From owner-freebsd-net@freebsd.org Fri Apr 19 19:11:39 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 59E491575F9E for ; Fri, 19 Apr 2019 19:11:39 +0000 (UTC) (envelope-from marco@tols.org) Received: from tolstoy.tols.org (tolstoy-a1.tols.org [IPv6:2a02:898:57:3::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C488B8DA29 for ; Fri, 19 Apr 2019 19:11:37 +0000 (UTC) (envelope-from marco@tols.org) Received: from 82-217-131-200.cable.dynamic.v4.ziggo.nl ([82.217.131.200] helo=[192.168.178.122]) by tolstoy.tols.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91 (FreeBSD)) (envelope-from ) id 1hHYv7-0000l6-Kn; Fri, 19 Apr 2019 21:11:34 +0200 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Subject: Re: unicast vxlan - unable to tcp connect to ipv6 ip's on endpoint host From: Marco van Tol In-Reply-To: <0ae5cb32-684c-99ca-cca0-88cce2f8a2fb@yandex.ru> Date: Fri, 19 Apr 2019 21:11:27 +0200 Cc: Marco van Tol , freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <57CC19F7-5914-4FA0-A689-626229C774AA@tols.org> References: <0ae5cb32-684c-99ca-cca0-88cce2f8a2fb@yandex.ru> To: "Andrey V. Elsukov" X-Mailer: Apple Mail (2.3445.104.8) X-Tolsorg-Spam-Score: -1.0 (-) X-Rspamd-Queue-Id: C488B8DA29 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of marco@tols.org designates 2a02:898:57:3::1 as permitted sender) smtp.mailfrom=marco@tols.org X-Spamd-Result: default: False [-3.51 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+a:tolstoy-a1.tols.org]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[tols.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mickey.tols.org]; NEURAL_HAM_SHORT(-0.96)[-0.965,0]; IP_SCORE(-0.73)[asn: 8283(-3.68), country: NL(0.01)]; FREEMAIL_TO(0.00)[yandex.ru]; RECEIVED_SPAMHAUS_PBL(0.00)[200.131.217.82.zen.spamhaus.org : 127.0.0.11]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8283, ipnet:2a02:898::/32, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 19:11:39 -0000 Op 19 apr. 2019, om 14:53 heeft Andrey V. Elsukov = het volgende geschreven: >=20 > On 19.04.2019 13:46, Marco van Tol wrote: >> There is one exception to this: Host B can ping Host A on any of its >> IPv6 addresses, but it cannot make any tcp connection to any of the >> IPv6 addresses on Host A. Is this expected? >=20 > Hi, >=20 > this looks like the problem with checksum offloading. When such > offloading is enabled on the interface, such protocols like TCP and = UDP > defer checksum calculation to interface hardware. ICMPv6 does checksum > calculation in software, thus it usually does not affected by such > problem. Sometimes NIC hardware or driver have bugs and offloading = does > not work correctly. You can try to disable checksum offloading on your > interfaces and then try. Also you can use tcpdump to try determine = what > the problem you have with TCP. Ha! Thank you very much, this fixed it. In my case the physical interface used on Host A for = transmitting/receiving the vxlan packets was an if_bce interface. After I did the following on host A, Host B could make an IPv6 tcp = connection on for example port 443 of host A. ifconfig bce0 -rxcsum Many thanks! --=20 Marco van Tol