From owner-freebsd-net@FreeBSD.ORG Sun Apr 25 16:55:10 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 083091065675 for ; Sun, 25 Apr 2010 16:55:10 +0000 (UTC) (envelope-from frederic.perrin@resel.fr) Received: from maisel-gw.enst-bretagne.fr (maisel-gw.enst-bretagne.fr [192.44.76.8]) by mx1.freebsd.org (Postfix) with ESMTP id 93B158FC19 for ; Sun, 25 Apr 2010 16:55:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by maisel-gw.enst-bretagne.fr (Postfix) with ESMTP id CF9FE1980A for ; Sun, 25 Apr 2010 18:37:02 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at resel.fr Received: from maisel-gw.enst-bretagne.fr ([127.0.0.1]) by localhost (mercure.adm.maisel.enst-bretagne.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hoY0O3vGVADs for ; Sun, 25 Apr 2010 18:36:57 +0200 (CEST) Received: from girafe.home (ARennes-258-1-90-183.w90-25.abo.wanadoo.fr [90.25.25.183]) (Authenticated sender: fperrin) by maisel-gw.enst-bretagne.fr (Postfix) with ESMTPSA id E2ED219809 for ; Sun, 25 Apr 2010 18:36:56 +0200 (CEST) Date: Sun, 25 Apr 2010 18:38:25 +0200 From: =?UTF-8?B?RnLDqWTDqXJpYw==?= Perrin To: freebsd-net@freebsd.org Message-ID: <20100425183825.2ee419d3@girafe.home> X-Mailer: Claws Mail 3.7.5cvs43 (GTK+ 2.18.7; i386-unknown-freebsd8.0) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: IPv6 aliases: one doesn't work, the other do X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Apr 2010 16:55:10 -0000 Hello, I have a box running 8.0-RELEASE on i386. It has several jails, each one being given an IPv6 alias. I notice that some jails can be reached from the outside, others can't. Conversely, if I set as the source address alias1, nothing comes back; it I set as the source address alias2, it works as expected. The following transcript may be clearer: This is happening on papillon, the host (meaning not a jail), after a fresh reboot. ,---- | root@papillon:~# grep 'ipv6\|vr0' < /etc/rc.conf | ifconfig_vr0=3D"inet 91.121.77.72 netmask 255.255.255.0 broadcast 91.121.= 77.255" | ifconfig_vr0_alias0=3D"87.98.132.43 netmask 255.255.255.255" | ifconfig_vr0_alias1=3D"188.165.50.152 netmask 255.255.255.255" | ipv6_enable=3D"YES" | ipv6_network_interfaces=3D"vr0" | ipv6_defaultrouter=3D"2001:41d0:1:82ff:ff:ff:ff:ff" | ipv6_ifconfig_vr0=3D"2001:41d0:1:8248::1 prefixlen 56" | ipv6_ifconfig_vr0_alias0=3D"2001:41d0:1:8248::2" | ipv6_ifconfig_vr0_alias1=3D"2001:41d0:1:8248::3" | ipv6_ifconfig_vr0_alias2=3D"2001:41d0:1:8248::4" | ipv6_ifconfig_vr0_alias3=3D"2001:41d0:1:8248::5" `---- benoute.fr is a friend's box, located in the same datacenter as mine. If I use as source address ::3 or ::5, I get no answer, with the other aliases it works as expected. ,---- | root@papillon:~# traceroute6 -n -s 2001:41d0:1:8248::3 mail.benoute.fr | traceroute6 to mail.benoute.fr (2001:41d0:1:c1d7::1) from 2001:41d0:1:824= 8::3, 64 hops max, 12 byte packets | 1 * * * | 2 * * * | 3 * * * | 4 * * * | 5 * * * | ^C | root@papillon:~# traceroute6 -n -s 2001:41d0:1:8248::4 mail.benoute.fr | traceroute6 to mail.benoute.fr (2001:41d0:1:c1d7::1) from 2001:41d0:1:824= 8::4, 64 hops max, 12 byte packets | 1 * * * | 2 2001:41d0:1:c1d7::1 0.396 ms 0.301 ms 0.296 ms `---- Same thing, but using renater.fr (a French ISP peering directly with the datacenter that hosts my box): ,---- | root@papillon:~# traceroute6 -n -s 2001:41d0:1:8248::4 www.renater.fr | traceroute6 to www.renater.fr (2001:660:3001:4002::10) from 2001:41d0:1:8= 248::4, 64 hops max, 12 byte packets | 1 * | 2001:41d0:1:82ff:ff:ff:ff:ff 5.882 ms * | 2 2001:41d0::592 150.251 ms 7.933 ms * | 3 2001:41d0::522 220.006 ms 230.797 ms 229.390 ms | 4 2001:7f8:4e:2::103 4.636 ms 5.934 ms 4.331 ms | 5 2001:660:7903:e:1::2 4.877 ms 4.525 ms 4.401 ms | 6 2001:660:7903:a:2::2 4.387 ms 4.375 ms 4.362 ms | 7 2001:660:3000:1008:10:0:6:5051 4.867 ms !P 4.825 ms !P 5.083 ms !P | root@papillon:~# traceroute6 -n -s 2001:41d0:1:8248::3 www.renater.fr | traceroute6 to www.renater.fr (2001:660:3001:4002::10) from 2001:41d0:1:8= 248::3, 64 hops max, 12 byte packets | 1 * * * | 2 * * * | 3 * * * | 4 * * * | 5 *^C `---- If I go to gadget (a Linux host with IPv6 connectivity), I can ping some aliases, but no others. The aliases that pong correctly are the same as the ones I can successfully use as source addresses in traceroute6 to remote hosts. A 'tcpdump -i vr0 icmp6' on papillon while this is happening show that no packet is seen by papillon. ,---- | fperrin@gadget:~$ for i in $( seq 5); do echo -n "$i - "; ping6 -c1 2001:= 41d0:8248::$i|grep loss; done | 1 - 1 packets transmitted, 1 received, 0% packet loss, time 0ms | 2 - 1 packets transmitted, 1 received, 0% packet loss, time 0ms | 3 - 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time = 0ms | 4 - 1 packets transmitted, 1 received, 0% packet loss, time 0ms | 5 - 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time = 0ms `---- Even if my life depended on it, I couldn't explain why some aliases work, and not others. The only difference that I can see is that they have different jails (::2 runs httpd+postgres, ::3 has no listening d=C3=A6mons, ::4 runs named, ::5 runs postfix). Any possible pointers? --=20 Fred