6.ip6.prefer_tempaddr: 0 If I boot into a Linux environment (the provider has a Rescue mode), I'm = able to reach IPv6 just fine. Furthermore, if I then reboot back into = FreeBSD 13.0-RELEASE-p10 it will work for around ~5 minutes and then = connections time out. Given the behavior and based on some tcpdumps, it looks like my system = is not responding to the upstream router's Neighbor Solicitation = messages. If I boot into Linux, it respond to the NS messages, the = router caches the MAC address, and IPv6 works. If I'm fast enough and = reboot into FreeBSD, IPv6 works until the the entry expires, and then I = just see this: 13:24:58.901780 IP6 2600:3c00::f03c:91ff:feb0:a56f > = 2605:6400:10:968:22:da15:28a6:c800: ICMP6, echo request, seq 40, length = 16 13:24:59.277713 IP6 2600:3c00::8678:acff:fe1c:ec41 > ff02::1:ffb0:a56f: = ICMP6, neighbor solicitation, who has 2600:3c00::f03c:91ff:feb0:a56f, = length 32 13:24:59.277799 IP6 2600:3c00::8678:acff:fe1c:ec41 > ff02::1:ffb0:a56f: = ICMP6, neighbor solicitation, who has 2600:3c00::f03c:91ff:feb0:a56f, = length 32 3 packets, the echo request, then two NS requests, and no response -- = and then it just repeats.=20 I confirmed b0:a5:6f is the Device ID part of my MAC:=20 # ifconfig em0 em0: flags=3D8863 metric 0 mtu = 1500 = options=3D481209b ether f2:3c:91:b0:a5:6f <--- inet6 fe80::f03c:91ff:feb0:a56f%em0 prefixlen 64 scopeid 0x1 inet6 2600:3c00::f03c:91ff:feb0:a56f prefixlen 64 autoconf inet6 2600:3c00:e000:137::1 prefixlen 128 inet6 2600:3c00:e000:137::1:1 prefixlen 128 inet6 2600:3c00:e000:137::2:1 prefixlen 128 inet6 2600:3c00:e000:137::3:1 prefixlen 128 inet6 2600:3c00:e000:137:cafe:8a2e:370:7334 prefixlen 128 inet 96.126.127.161 netmask 0xffffff00 broadcast = 96.126.127.255 inet 173.255.203.45 netmask 0xffffffff broadcast = 173.255.203.45 inet 96.126.122.129 netmask 0xffffffff broadcast = 96.126.122.129 inet 50.116.26.213 netmask 0xffffffff broadcast 50.116.26.213 media: Ethernet autoselect (1000baseT ) status: active nd6 = options=3D8023 Therefore the Solicited-node multicast address ff02::1:ffb0:a56f looks = to be correct. I've also confirmed the router's address is within the = assigned SLAAC network (Router: 2600:3c00::8678:acff:fe1c:ec41, SLAAC = address: 2600:3c00::f03c:91ff:feb0:a56f/64).Furthermore, the multicast = address does show up in `ifmcstat`: # ifmcstat em0: inet6 fe80::f03c:91ff:feb0:a56f%em0 scopeid 0x1 mldv2 flags=3D2 rv 2 qi 125 qri 10 uri 3 group ff02::1:ff70:7334%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:ff:70:73:34 group ff02::1:ff03:1%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:ff:03:00:01 group ff02::1:ff02:1%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:ff:02:00:01 group ff02::1:ff01:1%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:ff:01:00:01 group ff02::1:ff00:1%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:ff:00:00:01 inet 96.126.127.161 igmpv3 rv 2 qi 125 qri 10 uri 3 group 224.0.0.1 mode exclude mcast-macaddr 01:00:5e:00:00:01 inet6 fe80::f03c:91ff:feb0:a56f%em0 scopeid 0x1 mldv2 flags=3D2 rv 2 qi 125 qri 10 uri 3 group ff01::1%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:00:00:00:01 group ff02::2:bdc6:c84d%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:bd:c6:c8:4d group ff02::2:ffbd:c6c8%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:ff:bd:c6:c8 group ff02::1%em0 scopeid 0x1 mode exclude mcast-macaddr 33:33:00:00:00:01 group ff02::1:ffb0:a56f%em0 scopeid 0x1 mode exclude = <--- mcast-macaddr 33:33:ff:b0:a5:6f I can even ping the address and it replies! # ping6 ff02::1:ffb0:a56f PING6(56=3D40+8+8 bytes) fe80::f03c:91ff:feb0:a56f%em0 --> = ff02::1:ffb0:a56f 16 bytes from fe80::f03c:91ff:feb0:a56f%em0, icmp_seq=3D0 hlim=3D64 = time=3D0.451 ms 16 bytes from fe80::f03c:91ff:feb0:a56f%em0, icmp_seq=3D1 hlim=3D64 = time=3D0.446 ms 16 bytes from fe80::f03c:91ff:feb0:a56f%em0, icmp_seq=3D2 hlim=3D64 = time=3D0.618 ms ^C Does anyone have any thoughts why it's not responding to the Neighbor = Solicitation messages? I've been troubleshooting this for a few days now = and can't figure it out. I also tried booting kernel.old (which I think = is -p8 or -p9), but it made no difference. I've tried with and without = pf enabled -- again, no difference. I don't know if this is useful, but I validated routes are being = discovered: # ndp -na Neighbor Linklayer Address Netif Expire = S Flags 2600:3c00:e000:137::1:1 f2:3c:91:b0:a5:6f em0 = permanent R 2600:3c00:e000:137::1 f2:3c:91:b0:a5:6f em0 = permanent R fe80::1%em0 00:05:73:a0:0f:ff em0 = 23h56m36s S R <--- 2600:3c00:e000:137::3:1 f2:3c:91:b0:a5:6f em0 = permanent R 2600:3c00:e000:137::2:1 f2:3c:91:b0:a5:6f em0 = permanent R 2600:3c00::f03c:91ff:feb0:a56f f2:3c:91:b0:a5:6f em0 = permanent R fe80::f03c:91ff:feb0:a56f%em0 f2:3c:91:b0:a5:6f em0 = permanent R fe80::8678:acff:fe1c:ec41%em0 84:78:ac:1c:ec:41 em0 23h49m7s = S R <--- 2600:3c00:e000:137:cafe:8a2e:370:7334 f2:3c:91:b0:a5:6f em0 = permanent R # netstat -nr6 Routing tables Internet6: Destination Gateway Flags = Netif Expire ::/96 ::1 UGRS = lo0 default fe80::1%em0 UG = em0 <--- ::1 link#2 UHS = lo0 ::ffff:0.0.0.0/96 ::1 UGRS = lo0 2600:3c00::f03c:91ff:feb0:a56f link#1 UHS = lo0 2600:3c00:e000:137::1 link#1 UHS = lo0 2600:3c00:e000:137::1:1 link#1 UHS = lo0 2600:3c00:e000:137::2:1 link#1 UHS = lo0 2600:3c00:e000:137::3:1 link#1 UHS = lo0 2600:3c00:e000:137:cafe:8a2e:370:7334 link#1 UHS = lo0 fe80::/10 ::1 UGRS = lo0 fe80::%em0/64 link#1 U = em0 fe80::f03c:91ff:feb0:a56f%em0 link#1 UHS = lo0 fe80::%lo0/64 link#2 U = lo0 fe80::1%lo0 link#2 UHS = lo0 ff02::/16 ::1 UGRS = lo0 And here's the IPv6 part in my rc.conf: # ipv6 rtsold_enable=3D"YES" rtsold_flags=3D"-aF" #ipv6_activate_all_interfaces=3D"YES" ipv6_network_interfaces=3D"em0" ipv6_default_interface=3D"em0" ifconfig_em0_ipv6=3D"inet6 accept_rtadv" ifconfig_em0_aliases=3D"\ inet6 2600:3c00:e000:0137::0:1/128 \ inet6 2600:3c00:e000:0137::1:1/128 \ inet6 2600:3c00:e000:0137::2:1/128 \ inet6 2600:3c00:e000:0137::3:1/128 \ inet6 2600:3c00:e000:0137:cafe:8a2e:0370:7334/128" I'm at a complete loss. Any help troubleshooting this would be greatly = appreciated. Sincerely, --wcarson=