On 22. Dec 2011, at 18:01 , Marcin Cieslak wrote:
>>> Bjoern A. Zeeb <bzeeb-li...@lists.zabbadoz.net> wrote:
>
>> to cut the long story short and before we try to debug this in detail;
>> if you try to reach all these addresses on the local machine, does that
>> work, eg. if you ping6 2001:abcd:f:abcd::100[0-5] from that host itself?
>
> Yes,
>
> $ ping6 2001:abcd:f:abcd::1003
> PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1003 --> 2001:abcd:f:abcd::1003
> 16 bytes from 2001:abcd:f:abcd::1003, icmp_seq=0 hlim=64 time=0.392 ms
> ^C
> --- 2001:abcd:f:abcd::1003 ping6 statistics ---
> 1 packets transmitted, 1 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 0.392/0.392/0.392/0.000 ms
>
> also:
>
> $ ping6 -S 2001:abcd:f:abcd::1001 2001:abcd:f:abcd::1005
> PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1001 --> 2001:abcd:f:abcd::1005
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=0 hlim=64 time=0.387 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=1 hlim=64 time=0.201 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=2 hlim=64 time=0.188 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3 hlim=64 time=0.196 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=4 hlim=64 time=0.198 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=5 hlim=64 time=0.254 ms
> ^C
> --- 2001:abcd:f:abcd::1005 ping6 statistics ---
> 6 packets transmitted, 6 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 0.188/0.237/0.387/0.070 ms
>
> When I "tcpdump -n -i sis0 ip6" when doing
>
> ping6 -S 2001:abcd:f:abcd::1000 www.freebsd.org
>
> I see a whole bunch of
>
> 17:49:05.528465 IP6 2001:abcd:f:abcd::1000 > 2001:4f8:fff6::22: ICMP6, echo
> request, seq 42, length 16
>
> When pinging from outside via IPv6 nothing appears except ND traffic:
>
> 17:50:19.658275 IP6 fe80::21c:c0ff:fede:adbf > fe80::5:73ff:fea0:0: ICMP6,
> neighbor solicitation, who has fe80::5:73ff:fea0:0, length 32
> 17:50:19.662226 IP6 fe80::5:73ff:fea0:0 > fe80::21c:c0ff:fede:adbf: ICMP6,
> neighbor advertisement, tgt is fe80::5:73ff:fea0:0, length 24
> 17:50:24.674531 IP6 fe80::21e:79ff:fe1e:d400 > fe80::21c:c0ff:fede:adbf:
> ICMP6, neighbor solicitation, who has fe80::21c:c0ff:fe26:8103, length 32
> 17:50:24.674649 IP6 fe80::21c:c0ff:fede:adbf > fe80::21e:79ff:fe1e:d400:
> ICMP6, neighbor advertisement, tgt is fe80::21c:c0ff:fe26:8103, length 24
> 17:50:26.668789 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: UDP,
> length 72
> 17:50:29.660582 IP6 2001:abcd:f:abcd::1000.64756 > 2a01:xxxx:yyyy::1.53: 8351
> [1au][|domain]
> 17:50:29.674096 IP6 fe80::21c:c0ff:fede:adbf > fe80::21e:79ff:fe1e:d400:
> ICMP6, neighbor solicitation, who has fe80::21e:79ff:fe1e:d400, length 32
> 17:50:29.682082 IP6 fe80::21e:79ff:fe1e:d400 > fe80::21c:c0ff:fede:adbf:
> ICMP6, neighbor advertisement, tgt is fe80::21e:79ff:fe1e:d400, length 24
> 17:50:34.637895 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: UDP,
> length 6
>
> fe80::21c:c0ff:fede:abbf is the problematic host
>
> When doing
>
> ping6 -S 2001:abcd:f:abcd::1000 2a01:xxx:yyy::1
> PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1000 --> 2a01:xxx:yyy::1
> ^C
> --- 2a01:xxx:yyy::1 ping6 statistics ---
> 29 packets transmitted, 0 packets received, 100.0% packet loss
>
> The 2a01:xxx:yyy::1 host reports ICMPv6 via bpf:
>
> 18:56:47.012614 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, echo
> request, seq 23, length 16
> 18:56:47.014426 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, echo
> reply, seq 23, length 16
> 18:56:48.012368 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, echo
> request, seq 24, length 16
> 18:56:48.013422 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, echo
> reply, seq 24, length 16
>
> So it seems the packets are sent, the host just can't receive.
>
> I initially thought it's a transport layer issue, since previously (before
> I changed configuration) 30%-50% SSH connection attempts succeeded
> (but prefix was wrong on the "primary" IPv6 address :1000).
> Now I get no packets on receiving side at all for those "broken" IPv6
> addresses.
Talk to ywhomever is providing in front of you to
1) either relax nd6 table limits or
2) to route a /64 to your host to only have 1 entry in the neighbour table.
That's most likely the problem given my crystal ball and experience.
/bz
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
