From owner-freebsd-stable@freebsd.org  Tue Sep  5 18:17:37 2017
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8CA79E1699A
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Tue,  5 Sep 2017 18:17:37 +0000 (UTC)
 (envelope-from gcr+freebsd-stable@tharned.org)
Received: from roadkill.tharned.org
 (gcrivers-1-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:107f::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0223D2C4E
 for <freebsd-stable@freebsd.org>; Tue,  5 Sep 2017 18:17:36 +0000 (UTC)
 (envelope-from gcr+freebsd-stable@tharned.org)
Received: from flake.tharned.org
 ([IPv6:2001:470:1f11:107f:fcb7:e619:e59d:bac1])
 (authenticated bits=0)
 by roadkill.tharned.org (8.15.2/8.15.2) with ESMTPSA id v85IHTcC095418
 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO);
 Tue, 5 Sep 2017 13:17:35 -0500 (CDT)
 (envelope-from gcr+freebsd-stable@tharned.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tharned.org; s=2017;
 t=1504635455; bh=1MHVTyBFoD2GXLSzdP/cDqpx7DudLNjXg9RFcqMuV8U=;
 l=2066; h=From:To:Subject:Date:In-Reply-To:References;
 b=xp6ycFpxyRKog79C2xa3fUhaPI4ag7z42Hzif6bA7kuFtOWRjeMV69iZKnHc01h+c
 IIdC9hBlfssMoNR+CvUpn3+0Z0RTodC7H1apLqUrgIQXZcZv0U5Mx5N0qXnqw5PMQ4
 OLMNC9+1PbfatcvXQXM7LxhZn2wkxZmL06jFF9f2S4DFITxlESDXZLSegNInkwKMCN
 XB4VOgxt4MLgH/tC374IxT+u/jwEqontf+rrgAvTVvlwgW/Q8dBAVQjLLHz+VSTM59
 g9xv06IgN/8xn5vaehos8GINePlTw48bdZJyrDdC5tlY+fyW0maSYTdOFPZh7tKZdr
 EReGiT+yCrbng==
X-Authentication-Warning: roadkill.tharned.org: Host
 [IPv6:2001:470:1f11:107f:fcb7:e619:e59d:bac1] claimed to be flake.tharned.org
From: Greg Rivers <gcr+freebsd-stable@tharned.org>
To: "Andrey V. Elsukov" <bu7cher@yandex.ru>, freebsd-stable@freebsd.org
Subject: Re: SLAAC not working [solved]
Date: Tue, 05 Sep 2017 13:17:29 -0500
Message-ID: <4592443.rsZxAkcZRt@flake.tharned.org>
User-Agent: KMail/4.14.10 (FreeBSD/11.1-RELEASE-p1; KDE/4.14.30; amd64; ; )
In-Reply-To: <49c7a517-3f20-3629-9aaa-eb96bd506753@yandex.ru>
References: <1646645.UkMcyRZBVl@flake.tharned.org>
 <17a5889c-3a62-9028-c2d2-96c2b55695e3@yandex.ru>
 <49c7a517-3f20-3629-9aaa-eb96bd506753@yandex.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2
 (roadkill.tharned.org [IPv6:2001:470:1f10:107f:0:0:0:2]);
 Tue, 05 Sep 2017 13:17:35 -0500 (CDT)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2017 18:17:37 -0000

On Tuesday, September 05, 2017 20:44:49 Andrey V. Elsukov wrote:
> On 05.09.2017 20:09, Andrey V. Elsukov wrote:
> >>>> $ ping6 fe80:XXXX:XXXX:4013:23::2%lagg0
> >>>> ping6: UDP connect: Network is unreachable
> >>>
> >>> Hmm. Can you show the second word of address in this example?
> >>> Is it not zero? I.e. fe80:XXXX: is correct or you missed '::' part?
> >>>
> >> Correct, neither of the XXXX parts are zero; the :: part is at the end of the address: ...::2%lagg0. Sorry for the obfuscation, but policy at $WORK about company information on public lists is very strict.
> > 
> > I think the problem is not with oce(4) driver.
> > Unfortunately, your router uses IPv6 LLA that is not compatible with
> > KAME based IPv6 stack that is used by all BSDs.
> 
> To be sure, you can check the output of
> # netstat -sp ip6 | grep 'scope rules'
> This counter will be incremented for each RA from this server.
>
Indeed:

# netstat -sp ip6 | grep 'scope rules'
        63 packets that violated scope rules
# rtsol -dD oce0
checking if oce0 is ready...
oce0 is ready
set timer for oce0 to 1s
New timer is 1s
timer expiration on oce0, state = 1
send RS on oce0, whose state is 2
set timer for oce0 to 4s
New timer is 4s
timer expiration on oce0, state = 2
send RS on oce0, whose state is 2
set timer for oce0 to 4s
New timer is 4s
timer expiration on oce0, state = 2
send RS on oce0, whose state is 2
set timer for oce0 to 1s
New timer is 1s
timer expiration on oce0, state = 2
No answer after sending 3 RSs
stop timer for oce0
there is no timer
# netstat -sp ip6 | grep 'scope rules'
        73 packets that violated scope rules

Looks like we've nailed it.

The network engineering guys say that setting the LLA on the routers as they do is a Cisco convention. The value chosen reflects the /64 prefix being published in the RAs. I guess that makes it easy at a glance to see which prefix is in use on a given network. I'll see if I can get them to change it and report back.

Thanks for your help!

-- 
Greg Rivers