Date: Fri, 12 Jun 2020 22:37:24 -0400 From: Alex <freebsd@centromere.net> To: freebsd-net@freebsd.org Subject: NDP Proxying Issue Message-ID: <20200612223724.1ebdf4d1@poseidon>
next in thread | raw e-mail | index | archive | help
Hi, I am running FreeBSD 12.1-RELEASE on DigitalOcean, where my Droplet is assigned 16 IPv6 addresses (2604::0 --> 2604::f). I would like it to respond to neighbor solicitation requests from DO, even though the IP being solicited is not bound to any interface on the machine. Based on my research, this is exactly what NDP proxying is for, which is configured by the "ndp" tool. I already have one IPv6 address fully operational, and I see it listed in the output of "ndp -a" (IPs redacted): 2604::1 12:34:56:78:90:ff vtnet0 permanent R "12:34:56:78:90:ff" is the MAC address of vtnet0, the main public-facing interface of the machine. I have executed the following command: ndp -s 2604::2 12:34:56:78:90:ff proxy leading to the following output from "ndp -a": 2604::2 12:34:56:78:90:ff vtnet0 permanent R p This indicates to me that NDP proxying for this IP has been set up properly. When running tcpdump on vtnet0, and after attempting to connect to 2604::2 from a remote machine, I see the following: 02:25:04.068528 IP6 fe80::1 > ff02::2: ICMP6, neighbor solicitation, who has 2604::2, length 32 The ISP is properly asking if my machine has that address, however I never see a neighbor advertisement in response. Based on the fact that the "ndp -s" command succeeded and the entry is listed, why would this be? I have pf disabled. I am not aware of any sysctl variables that might prevent this from working. Regards, Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200612223724.1ebdf4d1>