From owner-freebsd-net@FreeBSD.ORG Thu Dec 22 18:01:34 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8A1C1065675 for ; Thu, 22 Dec 2011 18:01:34 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 6C7F88FC12 for ; Thu, 22 Dec 2011 18:01:34 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RdmxR-0000a7-5n for freebsd-net@freebsd.org; Thu, 22 Dec 2011 19:01:33 +0100 Received: from l.saper.info ([91.121.203.103]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 22 Dec 2011 19:01:33 +0100 Received: from saper by l.saper.info with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 22 Dec 2011 19:01:33 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Marcin Cieslak Date: Thu, 22 Dec 2011 18:01:20 +0000 (UTC) Organization: http://saper.info Lines: 77 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: l.saper.info User-Agent: slrn/0.9.9p1 (FreeBSD) Subject: Re: IPv6 not responding on some aliases (recent 8-stable) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2011 18:01:35 -0000 >> Bjoern A. Zeeb wrote: > to cut the long story short and before we try to debug this in detail; > if you try to reach all these addresses on the local machine, does that work, eg. if you ping6 2001:abcd:f:abcd::100[0-5] from that host itself? Yes, $ ping6 2001:abcd:f:abcd::1003 PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1003 --> 2001:abcd:f:abcd::1003 16 bytes from 2001:abcd:f:abcd::1003, icmp_seq=0 hlim=64 time=0.392 ms ^C --- 2001:abcd:f:abcd::1003 ping6 statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.392/0.392/0.392/0.000 ms also: $ ping6 -S 2001:abcd:f:abcd::1001 2001:abcd:f:abcd::1005 PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1001 --> 2001:abcd:f:abcd::1005 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=0 hlim=64 time=0.387 ms 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=1 hlim=64 time=0.201 ms 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=2 hlim=64 time=0.188 ms 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3 hlim=64 time=0.196 ms 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=4 hlim=64 time=0.198 ms 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=5 hlim=64 time=0.254 ms ^C --- 2001:abcd:f:abcd::1005 ping6 statistics --- 6 packets transmitted, 6 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.188/0.237/0.387/0.070 ms When I "tcpdump -n -i sis0 ip6" when doing ping6 -S 2001:abcd:f:abcd::1000 www.freebsd.org I see a whole bunch of 17:49:05.528465 IP6 2001:abcd:f:abcd::1000 > 2001:4f8:fff6::22: ICMP6, echo request, seq 42, length 16 When pinging from outside via IPv6 nothing appears except ND traffic: 17:50:19.658275 IP6 fe80::21c:c0ff:fede:adbf > fe80::5:73ff:fea0:0: ICMP6, neighbor solicitation, who has fe80::5:73ff:fea0:0, length 32 17:50:19.662226 IP6 fe80::5:73ff:fea0:0 > fe80::21c:c0ff:fede:adbf: ICMP6, neighbor advertisement, tgt is fe80::5:73ff:fea0:0, length 24 17:50:24.674531 IP6 fe80::21e:79ff:fe1e:d400 > fe80::21c:c0ff:fede:adbf: ICMP6, neighbor solicitation, who has fe80::21c:c0ff:fe26:8103, length 32 17:50:24.674649 IP6 fe80::21c:c0ff:fede:adbf > fe80::21e:79ff:fe1e:d400: ICMP6, neighbor advertisement, tgt is fe80::21c:c0ff:fe26:8103, length 24 17:50:26.668789 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: UDP, length 72 17:50:29.660582 IP6 2001:abcd:f:abcd::1000.64756 > 2a01:xxxx:yyyy::1.53: 8351 [1au][|domain] 17:50:29.674096 IP6 fe80::21c:c0ff:fede:adbf > fe80::21e:79ff:fe1e:d400: ICMP6, neighbor solicitation, who has fe80::21e:79ff:fe1e:d400, length 32 17:50:29.682082 IP6 fe80::21e:79ff:fe1e:d400 > fe80::21c:c0ff:fede:adbf: ICMP6, neighbor advertisement, tgt is fe80::21e:79ff:fe1e:d400, length 24 17:50:34.637895 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: UDP, length 6 fe80::21c:c0ff:fede:abbf is the problematic host When doing ping6 -S 2001:abcd:f:abcd::1000 2a01:xxx:yyy::1 PING6(56=40+8+8 bytes) 2001:abcd:f:abcd::1000 --> 2a01:xxx:yyy::1 ^C --- 2a01:xxx:yyy::1 ping6 statistics --- 29 packets transmitted, 0 packets received, 100.0% packet loss The 2a01:xxx:yyy::1 host reports ICMPv6 via bpf: 18:56:47.012614 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, echo request, seq 23, length 16 18:56:47.014426 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, echo reply, seq 23, length 16 18:56:48.012368 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, echo request, seq 24, length 16 18:56:48.013422 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, echo reply, seq 24, length 16 So it seems the packets are sent, the host just can't receive. I initially thought it's a transport layer issue, since previously (before I changed configuration) 30%-50% SSH connection attempts succeeded (but prefix was wrong on the "primary" IPv6 address :1000). Now I get no packets on receiving side at all for those "broken" IPv6 addresses. //Marcin