[Bug 265857] qlnxe: no IPV6 pings between nodes on the same switch until an IPv4 address is set

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 17 Nov 2022 03:08:37 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265857

--- Comment #29 from Zhenlei Huang <zlei.huang@gmail.com> ---
(In reply to benoitc from comment #26)

> I suspect some multicast packets are discarded.
From the pcap you provided, my previous guess is right.

While ping6 A(<PREFIX>::11) -> B (<PREFIX>::12), the initial neighbor
solicitation is sent to multicast address ff02::1:ff00:12, the corresponding
layer 2 address is 33:33:ff:00:00:12 .
For some reason (the qlnx might be not configured correctly) B dropped the NS
packet and then A continuously send NS packets.

For destination link-local addresses fe80::b67a:f1ff:fe7a:9952, the
corresponding layer 2 address is 33:33:ff:7a:99:52 , and B is willing to accept
the NS packet (with multicast dest 33:33:ff:7a:99:52).

When the interface is put into promiscuous mode, all multicast addresses are
accepted.


To workaround it, you either

1) Put the interface ql0 into promiscuous mode by `ifconfig ql0 promisc`

2) Config the public IPv6 address to include last three octets of the ether
address. <PREFIX>::7a:9c10 for A, <PREFIX>::7a:9952 for B, e.g.

3) Manually register NDP entries for all nodes. `ndp -s <PREFIX>::12
b4:7a:f1:7a:99:52` on A, e.g.

For 1) although it looks overhead to put interface into promiscuous mode, but
switches are smart and will filter out unwanted packets. And you can still
employ `ipv6_privacy` simultaneously.

For 2) you can give it a try if you do not need `ipv6_privacy` and those public
IPv6 addresses can fulfill.

For 3) if 2) can not fulfill. You may want some automation tools (Puppet for
example) to free up your hands.

-- 
You are receiving this mail because:
You are the assignee for the bug.