date:20240723

[Bug 280386] if_bridge throws output errors under load

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280386

--- Comment #1 from Zhenlei Huang  ---
(In reply to pascal.guitierrez from comment #0)
The if_bridge(4) promote underlaying errors from bridge members,

```
2108 if ((err = dst_ifp->if_transmit(dst_ifp, m))) {
2109 int n;
2110 
2111 for (m = m0, n = 1; m != NULL; m = m0, n++) {
2112 m0 = m->m_nextpkt;
2113 m_freem(m);
2114 }
2115 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, n);
2116 break;
2117 }
```

may you please also share the statistics for output dropped packets, aka
`netstat -di` ?

-- 
You are receiving this mail because:
You are the assignee for the bug.

DHCPv6 IA_PD - how-to

2024-07-23 Thread Chris Ross

tl;dr; anyone have a good IPv6 network setup based on an IA_PD from
their provider?  Any details or advice to share?

The current router is x86_64 FreeBSD 11.x, but I’m building the FreeBSD
14.1 system to replace it now.  What to install on it for this is a pending
question.

Hello all.  I have been running a FreeBSD router for years and years.  I have
this year been trying to figure out how to use an IPv6 allocation from my
provider (Verizon FiOS).  They are using the PD feature of DHCPv6 to give
a delegation, and not given an address (NA) when asked.

There are, unfortunately, _many_ programs that can help me with this,
and google yielded no clear best-path.  I have not been able to get
ISC dhclient to work for me so far, and I did get dhcpcd working, but
only with command-line options rather than config file, and that
application doesn’t have the smarts to configure things based on 
the PD, so I’d have to code all of that myself.

Thank you.

- Chris

Re: DHCPv6 IA_PD - how-to

2024-07-23 Thread Roy Marples

Hi

 On Tue, 23 Jul 2024 18:11:18 +0100 cross+free...@distal.com wrote 


> tl;dr; anyone have a good IPv6 network setup based on an IA_PD from
> their provider? Any details or advice to share?
>
> The current router is x86_64 FreeBSD 11.x, but I’m building the FreeBSD
> 14.1 system to replace it now. What to install on it for this is a pending
> question.
>
> Hello all. I have been running a FreeBSD router for years and years. I have
> this year been trying to figure out how to use an IPv6 allocation from my
> provider (Verizon FiOS). They are using the PD feature of DHCPv6 to give
> a delegation, and not given an address (NA) when asked.
>
> There are, unfortunately, _many_ programs that can help me with this,
> and google yielded no clear best-path. I have not been able to get
> ISC dhclient to work for me so far, and I did get dhcpcd working, but
> only with command-line options rather than config file, and that
> application doesn’t have the smarts to configure things based on
> the PD, so I’d have to code all of that myself.


I'm upstream for dhcpcd.
All options related to PD are configurable in the dhcpcd.conf(5) configuration 
file. There are also some examples.


What are you struggling with specifically?


Roy

[Bug 280390] NPTv6 not working

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

--- Comment #7 from John Hay  ---
Are you still doing this on vultr like you said on the forum thread? What IPv6
address do you get from them? Just a single address or a subnet? Keep in mind
that nptv6 translates from subnet to another subnet of the same size, and do
not touch the port numbers. It is not like IPv4 NAT that can translate a whole
internal network to a single IPv4 address and adjusting port numbers to not
clash.

My ISP hands out a /56 and I then use a /64 of that to translate an internal
/64 to with nptv6.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 280390] NPTv6 not working

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

--- Comment #8 from cnba...@gmail.com ---
(In reply to John Hay from comment #7)

A subnet: 2a05:f480:1c00:::/64

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 280390] NPTv6 not working

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

--- Comment #9 from John Hay  ---
(In reply to cnbatch from comment #8)

Do they route that whole subnet to you in addition to the address you received
via SLAAC on vtnet0? Or is that the address you received via SLAAC on vtnet0?
If it is your vtnet0 address, you only have one address or at least the kernel
will think so.

What do you see if you do "tcpdump -i vtnet0 -n" while trying to ping an IPv6
address outside? Can you see the translated packet going out? Can you see
something coming back?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 280390] NPTv6 not working

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

--- Comment #10 from cnba...@gmail.com ---
(In reply to John Hay from comment #9)

Looks like they route the whole subnet.

If I put `ifconfig_vtnet0_alias0="inet6 2a05:f480:1c00:::ABCD prefixlen 64"
` in rc.conf, and turn off firewall, I can ping this address from other
computers (USA, UK, Austira)

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 280390] NPTv6 not working

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

--- Comment #11 from cnba...@gmail.com ---
(In reply to John Hay from comment #9)

Then I turn on the firewall again, and run `tcpdump -i vtnet0 -n` on server
when `ping6 freebsd.org` from wireguard client.

With the folowing configuration:

ipfw -q -f flush
cmd="ipfw -q add "
ipfw disable one_pass
ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9ee9:: ext_if vtnet0 prefixlen
64
$cmd allow ip6 from any to any via vtnet0
$cmd nptv6 NPT ip6 from any to any
ipfw -q nat 1 config if vtnet0 same_ports unreg_only reset
$cmd nat 1 ip4 from any to any via vtnet0
$cmd allow all from any to any
$cmd check-state

Packes captured:

19:57:36.964105 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:37.489100 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1170, seq 0, length 16
19:57:37.989427 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:38.497729 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1170, seq 1, length 16
19:57:39.013522 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:39.417340 IP6 2a05:f480:1c00:2c:8ef7::2.55923 >
2a03:f80::552b::1.57557: UDP, length 74
19:57:39.417352 IP6 2a05:f480:1c00:2c:8ef7::2.37967 >
2a03:f80::552b::1.59532: UDP, length 74
19:57:39.418139 IP6 2a05:f480:1c00:2c:8ef7::2.22101 >
2a03:f80::552b::1.58384: UDP, length 74
19:57:39.418147 IP6 2a05:f480:1c00:2c:8ef7::2.27653 >
2a03:f80::552b::1.59241: UDP, length 74
19:57:39.418276 IP6 2a05:f480:1c00:2c:8ef7::2.42824 >
2a03:f80::552b::1.59432: UDP, length 74
19:57:39.507683 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1170, seq 2, length 16
19:57:40.394101 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:40.574897 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1170, seq 3, length 16
19:57:41.445433 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:42.469438 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:43.929069 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:44.965499 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:45.989433 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:47.101635 IP6 2a05:f480:1c00:2c:8ef7::2.55923 >
2a03:f80::552b::1.57557: UDP, length 74
19:57:47.101644 IP6 2a05:f480:1c00:2c:8ef7::2.37967 >
2a03:f80::552b::1.59532: UDP, length 74
19:57:47.101646 IP6 2a05:f480:1c00:2c:8ef7::2.22101 >
2a03:f80::552b::1.58384: UDP, length 74
19:57:47.101649 IP6 2a05:f480:1c00:2c:8ef7::2.27653 >
2a03:f80::552b::1.59241: UDP, length 74
19:57:47.101821 IP6 2a05:f480:1c00:2c:8ef7::2.42824 >
2a03:f80::552b::1.59432: UDP, length 74
19:57:47.123314 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:48.175339 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:49.189405 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
19:57:51.609310 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 280390] NPTv6 not working

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

--- Comment #12 from cnba...@gmail.com ---
With the configuration:

#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add "
ipfw disable one_pass
ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9ee9:: ext_if vtnet0 prefixlen
64
$cmd allow icmp6 from any to any
$cmd allow icmp from any to any
$cmd nptv6 NPT ip6 from any to any
$cmd allow ip6 from any to any via vtnet0
ipfw -q nat 1 config if vtnet0 same_ports unreg_only reset
$cmd nat 1 ip4 from any to any via vtnet0
$cmd allow all from any to any
$cmd check-state


caputured:

20:01:54.529756 IP6 2a05:f480:1c00:2c:8ef7::2.46975 >
2a03:f80::552b::1.59281: UDP, length 74
20:01:54.529770 IP6 2a05:f480:1c00:2c:8ef7::2.33220 >
2a03:f80::552b::1.57885: UDP, length 74
20:01:54.529777 IP6 2a05:f480:1c00:2c:8ef7::2.60415 >
2a03:f80::552b::1.59283: UDP, length 74
20:01:54.530495 IP6 2a05:f480:1c00:2c:8ef7::2.62420 >
2a03:f80::552b::1.57961: UDP, length 74
20:01:54.530532 IP6 2a05:f480:1c00:2c:8ef7::2.21071 >
2a03:f80::552b::1.58223: UDP, length 74
20:01:54.829912 IP6 2a05:f480:1c00:2c:8ef7::2.46975 >
2a03:f80::552b::1.59281: UDP, length 74
20:01:54.829928 IP6 2a05:f480:1c00:2c:8ef7::2.33220 >
2a03:f80::552b::1.57885: UDP, length 74
20:01:54.829936 IP6 2a05:f480:1c00:2c:8ef7::2.60415 >
2a03:f80::552b::1.59283: UDP, length 74
20:01:54.830099 IP6 2a05:f480:1c00:2c:8ef7::2.21071 >
2a03:f80::552b::1.58223: UDP, length 74
20:01:54.830113 IP6 2a05:f480:1c00:2c:8ef7::2.62420 >
2a03:f80::552b::1.57961: UDP, length 74
20:01:54.851953 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:01:55.280496 IP6 2a05:f480:1c00:2c:8ef7::2.33220 >
2a03:f80::552b::1.57885: UDP, length 74
20:01:55.280506 IP6 2a05:f480:1c00:2c:8ef7::2.46975 >
2a03:f80::552b::1.59281: UDP, length 74
20:01:55.280936 IP6 2a05:f480:1c00:2c:8ef7::2.60415 >
2a03:f80::552b::1.59283: UDP, length 74
20:01:55.280941 IP6 2a05:f480:1c00:2c:8ef7::2.21071 >
2a03:f80::552b::1.58223: UDP, length 74
20:01:55.280942 IP6 2a05:f480:1c00:2c:8ef7::2.62420 >
2a03:f80::552b::1.57961: UDP, length 74
20:01:55.908572 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:01:55.954848 IP6 2a05:f480:1c00:2c:8ef7::2.46975 >
2a03:f80::552b::1.59281: UDP, length 74
20:01:55.955296 IP6 2a05:f480:1c00:2c:8ef7::2.33220 >
2a03:f80::552b::1.57885: UDP, length 74
20:01:55.955413 IP6 2a05:f480:1c00:2c:8ef7::2.60415 >
2a03:f80::552b::1.59283: UDP, length 74
20:01:55.955418 IP6 2a05:f480:1c00:2c:8ef7::2.62420 >
2a03:f80::552b::1.57961: UDP, length 74
20:01:55.955420 IP6 2a05:f480:1c00:2c:8ef7::2.21071 >
2a03:f80::552b::1.58223: UDP, length 74
20:01:56.932540 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:01:56.967080 IP6 2a05:f480:1c00:2c:8ef7::2.46975 >
2a03:f80::552b::1.59281: UDP, length 74
20:01:56.967092 IP6 2a05:f480:1c00:2c:8ef7::2.33220 >
2a03:f80::552b::1.57885: UDP, length 74
20:01:56.967479 IP6 2a05:f480:1c00:2c:8ef7::2.60415 >
2a03:f80::552b::1.59283: UDP, length 74
20:01:56.967486 IP6 2a05:f480:1c00:2c:8ef7::2.62420 >
2a03:f80::552b::1.57961: UDP, length 74
20:01:56.967489 IP6 2a05:f480:1c00:2c:8ef7::2.21071 >
2a03:f80::552b::1.58223: UDP, length 74
20:01:57.681664 IP6 fdc9:281f:4d7:9ee9::2 > 2610:1c1:1:606c::50:15: ICMP6, echo
request, id 1193, seq 0, length 16
20:01:58.485005 IP6 2a05:f480:1c00:2c:8ef7::2.46975 >
2a03:f80::552b::1.59281: UDP, length 74
20:01:58.485782 IP6 2a05:f480:1c00:2c:8ef7::2.33220 >
2a03:f80::552b::1.57885: UDP, length 74
20:01:58.485865 IP6 2a05:f480:1c00:2c:8ef7::2.60415 >
2a03:f80::552b::1.59283: UDP, length 74
20:01:58.485870 IP6 2a05:f480:1c00:2c:8ef7::2.21071 >
2a03:f80::552b::1.58223: UDP, length 74
20:01:58.485960 IP6 2a05:f480:1c00:2c:8ef7::2.62420 >
2a03:f80::552b::1.57961: UDP, length 74
20:01:58.509630 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:01:58.686017 IP6 fdc9:281f:4d7:9ee9::2 > 2610:1c1:1:606c::50:15: ICMP6, echo
request, id 1193, seq 1, length 16
20:01:59.364586 IP6 fe80::fc00:5ff:fe07:578d > fe80::5400:5ff:fe07:578d: ICMP6,
neighbor solicitation, who has fe80::5400:5ff:fe07:578d, length 32
20:01:59.364627 IP6 fe80::5400:5ff:fe07:578d > fe80::fc00:5ff:fe07:578d: ICMP6,
neighbor advertisement, tgt is fe80::5400:5ff:fe07:578d, length 24
20:01:59.556555 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:01:59.710208 IP6 fdc9:281f:4d7:9ee9::2 > 2610:1c1:1:606c::50:15: ICMP6, echo
request, id 1193, seq 2, length 16
20:02:00.580563 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:02:00.735

[Bug 280390] NPTv6 not working

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

--- Comment #13 from cnba...@gmail.com ---
With the configuration:

#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add "
ipfw disable one_pass
ipfw nptv6 NPT create int_prefix fdc9:281f:4d7:9ee9:: ext_if vtnet0 prefixlen
64
$cmd nptv6 NPT ip6 from any to any
$cmd allow icmp6 from any to any
$cmd allow icmp from any to any
$cmd allow ip6 from any to any via vtnet0
ipfw -q nat 1 config if vtnet0 same_ports unreg_only reset
$cmd nat 1 ip4 from any to any via vtnet0
$cmd allow all from any to any
$cmd check-state

captured:

20:10:52.345074 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:10:53.380628 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:10:54.265688 IP6 2a05:f480:1c00:2c:8ef7::2.63514 >
2a03:f80::552b::1.59823: UDP, length 74
20:10:54.265698 IP6 2a05:f480:1c00:2c:8ef7::2.43131 >
2a03:f80::552b::1.57042: UDP, length 74
20:10:54.266375 IP6 2a05:f480:1c00:2c:8ef7::2.12124 >
2a03:f80::552b::1.58151: UDP, length 74
20:10:54.266383 IP6 2a05:f480:1c00:2c:8ef7::2.25972 >
2a03:f80::552b::1.59274: UDP, length 74
20:10:54.266386 IP6 2a05:f480:1c00:2c:8ef7::2.33932 >
2a03:f80::552b::1.57280: UDP, length 74
20:10:54.404592 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:10:54.466137 IP6 2a05:f480:1c00:2c:8ef7::2.63514 >
2a03:f80::552b::1.59823: UDP, length 74
20:10:54.466151 IP6 2a05:f480:1c00:2c:8ef7::2.43131 >
2a03:f80::552b::1.57042: UDP, length 74
20:10:54.466769 IP6 2a05:f480:1c00:2c:8ef7::2.25972 >
2a03:f80::552b::1.59274: UDP, length 74
20:10:54.466846 IP6 2a05:f480:1c00:2c:8ef7::2.12124 >
2a03:f80::552b::1.58151: UDP, length 74
20:10:54.466907 IP6 2a05:f480:1c00:2c:8ef7::2.33932 >
2a03:f80::552b::1.57280: UDP, length 74
20:10:54.481396 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1205, seq 0, length 16
20:10:54.766084 IP6 2a05:f480:1c00:2c:8ef7::2.63514 >
2a03:f80::552b::1.59823: UDP, length 74
20:10:54.766095 IP6 2a05:f480:1c00:2c:8ef7::2.43131 >
2a03:f80::552b::1.57042: UDP, length 74
20:10:54.766765 IP6 2a05:f480:1c00:2c:8ef7::2.25972 >
2a03:f80::552b::1.59274: UDP, length 74
20:10:54.767361 IP6 2a05:f480:1c00:2c:8ef7::2.12124 >
2a03:f80::552b::1.58151: UDP, length 74
20:10:54.767371 IP6 2a05:f480:1c00:2c:8ef7::2.33932 >
2a03:f80::552b::1.57280: UDP, length 74
20:10:55.216168 IP6 2a05:f480:1c00:2c:8ef7::2.63514 >
2a03:f80::552b::1.59823: UDP, length 74
20:10:55.216178 IP6 2a05:f480:1c00:2c:8ef7::2.43131 >
2a03:f80::552b::1.57042: UDP, length 74
20:10:55.216832 IP6 2a05:f480:1c00:2c:8ef7::2.25972 >
2a03:f80::552b::1.59274: UDP, length 74
20:10:55.217422 IP6 2a05:f480:1c00:2c:8ef7::2.12124 >
2a03:f80::552b::1.58151: UDP, length 74
20:10:55.217431 IP6 2a05:f480:1c00:2c:8ef7::2.33932 >
2a03:f80::552b::1.57280: UDP, length 74
20:10:55.505021 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1205, seq 1, length 16
20:10:55.583522 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:10:55.892051 IP6 2a05:f480:1c00:2c:8ef7::2.63514 >
2a03:f80::552b::1.59823: UDP, length 74
20:10:55.892063 IP6 2a05:f480:1c00:2c:8ef7::2.43131 >
2a03:f80::552b::1.57042: UDP, length 74
20:10:55.892079 IP6 2a05:f480:1c00:2c:8ef7::2.12124 >
2a03:f80::552b::1.58151: UDP, length 74
20:10:55.892085 IP6 2a05:f480:1c00:2c:8ef7::2.25972 >
2a03:f80::552b::1.59274: UDP, length 74
20:10:55.892088 IP6 2a05:f480:1c00:2c:8ef7::2.33932 >
2a03:f80::552b::1.57280: UDP, length 74
20:10:56.514639 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1205, seq 2, length 16
20:10:56.644610 IP6 fe80::fc00:5ff:fe07:578d > ff02::1:ff00:2: ICMP6, neighbor
solicitation, who has 2a05:f480:1c00:2c:8ef7::2, length 32
20:10:56.902689 IP6 2a05:f480:1c00:2c:8ef7::2.63514 >
2a03:f80::552b::1.59823: UDP, length 74
20:10:56.902701 IP6 2a05:f480:1c00:2c:8ef7::2.43131 >
2a03:f80::552b::1.57042: UDP, length 74
20:10:56.903305 IP6 2a05:f480:1c00:2c:8ef7::2.25972 >
2a03:f80::552b::1.59274: UDP, length 74
20:10:56.903370 IP6 2a05:f480:1c00:2c:8ef7::2.12124 >
2a03:f80::552b::1.58151: UDP, length 74
20:10:56.903435 IP6 2a05:f480:1c00:2c:8ef7::2.33932 >
2a03:f80::552b::1.57280: UDP, length 74
20:10:56.964610 IP6 fe80::fc00:5ff:fe07:578d > fe80::5400:5ff:fe07:578d: ICMP6,
neighbor solicitation, who has fe80::5400:5ff:fe07:578d, length 32
20:10:56.964645 IP6 fe80::5400:5ff:fe07:578d > fe80::fc00:5ff:fe07:578d: ICMP6,
neighbor advertisement, tgt is fe80::5400:5ff:fe07:578d, length 24
20:10:57.525159 IP6 2a05:f480:1c00:2c:8ef7::2 > 2610:1c1:1:606c::50:15: ICMP6,
echo request, id 1205, seq 3, length 16
20:10:57.668609 IP6 f

Re: DHCPv6 IA_PD - how-to

2024-07-23 Thread Karl Denninger


On 7/23/2024 13:23, Roy Marples wrote:

Hi

 On Tue, 23 Jul 2024 18:11:18 +0100cross+free...@distal.com  wrote 



tl;dr; anyone have a good IPv6 network setup based on an IA_PD from
their provider? Any details or advice to share?

The current router is x86_64 FreeBSD 11.x, but I’m building the FreeBSD
14.1 system to replace it now. What to install on it for this is a pending
question.

Hello all. I have been running a FreeBSD router for years and years. I have
this year been trying to figure out how to use an IPv6 allocation from my
provider (Verizon FiOS). They are using the PD feature of DHCPv6 to give
a delegation, and not given an address (NA) when asked.

There are, unfortunately, _many_ programs that can help me with this,
and google yielded no clear best-path. I have not been able to get
ISC dhclient to work for me so far, and I did get dhcpcd working, but
only with command-line options rather than config file, and that
application doesn’t have the smarts to configure things based on
the PD, so I’d have to code all of that myself.


I'm upstream for dhcpcd.
All options related to PD are configurable in the dhcpcd.conf(5) configuration 
file. There are also some examples.


What are you struggling with specifically?


Roy


Hi Roy;

I'd like to replicate this that is currently being sent up via dhcp6c, 
which is not quite-clear to me from the docs on how to do that.


#
# This configuration will attempt to get /56 or a /60 from the
# ISP and assign a /64 internally.
# Note that if you have a /60 you can have four /64s defined; if you have a
# /56 then obviously you can have 16 internal networks.  For most "house"
# size networks four separate delineations is enough, for most "moderate"
# sized corporate environments 16 is enough.  BE AWARE THAT THE SLA-LEN MUST
# MATCH THE DIFFERENCE BETWEEN THE LOCAL PREFIX AND THE REMOTE ONE!  If
# you ask for a /56 then sla-len is 8, if you ask for a /60 then the sla-len
# is 4 (difference between the requested prefix length and 64, 
respectively.)

#

interface igb0 {
 send ia-pd 1;
 send ia-na 1;
 send rapid-commit;
 script "/usr/local/etc/dhcp6c.script";
};

id-assoc na 1 {

};

id-assoc pd 1 {
  prefix ::/56 1800;

  prefix-interface igb1 {
    sla-id 0;
    sla-len 8;
  };

};

igb1 is the "normal" internal network; igb0 is the external one.

The ISP hands out /56s (although at one time I could choose either a /56 
or /60); I have routines in the script file that then generate dynamic 
updates for DNS so the gateway has its pointers updated if/when the 
address changes (I run my own zones)


Its not entirely-clear how to replicate that in the config file for 
dhcpcd; I can figure out the script I'm sure, but the base config is not 
clear to me.


--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/


OpenPGP_signature.asc
Description: OpenPGP digital signature

[Bug 280386] if_bridge throws output errors under load

2024-07-23 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280386

--- Comment #2 from pascal.guitier...@gmail.com ---
(In reply to Zhenlei Huang from comment #1)

Thanks for your response.

Just ran the tests again.
There are no dropped packets detected even though the Oerr count is increasing,
see below for netstat -di output:

Name  Mtu Network AddressIpkts Ierrs Idrop 
Opkts Oerrs  Coll  Drop
igb0 1500 5c:ed:8c:e9:c2:48   91053412 0 0  
78158209 0 0 0 
igb1*1500 5c:ed:8c:e9:c2:49  0 0 0 
0 0 0 0 
igb2*1500 5c:ed:8c:e9:c2:4a  0 0 0 
0 0 0 0 
igb3*1500 5c:ed:8c:e9:c2:4b  0 0 0 
0 0 0 0 
lo0 16384 lo062786 0 0 
62786 0 0 0 
lo0 - localhost   localhost  0 - - 
0 - - - 
lo0 - fe80::%lo0/64   fe80::1%lo00 - - 
0 - - - 
lo0 - your-netlocalhost  62786 - - 
62786 - - - 
bridge0  1500 58:9c:fc:00:07:00  168029633 0 0 
168394069 269681 0 0 
bridge0 - 192.168.0.0/24  192.168.0.150 719881 - -   
1307016 - - - 
ue0  1500 72:84:d1:bf:ad:2f   8907 0 0  
8908 0 0 0 
ue0 - 16.1.15.0/3016.1.15.2   8208 - -  
8208 - - -


Here is the relevant ifconfig:

igb0: flags=1008943
metric 0 mtu 1500
   
options=4a520b9
ether 5c:ed:8c:e9:c2:48
media: Ethernet autoselect (1000baseT )
status: active
nd6 options=29

bridge0: flags=1008843 metric
0 mtu 1500
options=0
ether 58:9c:fc:00:07:00
inet 192.168.0.150 netmask 0xff00 broadcast 192.168.0.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: igb0 flags=143
ifmaxaddr 0 port 1 priority 128 path cost 55
groups: bridge vm-switch viid-4c918@
nd6 options=9

-- 
You are receiving this mail because:
You are the assignee for the bug.

Re: DHCPv6 IA_PD - how-to

2024-07-23 Thread Chris Ross

> On Jul 23, 2024, at 13:23, Roy Marples  wrote:
>  On Tue, 23 Jul 2024 18:11:18 +0100 cross+free...@distal.com wrote 
> 
> 
>> tl;dr; anyone have a good IPv6 network setup based on an IA_PD from
>> their provider? Any details or advice to share?
> 
> 
> I'm upstream for dhcpcd.
> All options related to PD are configurable in the dhcpcd.conf(5) 
> configuration file. There are also some examples.

My apologies, I think I may’ve misremembered which attempt produced which
result.  More careful investigation suggests it was actually dhclient I
was unable to configure in a config file.  So, I’m not sure I ever even
got the PD recognized by dhcpcd.  Perhaps I was not finding the right
examples.

> What are you struggling with specifically?

First, I’d like to request of my ISP the PD and understand the answer.
If dhcpcd can also set up internal networks within the PD, that would
be ideal.  Again, I found with earlier work that some clients are able
to do more with “using” the network than others.  I have half a dozen
ish internal networks that I assign /64’s to, and distribute via RA.

Perhaps an answer to Karl’s question might provide me with what I need
as well.  Otherwise, an example or three of receiving and utilizing an
IA_PD response is what I am looking for.

  - Chris

[Bug 280386] if_bridge throws output errors under load

DHCPv6 IA_PD - how-to

Re: DHCPv6 IA_PD - how-to

[Bug 280390] NPTv6 not working

[Bug 280390] NPTv6 not working

[Bug 280390] NPTv6 not working

[Bug 280390] NPTv6 not working

[Bug 280390] NPTv6 not working

[Bug 280390] NPTv6 not working

[Bug 280390] NPTv6 not working

Re: DHCPv6 IA_PD - how-to

[Bug 280386] if_bridge throws output errors under load

Re: DHCPv6 IA_PD - how-to

13 matches

Site Navigation

Mail list logo

Footer information