[Bug 263288] IPv6 system not responding to Neighbor Solicitation

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 30 May 2024 02:54:01 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263288

--- Comment #21 from Robert Blayzor <rblayzor@inoc.net> ---
I have run into this issue now a few times. I have seen hosts try to ping my
IPv6 hosts from off network and they just hang. Upon investigation I have found
that the host is hung up on ignoring NS messages from the router, even though
on the host we have NDP entries for both the link local and the global IP
address. ie:

# ndp -an | grep lagg1 | grep 00:09:0f
2607:f058:xx::1                      00:09:0f:09:00:01  lagg1 23h34m17s S R
fe80::209:fff:fe09:1%lagg1           00:09:0f:09:00:01  lagg1 23h33m53s S R



PCAP shows NS messages from the router, but there is zero response, the host
just ignores them. No firewall enabled at all....

I can ping from other hosts on the same subnet, that seems to work.

The kicker is, if I ping6 FROM the host to the router it takes about 5 seconds
(give or take) and then you're able to ping the gateway again. Once this
happens, packets from remote are able to ping and traffic flows again.

If I stop sending traffic and let things sit for about a minute, the process
repeats again. NDP sol messages from the router are ignored again and remain
broken until I ping the router from the host again.

If I keep a continuous ping from a host off link, it will never fail. This
seems to be some type of NDP timeout/cache issue.

I have tried setting: net.inet6.icmp6.nd6_onlink_ns_rfc4861=1. but that does
not seem to solve the problem.

I am currently seeing this on 13.1-RELEASE-p9 which is on a TrueNAS host. While
I realize 13.3 is current, TrueNAS seems to lag a little behind. I do have
other TrueNAS hosts running this version that don't seem to experience this
issue. (at least I've not reliably reproduced it on other machines)

I have tried just rebooting the host, but I CAN reliably reproduce this issue.

I have no other ND issues from the router to other hosts on this network. I
have confirmed the host *is* receiving the NS messages; it just never replies..

-- 
You are receiving this mail because:
You are the assignee for the bug.