Hello
After some apparently unrelated changes, one of my routers stopped
routing traffic to a few IPv6 destinations. After a lot of
experimentation, including rebooting (did not help), I found this:
archive.ubuntu.com: 2001:67c:1360:8001::17
"ping6 vrf internet 2001:67c:1360:8001::17" from the router shell works.
ping6/traceroute from a customer connection has the packet dropped by
the router. Traceroute gets nothing back at all.
2001:67c:1360:7fff:: is ok. Does not reply to ping because I just made
up that address. But I get a valid traceroute all the way to the
destination.
Anything between 2001:67c:1360:8000:: and
2001:67c:1360:ffff:ffff:ffff:ffff:ffff is dropped.
My route table looks like this:
albertslund-edge1#show ipv6 forwarding route vrf internet
2001:67c:1360:8001::17
IPv6 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : K: kernel, I1: isis-l1, SFN: sf-nat64, R: ripng, AF: aftr, B: bgp,
D: direct, I2: isis-l2, SLN: sl-nat64, O: ospfv3, D6: dhcp, P:
ppp,
S: static, N: nd, V: vrrp, A: address, M: multicast, UI:
user-ipaddr,
GW-FWD: PS-BUSI,GW-UE: PS-USER,LDP-A: LDP-AREA, UN: user-network,
US: user-special;
Dest Owner Metric
Interface Pri Gw
2001:67c:1360::/48 B 0
xgei-0/0/0/6 200 ::ffff:185.24.168.254
::/0 B 0
xgei-0/0/0/6 200 ::ffff:185.24.168.254
Notice how this is a /48 route and one bit at the /49 level changes how
it is routed. That is not right.
I tried adding a /128 static route but that does not do anything. The
packet is still dropped.
I just now discovered this:
google.com: 2a00:1450:400e:807::200e
That address works fine. But then I changed that one bit in the address:
2a00:1450:400e:8807::200e and voila, the router drops the packet.
Now I am stumbled. What could the 49th bit in the destination IPv6
address field in a packet mean to the router, that would make it drop
the packet?
Some extra information about the network: We are using MPLS with l3vpn
(vrf) and l2vpn (vpls). The traffic is qinq tagged before being
transported in a l2vpn towards the router in question. The l2vpn does
not transport the outer vlan tag. The l2vpn is then terminated on a
loopback cable. On the other end of that loopback cable we receive the
traffic as ordinary qinq tagged without MPLS tagging. It is on this
interface the router apparently drops the packet. It might conceivably
also drop the packet on the way out of the l2vpn.
I have a similar setup, but instead of a loopback cable, the l2vpn is
terminated on another MPLS switch, which then connects to a router of
the same model. This setup does not have the problem.
The change I introduced was changing from an internal interface called
"bvi" to the loopback cable. The bvi interface is a simulated loopback
cable construct. We are dropping the bvi interface because it is very
buggy. We did not have this problem with the bvi interface however.
The hardware is ZTE M6000-S V3.00.20(3.40.1).
Thanks,
Baldur
