On 03/05/2018 05:18 AM, Udo Schacht-Wiegand wrote: > Hello Tom, > > thanks for the quick reply: > > Be sure that your Kernel is fully patched. This sounds like a problem > that I, along with a number of others, have experienced; it was > corrected in a subsequent kernel update. The problem is that the kernel > ignores NDP who-has requests, which will kills the link. The constant > pinging keeps the upstream router from issuing those requests. I > employed that same workaround until the problem was finally resolved. > > > The Kernel is 4.4.0-112-generic.
Which distribution. > I was wondering, why the problem does > not occour, when I don't use Shorewall6's providers file. That's why I > believe, that it is not only the kernels fault. When I experienced the problem, it was on Debian 8 with a 3.16.36 kernel, but I don't recall when it was corrected. I saw it when using multiple providers, but I don't recall if I tried without that part of the configuration. > So here is the other > solution I just found: Replace the upstream routers gateway address with > the link local one of the router: > > This is how I did it > - Find out the link local address of upstream router on eth0, > where 2001:abcd:1234::1: is the providers gateway: > > # ip -6 neigh sjow dev eth0 > fe80::1ae7:28ff:fe65:fcf2 lladdr 18:e7:28:65:fc:f2 router STALE > 2001:abcd:1234::1 lladdr 18:e7:28:65:fc:f2 router STALE > > - Then in the providers file replace the gateway address with the link > local: > > #NAME NUMBER MARK DUPLICATEINTERFACE GATEWAY > OPTIONS COPY > #mkn 1 - - eth0 > 2001:abcd:1234::1track,primary - > mkn 1 - - eth0 > fe80::1ae7:28ff:fe65:fcf2 track,primary - > htp 2 - - eth1 > fe80::464e:6dff:fe15:789atrack,fallback - > > Now it works almost perfect, packet loss is almost 0 over > 1000 pings. > It's no longer needed to continuosly ping the gateway. > My own configuration (http://www.shorewall.org/SharedConfig.html) used the link level IP address as the gateway out of eth0. I switched it to use the global address, and I'm still not seeing any packet loss out of that interface. Without knowing what is happening at the link level on your system, I really can't guess what the issue cause might be. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
