From owner-freebsd-net@FreeBSD.ORG  Thu Dec 22 19:37:09 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 70FA1106566B
	for <freebsd-net@freebsd.org>; Thu, 22 Dec 2011 19:37:09 +0000 (UTC)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25])
	by mx1.freebsd.org (Postfix) with ESMTP id EFB338FC0A
	for <freebsd-net@freebsd.org>; Thu, 22 Dec 2011 19:37:08 +0000 (UTC)
Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.sbone.de (Postfix) with ESMTPS id D09B525D389E;
	Thu, 22 Dec 2011 19:37:07 +0000 (UTC)
Received: from content-filter.sbone.de (content-filter.sbone.de
	[IPv6:fde9:577b:c1a9:31::2013:2742])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPS id 2D026BD7901;
	Thu, 22 Dec 2011 19:37:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sbone.de
Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587])
	by content-filter.sbone.de (content-filter.sbone.de
	[fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024)
	with ESMTP id 4M1KP4Df8HMu; Thu, 22 Dec 2011 19:37:04 +0000 (UTC)
Received: from orange-en1.sbone.de (orange-en1.sbone.de
	[IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPSA id D4AA3BD7900;
	Thu, 22 Dec 2011 19:37:04 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
In-Reply-To: <slrnjf6s3g.i0d.saper@saper.info>
Date: Thu, 22 Dec 2011 19:37:03 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <C72FCBE6-AC3B-486B-B487-DA1FDA1F4474@lists.zabbadoz.net>
References: <slrnjf53o4.2d1.saper@saper.info>
	<F2005BBF-1808-4E63-B5F3-71361A95008A@lists.zabbadoz.net>
	<slrnjf6s3g.i0d.saper@saper.info>
To: Marcin Cieslak <saper@saper.info>
X-Mailer: Apple Mail (2.1084)
Cc: freebsd-net@freebsd.org
Subject: Re: IPv6 not responding on some aliases (recent 8-stable)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2011 19:37:09 -0000


On 22. Dec 2011, at 18:01 , Marcin Cieslak wrote:

>>> Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote:
>=20
>> to cut the long story short and before we try to debug this in =
detail;
>> if you try to reach all these addresses on the local machine, does =
that work, eg. if you ping6 2001:abcd:f:abcd::100[0-5] from that host =
itself?
>=20
> Yes,=20
>=20
> $ ping6 2001:abcd:f:abcd::1003
> PING6(56=3D40+8+8 bytes) 2001:abcd:f:abcd::1003 --> =
2001:abcd:f:abcd::1003
> 16 bytes from 2001:abcd:f:abcd::1003, icmp_seq=3D0 hlim=3D64 =
time=3D0.392 ms
> ^C
> --- 2001:abcd:f:abcd::1003 ping6 statistics ---
> 1 packets transmitted, 1 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev =3D 0.392/0.392/0.392/0.000 ms
>=20
> also:
>=20
> $ ping6 -S 2001:abcd:f:abcd::1001 2001:abcd:f:abcd::1005
> PING6(56=3D40+8+8 bytes) 2001:abcd:f:abcd::1001 --> =
2001:abcd:f:abcd::1005
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D0 hlim=3D64 =
time=3D0.387 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D1 hlim=3D64 =
time=3D0.201 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D2 hlim=3D64 =
time=3D0.188 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D3 hlim=3D64 =
time=3D0.196 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D4 hlim=3D64 =
time=3D0.198 ms
> 16 bytes from 2001:abcd:f:abcd::1005, icmp_seq=3D5 hlim=3D64 =
time=3D0.254 ms
> ^C
> --- 2001:abcd:f:abcd::1005 ping6 statistics ---
> 6 packets transmitted, 6 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev =3D 0.188/0.237/0.387/0.070 ms
>=20
> When I "tcpdump -n -i sis0 ip6" when doing=20
>=20
> ping6 -S 2001:abcd:f:abcd::1000 www.freebsd.org
>=20
> I see a whole bunch of=20
>=20
> 17:49:05.528465 IP6 2001:abcd:f:abcd::1000 > 2001:4f8:fff6::22: ICMP6, =
echo request, seq 42, length 16
>=20
> When pinging from outside via IPv6 nothing appears except ND traffic:
>=20
> 17:50:19.658275 IP6 fe80::21c:c0ff:fede:adbf > fe80::5:73ff:fea0:0: =
ICMP6, neighbor solicitation, who has fe80::5:73ff:fea0:0, length 32
> 17:50:19.662226 IP6 fe80::5:73ff:fea0:0 > fe80::21c:c0ff:fede:adbf: =
ICMP6, neighbor advertisement, tgt is fe80::5:73ff:fea0:0, length 24
> 17:50:24.674531 IP6 fe80::21e:79ff:fe1e:d400 > =
fe80::21c:c0ff:fede:adbf: ICMP6, neighbor solicitation, who has =
fe80::21c:c0ff:fe26:8103, length 32
> 17:50:24.674649 IP6 fe80::21c:c0ff:fede:adbf > =
fe80::21e:79ff:fe1e:d400: ICMP6, neighbor advertisement, tgt is =
fe80::21c:c0ff:fe26:8103, length 24
> 17:50:26.668789 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: =
UDP, length 72
> 17:50:29.660582 IP6 2001:abcd:f:abcd::1000.64756 > =
2a01:xxxx:yyyy::1.53: 8351 [1au][|domain]
> 17:50:29.674096 IP6 fe80::21c:c0ff:fede:adbf > =
fe80::21e:79ff:fe1e:d400: ICMP6, neighbor solicitation, who has =
fe80::21e:79ff:fe1e:d400, length 32
> 17:50:29.682082 IP6 fe80::21e:79ff:fe1e:d400 > =
fe80::21c:c0ff:fede:adbf: ICMP6, neighbor advertisement, tgt is =
fe80::21e:79ff:fe1e:d400, length 24
> 17:50:34.637895 IP6 fe80::21e:79ff:fe1e:f000.2029 > ff02::66.2029: =
UDP, length 6
>=20
> fe80::21c:c0ff:fede:abbf is the problematic host
>=20
> When doing=20
>=20
> ping6 -S 2001:abcd:f:abcd::1000 2a01:xxx:yyy::1
> PING6(56=3D40+8+8 bytes) 2001:abcd:f:abcd::1000 --> 2a01:xxx:yyy::1
> ^C
> --- 2a01:xxx:yyy::1 ping6 statistics ---
> 29 packets transmitted, 0 packets received, 100.0% packet loss
>=20
> The 2a01:xxx:yyy::1 host reports ICMPv6 via bpf:
>=20
> 18:56:47.012614 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, =
echo request, seq 23, length 16
> 18:56:47.014426 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, =
echo reply, seq 23, length 16
> 18:56:48.012368 IP6 2001:abcd:f:abcd::1000 > 2a01:xxx:yyy::1: ICMP6, =
echo request, seq 24, length 16
> 18:56:48.013422 IP6 2a01:xxx:yyy::1 > 2001:abcd:f:abcd::1000: ICMP6, =
echo reply, seq 24, length 16
>=20
> So it seems the packets are sent, the host just can't receive.
>=20
> I initially thought it's a transport layer issue, since previously =
(before
> I changed configuration) 30%-50% SSH connection attempts succeeded
> (but prefix was wrong on the "primary" IPv6 address :1000).
> Now I get no packets on receiving side at all for those "broken" IPv6 =
addresses.

Talk to ywhomever is providing in front of you to
1) either relax nd6 table limits or
2) to route a /64 to your host to only have 1 entry in the neighbour =
table.

That's most likely the problem given my crystal ball and experience.

/bz

--=20
Bjoern A. Zeeb                                 You have to have visions!
         Stop bit received. Insert coin for new address family.