From owner-freebsd-stable@FreeBSD.ORG  Tue Jan 15 01:42:41 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 63985B2F
 for <freebsd-stable@freebsd.org>; Tue, 15 Jan 2013 01:42:41 +0000 (UTC)
 (envelope-from lattera@gmail.com)
Received: from mail-vb0-f68.google.com (mail-vb0-f68.google.com
 [209.85.212.68]) by mx1.freebsd.org (Postfix) with ESMTP id 2AE5CA88
 for <freebsd-stable@freebsd.org>; Tue, 15 Jan 2013 01:42:40 +0000 (UTC)
Received: by mail-vb0-f68.google.com with SMTP id s24so1118536vbi.3
 for <freebsd-stable@freebsd.org>; Mon, 14 Jan 2013 17:42:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=59k97XRStN/XlnCHXHnJQAkq8GPwmtn5nOwvkXKjLWM=;
 b=TLJb2X2bqw9/1VTp0TeAjW6FzPu7hX2hUfXCTp3EhUhENvdkjHDXJ58axn6P4najyN
 wXkeS3gKDKmr2hFcCYBkZFi3LgNVOjucpiH3FZ2a7kEKe6ULarEgPvWfgDBfb5OzRJM9
 +m0Mrps/prp7kHNQfVzoQq3KK0yB/IA0mJSiI78dJ/CBvQOrdDdVUf8N1pCKXxxwCaYa
 242M+UWihVs5XfLjApbCLkuQhiBqdEb1LbnOf7P66+rquf6pq9KWSLoOG8UO2QxPFGIy
 pS9wv8fdZeEZ0JwTVkITT0Q9wQP1WF/TGXDGqR7RoMjNOZLZHHYGVvYb1PtDu7WpTRQ+
 PYag==
MIME-Version: 1.0
Received: by 10.52.178.225 with SMTP id db1mr92399528vdc.10.1358214160233;
 Mon, 14 Jan 2013 17:42:40 -0800 (PST)
Received: by 10.58.152.42 with HTTP; Mon, 14 Jan 2013 17:42:40 -0800 (PST)
Date: Mon, 14 Jan 2013 20:42:40 -0500
Message-ID: <CADt0fhxG-EqZq_cYq3YvkYGd=yY4o7FTxW6fmra0Zt06oyAO=A@mail.gmail.com>
Subject: IPv6 Tunnel Shared With Jails via epair Devices
From: Shawn Webb <lattera@gmail.com>
To: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2013 01:42:41 -0000

Hey All,

I've been working on sharing a 6in4 IPv6 tunnel (via a gif device) I have
with Hurricane Electric (tunnelbroker.net) to my jails via epair devices.
My setup is a bit unique in that the IPv6 tunnel is behind an OpenVPN
connection. I've had varying degrees of success. I might have a bug to
report, but I thought I'd post here to get input from people who know
better than I do about these kinds of things.

I have a bridge device (we'll call it bridge0) with a /64 IPv6 address
(2001:470:8142:1::1). Each jail's epair[n]b device will get an IPv6 address
in that same prefix. For example, one of my jails is 2001:470:8142:1::3.
The default IPv6 gateway is the IPv6 address of bridge0.

Giving one jail an IP address works fine. For each jail after that, the
IPv6 address stays in tentative mode. FreeBSD gets stuck trying to use DAD
to figure out if there's an address conflict. It never leaves tentative
mode. This is the bug I'm working out.

Here's bridge0's config:

# ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
ether 02:fe:21:34:d3:00
inet6 2001:470:8142:1::1 prefixlen 64
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
       ifmaxaddr 0 port 19 priority 128 path cost 2000
member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
       ifmaxaddr 0 port 21 priority 128 path cost 2000
member: bge0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
       ifmaxaddr 0 port 5 priority 128 path cost 200000

Here's the relevant epair device for the jail whose IPv6 stack is working:

# jexec "ClamAV_Dev" ifconfig epair1b
epair1b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=8<VLAN_MTU>
ether 02:fb:c0:00:16:0b
inet6 2001:470:8142:1::3 prefixlen 64
inet6 fe80::fb:c0ff:fe00:160b%epair1b prefixlen 64 scopeid 0x2
inet 10.7.1.172 netmask 0xfffffe00 broadcast 10.7.1.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active

Here's the relevant epair device for the jail whose IPv6 stack isn't
working:

# jexec "Dev Template" ifconfig epair0b
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=8<VLAN_MTU>
ether 02:80:03:00:14:0b
inet6 2001:470:8142:1::5 prefixlen 64 tentative
inet6 fe80::80:3ff:fe00:140b%epair0b prefixlen 64 tentative scopeid 0x2
inet 10.7.1.92 netmask 0xfffffe00 broadcast 10.7.1.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active

I brought up the "Dev Template" jail after bringing up the ClamAV_Dev jail.
If there's any other output you'd like to see, let me know. If you're
confused about my setup, visit my blog post about the subject here:
http://0xfeedface.org/blog/lattera/2013-01-12/tunneled-ipv6-freebsd-jails

I'm curious to know if I've got a legit bug or if it's something I'm doing
wrong. The one thing I haven't tried is setting up rtadvd on the bridge.
That'd be kindof interesting, since my physical NIC is a member on the
bridge. I'd rather not dish out IPv6 addresses for all devices on the
network (a network with lots of devices I don't own or control).

Thanks,

Shawn