Date: Tue, 15 Jan 2013 15:05:11 -0500 From: Shawn Webb <lattera@gmail.com> To: Ben Morrow <ben@morrow.me.uk> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: IPv6 Tunnel Shared With Jails via epair Devices Message-ID: <CADt0fhwEia10jT3nrz=nbCO%2Bw5JZdUsTcrX83AMKRYWm4XxGrg@mail.gmail.com> In-Reply-To: <20130115195444.GA92522@anubis.morrow.me.uk> References: <CADt0fhxG-EqZq_cYq3YvkYGd=yY4o7FTxW6fmra0Zt06oyAO=A@mail.gmail.com> <20130115052937.GA44328@anubis.morrow.me.uk> <CADt0fhxCuy8xrahJAcGTSqXWFd4DHT7TwcXYtYYLV77BSFUsqw@mail.gmail.com> <20130115195444.GA92522@anubis.morrow.me.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 15, 2013 at 2:54 PM, Ben Morrow <ben@morrow.me.uk> wrote: > Quoth Shawn Webb <lattera@gmail.com>: > > On Tue, Jan 15, 2013 at 12:29 AM, Ben Morrow <ben@morrow.me.uk> wrote: > > > Quoth Shawn Webb <lattera@gmail.com>: > > > > > > > > # ifconfig bridge0 > > > > bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 > mtu > > > > 1500 > > > > ether 02:fe:21:34:d3:00 > > > > inet6 2001:470:8142:1::1 prefixlen 64 > > > > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > > > > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > > > > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > > > > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > > > > member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > > > > ifmaxaddr 0 port 19 priority 128 path cost 2000 > > > > member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > > > > ifmaxaddr 0 port 21 priority 128 path cost 2000 > > > > member: bge0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > > > > ifmaxaddr 0 port 5 priority 128 path cost 200000 > > > > > > Why have you added the physical interface to the bridge? AFAICT you > > > don't need to: a bridge will bridge epairs just fine, and as you > > > explained in that blog post you have to route rather than bridge into > > > the tunnel, since the tunnel isn't an Ethernet device. > > > > I did it so that I have an IPv4 address directly on the LAN for each of > my > > jails. > > Hmm, OK. > > > > > # jexec "Dev Template" ifconfig epair0b > > > > epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 > mtu > > > > 1500 > > > > options=8<VLAN_MTU> > > > > ether 02:80:03:00:14:0b > > > > inet6 2001:470:8142:1::5 prefixlen 64 tentative > > > > inet6 fe80::80:3ff:fe00:140b%epair0b prefixlen 64 tentative scopeid > 0x2 > > > > inet 10.7.1.92 netmask 0xfffffe00 broadcast 10.7.1.255 > > > > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > > > > > > I suspect the addresses are only marked tentative because the interface > > > has been marked IFDISABLED. This causes all current addresses to be > > > marked tentative, because the kernel isn't allowed to send or receive > > > IPv6 packets and so can't defend the addresses any more. > > > > > > Is it possible something in the jail's startup scripts is causing the > > > interface to be marked IFDISABLED after the inet6 address has been > > > assigned? Some of the functions in network.subr mark interfaces > > > IFDISABLED automatically if they don't think they have IPv6 addresses. > > > > I was thinking the same thing. One problem is that I can't remove the > > IFDISABLED flag. This is what happens when I try: > > > > # jexec "Dev Template" ifconfig epair0b -ifdisabled > > ifconfig: ioctl(SIOCGIFINFO_IN6): Invalid argument > > ifconfig epair0b inet6 -ifdisabled > > I don't know why you get that error when you miss out the 'inet6'; it's > not exactly very clear. > Ah. That works. I'll just have to add that to my scripts. Since the device won't come out of tentative mode without manually removing the ifdisabled flag, should I go ahead and file a PR? It'd be nice if I could at the very least set a timeout for DAD. > > Ben > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADt0fhwEia10jT3nrz=nbCO%2Bw5JZdUsTcrX83AMKRYWm4XxGrg>