From owner-freebsd-net@freebsd.org Wed Jan 24 18:36:59 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D9454EBD2B3 for ; Wed, 24 Jan 2018 18:36:58 +0000 (UTC) (envelope-from alarig@swordarmor.fr) Received: from togepi.gozmail.bzh (togepi.gozmail.bzh [IPv6:2a00:5884:124::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 68C5E6EF8E for ; Wed, 24 Jan 2018 18:36:58 +0000 (UTC) (envelope-from alarig@swordarmor.fr) Received: from mew.swordarmor.fr (mew.swordarmor.fr [IPv6:2a00:5884:102:1::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: alarig@swordarmor.fr) by togepi.gozmail.bzh (Postfix) with ESMTPSA id 762491A00FA for ; Wed, 24 Jan 2018 19:36:54 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=swordarmor.fr; s=default; t=1516819014; bh=oAMXOxQQoaxN8TbU4T6WKMYOUqGp68k3UUkK81orseE=; h=Date:From:To:Subject:From; b=YqedQwFY9VRDoA+19qOfrhhVWysvmNP6t7+fw+SoadLULRtD7tvOMzRiAnP6vw5jI PjIz1hEf+qy0erqnNgStUg733OkwNYXRXPd+I/U+q5YnZTkl6W3U3Gjz1kS0NUjHZl 2UqNhb2o8+d7R+kU6qmsTVqCYZi/gv8WZyYNPrMk= Date: Wed, 24 Jan 2018 19:36:54 +0100 From: Alarig Le Lay To: freebsd-net@FreeBSD.org Subject: CARP link-local address not responding to neighbor solicitations comming from public address Message-ID: <20180124183653.yvnfra2lkktalozi@mew.swordarmor.fr> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="dorauk5ockqou43g" Content-Disposition: inline User-Agent: NeoMutt/20171208 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2018 18:36:59 -0000 --dorauk5ockqou43g Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, All the machines listed below are 11.1-RELEASE. I have a setup with a LAN of VMs routed by two routers configured with CARP. If I reboot a VM, the NDP for the default route is unknown: root@:~ # ndp -n fe80::204:92:100:1%em0 Neighbor Linklayer Address Netif Expire S = Flags fe80::204:92:100:1%em0 (fe80::204:92:100:1%em0) -- no entry So, a neighbor solicitation is send, but from the VM public IP: 19:13:50.766822 IP6 2a00:5884:8211::1 > ff02::1:ff00:1: ICMP6, neighbor so= licitation, who has fe80::204:92:100:1, length 32 And my router doesn=E2=80=99t answer to it. But, if I ping the default route from the VM, the neighbor solicitation is send from the VM link-local address: 19:14:51.441884 IP6 fe80::14f8:7aff:fedf:4453 > ff02::1:ff00:1: ICMP6, nei= ghbor solicitation, who has fe80::204:92:100:1, length 32 And then, my router answers it: 19:14:51.441920 IP6 fe80::215:17ff:fe39:f01b > fe80::14f8:7aff:fedf:4453: = ICMP6, neighbor advertisement, tgt is fe80::204:92:100:1, length 32 And the VM add it in cache: root@:~ # ping6 fe80::204:92:100:1%em0 PING6(56=3D40+8+8 bytes) fe80::14f8:7aff:fedf:4453%em0 --> fe80::204:92:10= 0:1%em0 16 bytes from fe80::204:92:100:1%em0, icmp_seq=3D0 hlim=3D64 time=3D1.040 = ms ^C --- fe80::204:92:100:1%em0 ping6 statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev =3D 1.040/1.040/1.040/0.000 ms root@:~ # ndp -n fe80::204:92:100:1%em0 Neighbor Linklayer Address Netif Expire S = Flags fe80::204:92:100:1%em0 00:00:5e:00:01:02 em0 28s R R The router is configured as follow: root@nominoe:~ # ifconfig em1.30 em1.30: flags=3D8943 metric= 0 mtu 1500 description: MacGrif options=3D103 ether 00:15:17:39:f0:1b inet 89.234.186.7 netmask 0xffffff80 broadcast 89.234.186.127 inet 80.67.190.194 netmask 0xffffffe0 broadcast 80.67.190.223 inet 89.234.186.1 netmask 0xffffffff broadcast 89.234.186.1 vhid 1 inet 80.67.190.193 netmask 0xffffffff broadcast 80.67.190.193 vhid 3 inet6 fe80::215:17ff:fe39:f01b%em1.30 prefixlen 64 scopeid 0xa inet6 2a00:5884::1 prefixlen 64 inet6 fe80::204:92:100:1%em1.30 prefixlen 128 scopeid 0xa vhid 2 nd6 options=3D21 media: Ethernet autoselect (1000baseT ) status: active vlan: 30 vlanpcp: 0 parent interface: em1 carp: MASTER vhid 1 advbase 1 advskew 0 carp: MASTER vhid 2 advbase 1 advskew 0 carp: MASTER vhid 3 advbase 1 advskew 0 groups: vlan And the VM as follow: root@:~ # ifconfig em0 em0: flags=3D8843 metric 0 mtu 1500 options=3D209b ether 16:f8:7a:df:44:53 hwaddr 16:f8:7a:df:44:53 inet 89.234.186.118 netmask 0xffffffe0 broadcast 89.234.186.127=20 inet6 fe80::14f8:7aff:fedf:4453%em0 prefixlen 64 scopeid 0x1=20 inet6 2a00:5884:8211::1 prefixlen 64=20 nd6 options=3D21 media: Ethernet autoselect (1000baseT ) status: active Both public and fe80 routes are in the kernel table: root@nominoe:~ # route -n -6 get 2a00:5884:8211::1 route to: 2a00:5884:8211::1 destination: 2a00:5884:8211:: mask: ffff:ffff:ffff:: gateway: fe80::14f8:7aff:fedf:4453%em1.30 fib: 0 interface: em1.30 flags: recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0 root@nominoe:~ # route -n -6 get fe80::14f8:7aff:fedf:4453%em1.30 route to: fe80::14f8:7aff:fedf:4453%em1.30 destination: fe80::%em1.30 mask: ffff:ffff:ffff:ffff:: fib: 0 interface: em1.30 flags: recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0 Does anyone have a clue about it? Thanks, --=20 alarig --dorauk5ockqou43g Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEE+2yGwT0H0n57WkRbrzhKwWsgK4gFAlpo0kIACgkQrzhKwWsg K4j7dQgAmK/xEell5Ia7UeSnOJ5lA+Js9q5TUj/5Tchrz//Dua24Gpk+rX8EaG3q 8XPimPB+MMmtmibkhdwLY3paZqe54R/T4LPswDUZtqGEXonN6ZEfxzkR4p6MgXiB VplMeQ9gEZ5erRZut9eKbX+JQ1H8gk74jnvZ3VzwtM4miVrCeOLTHU1qCkjBpYwd jzMsDjNLAzxYejh5O8LBlYcIGOsgbsRmeCq/UyjWL8s+JCtRGEiZHoozYCPZpEjT uymAI+q40UpyM38xJ4nYzJ9sqajyxZp40DgBfebmF/A/HB6XELHfQKadhQl29fo2 cLuT+LemtMYf4cVZ+quXwh5rgzOxqA== =/mTC -----END PGP SIGNATURE----- --dorauk5ockqou43g--