From owner-freebsd-net@FreeBSD.ORG  Wed Mar 13 11:36:27 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 0EAD6A84
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 11:36:27 +0000 (UTC)
 (envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from mail.ijs.si (amavis-proxy-ori.ijs.si [193.2.4.66])
 by mx1.freebsd.org (Postfix) with ESMTP id BBC0EA0D
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 11:36:26 +0000 (UTC)
Received: from amavis-proxy-ori.ijs.si (localhost [IPv6:::1])
 by mail.ijs.si (Postfix) with ESMTP id 3ZQrQJ5pk3zGMmP
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 12:28:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h=
 message-id:content-transfer-encoding:content-type:content-type
 :mime-version:organization:in-reply-to:references:user-agent
 :date:date:subject:subject:from:from:received:received:received
 :vbr-info; s=jakla2; t=1363174078; x=1365766079; bh=9ywMUXCeIfiD
 EPvoH4Yr13DHfmj3C9qSurByNB1Qktk=; b=MLmXoNRecAKZHz/XS36/lg1uDBTZ
 LD6uqjAs3eZtZ2PpKkv6HBKDnhns0RZmb9F+dkctVAyDDZps4JLT70U/YfJmonPj
 P7XnAvNW+73Fth98djc+Cqy6Orq/76LqeG0NFxe3LaeCiGo3vLLphiYoxTZ7/8Uz
 ERR5qPX8K8JRA38=
VBR-Info: md=ijs.si; mc=all; mv=dwl.spamhaus.org;
X-Virus-Scanned: amavisd-new at ijs.si
Received: from mail.ijs.si ([IPv6:::1])
 by amavis-proxy-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10012)
 with ESMTP id 3dX3fuRu5u8i for <freebsd-net@freebsd.org>;
 Wed, 13 Mar 2013 12:27:58 +0100 (CET)
Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1])
 by mail.ijs.si (Postfix) with ESMTP
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 12:27:58 +0100 (CET)
Received: from sleepy.ijs.si (sleepy.ijs.si [IPv6:2001:1470:ff80:e001::1:1])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mildred.ijs.si (Postfix) with ESMTPSA id 40D96C25
 for <freebsd-net@freebsd.org>; Wed, 13 Mar 2013 12:27:58 +0100 (CET)
From: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
To: freebsd-net@freebsd.org
Subject: Re: ipv6 default router Operation not permitted
Date: Wed, 13 Mar 2013 12:27:57 +0100
User-Agent: KMail/1.13.7 (FreeBSD/9.1-STABLE; KDE/4.9.5; amd64; ; )
References: <20130312225018.GA13589@defiant.konundrum.org>
 <3ABB5AED-DEA9-42F6-82A1-FEA9E8BBBDCF@my.gd>
 <20130313091727.GA17859@defiant.konundrum.org>
In-Reply-To: <20130313091727.GA17859@defiant.konundrum.org>
Organization: J. Stefan Institute
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201303131227.57751.Mark.Martinec+freebsd@ijs.si>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 11:36:27 -0000

On Wednesday March 13 2013 10:17:27 Schrodinger wrote:
> ifconfig_re0_ipv6="inet6 2001:41D0:2:E7c4::1 prefixlen 64"
> [...]
> Voodoo, indeed... I'm sure there's a /48 used somewhere but to be more
> specific, or rather obvious, my default gateway resides at the boundary
> of a /56 - 2001:41D0:2:E700::/56

Having multiple IPv6 subnets on the same wire is asking for trouble.

For example, I believe an ICMP redirect still (in 9.1) does not create
a temporary route:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=152791
which beat us hard time (random unreachability between hosts),
having to rearrange that legacy segment which happened to have
two subnets on the same wire.

The static routes destinations must be directly reachable (on-link).

Either use a single /56 for the whole LAN, adjusting the prefix
length on each interface, or provide a router within each subnet.

Doing otherwise (like using static ndp/arp entries) is just a hack.

  Mark