Date: Tue, 16 May 2017 23:24:17 +0200 From: William Gathoye <william@gathoye.be> To: freebsd-net@freebsd.org Subject: Public IPv6s fail on KVM bridge with "No buffer space available" Message-ID: <fbfe1ff2-bd66-9a98-d56b-6d75265936bd@gathoye.be>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--jOrTa7knUgVnwGSSPUALPWr8g9IXFmktt
Content-Type: multipart/mixed; boundary="J65aFDgSBDOakth6cTK6Gsufn4EHmFSVe";
protected-headers="v1"
From: William Gathoye <william@gathoye.be>
To: freebsd-net@freebsd.org
Message-ID: <fbfe1ff2-bd66-9a98-d56b-6d75265936bd@gathoye.be>
Subject: Public IPv6s fail on KVM bridge with "No buffer space available"
--J65aFDgSBDOakth6cTK6Gsufn4EHmFSVe
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Hello everyone,
I've already asked this question on the #networking and #freebsd IRC
channels on Freenode but nobody was able to answer my question and
forwarded me over here as it seems this issue is kicky to solve.
I have a Proxmox hypervisor where are hosted LXC containers and KVM
machines going from Debian 9, Arch Linux and Windows. All of them are
bridged to the hypervisor and the IPv6 stack is working flawlessly with
public IP addresses given by my ISP and routed directly to the VMs.
One of the VM I have is an OPNsense firewall appliance (based on FreeBSD
11.0-RELEASE-p8).
Contrary to the other LXC/KVM, the latter cannot ping any IPv6 machines
outside those accessible directly from the bridge. As soon I try to ping
either the gateway of my hypervisor (still in IPv6), or any other far
away IPv6 hosts (e.g. google.com), I got the following error message:
[...]
ping6: sendmsg: No buffer space available
[...]
- At first, I thought the issue was due to issues with VirtIO drivers
(bundled with FreeBSD). So I switched to emulated Intel E1000 NIC, but
the problem persists. (I'm back with VirtIO now).
- A netstat -m reports the buffers as empty, so the problem doesn't come
from here either.
- Putting the interface down and up again or rebooting doesn't fix the
issue.
- I tested with a fresh FreeBSD and OpenBSD install (to avoid the
OPNsense overlay), but the problem persists as well.
Pinging the VM either from the bridge or from a machine completely
outside of the infrastructure doesn't respond, nor connect (i.e. I had
started sshd on 2222, but weren't able to connect).
The FreeBSD host is configured like this:
ifconfig vtnet0 <ipv4>/32
route add <gw ipv4> -iface vtnet0
route add default <gw ipv4>
ifconfig vtnet0 inet6 <ipv6> prefixlen 64
route add -inet6 <gw ipv6> -iface vtnet0
route add -inet6 default <gw ipv6>
Please note all my GWs are outside of my IP subnets.
After applying these lines, the routes reported by netstat -rn are
sensible to me. Nothing wrong.
I precise the pf firewall is completely disabled (pfctl -d). I want to
make sure this is working flawlessly before enabling yet another level
of failures. :)
Is there a bug somewhere in the BSD IPv6 stack as Linux is not
complaining at all? This sounds weird as I think I'm not the only one in
this situation and not the only one having GW outside their IP ranges.
Thanks in advance for your time / help.
Regards.
--
William Gathoye
<william@gathoye.be>
--J65aFDgSBDOakth6cTK6Gsufn4EHmFSVe--
--jOrTa7knUgVnwGSSPUALPWr8g9IXFmktt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE8ucX65+2FhkmJe7RDn3lLATXFoMFAlkbbgcACgkQDn3lLATX
FoN7AhAAlLrzmVAtLCtCTufzzdF+RJXF5t5l+j9SZhiUbXhzCxq7vcGEmrWQ3oHb
6AGY72VHsuTHd2YWne9bMkANqtmWnbwe0tfqdWWQNqDZWadUpI3d/jPg4csQ6PzN
IRFZ1rR5v95my1epSWgux+5GTizaoGtOMI8ET0rORDtPrX1v7rG404tT+i18LmON
dSr8ygCj1g2uDmLTC2cd1G0W3BHubk+JIqNBREonzZJ/xTnSXFNzU3knX/Am8irN
iES90TDfBcUvLoCKzrsIL4BFtY8TmyNPG6FWra5W7TIQ8HH7iddYtbTov67IPWOn
CVSl/uyxhvqeEh/Db3sTX2rFnQhUX5dPIfUjfOqAiPaQS14QXm/wSfMC99/VbUkS
zFfeoEjXXuS9/8s3jND7hQZ26xXPC3FlsZgCXhP1Hfhz/1oqX1DznsdlS2dDRE5j
faG5ZCGcYJM6JrihtOl2Wlpz0qb6vjqY+b1gcns+iXL8hyfKFG1a39QH84enzK6P
A0zaFyuNRZ9AXreGevXy5UXRoOd9H4ww5FioQgJOpgi0Mfj2/NK4DAtAHhkXQRZx
lD3clrYlVimQfuqHhyQXArUISvJepw3w0woCJnEMSuu6i9rg9gCLlVxINWkfLK7F
IDCMCxZYWd8Ix2aPx7fu1FtbVoRFvx8BGAk+ma/jdBZ4aSgnWBo=
=VAFQ
-----END PGP SIGNATURE-----
--jOrTa7knUgVnwGSSPUALPWr8g9IXFmktt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fbfe1ff2-bd66-9a98-d56b-6d75265936bd>