Date: Fri, 30 Dec 2011 09:58:54 -0500 From: Jason Hellenthal <jhell@DataIX.net> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org, Marcin Cieslak <saper@saper.info> Subject: Re: IPv6 not responding on some aliases (recent 8-stable) Message-ID: <20111230145854.GA22414@DataIX.net> In-Reply-To: <AEB320C2-0345-436E-91B3-CBA760FEF37A@lists.zabbadoz.net> References: <slrnjf53o4.2d1.saper@saper.info> <F2005BBF-1808-4E63-B5F3-71361A95008A@lists.zabbadoz.net> <slrnjf6s3g.i0d.saper@saper.info> <C72FCBE6-AC3B-486B-B487-DA1FDA1F4474@lists.zabbadoz.net> <slrnjf75bk.i0d.saper@saper.info> <AEB320C2-0345-436E-91B3-CBA760FEF37A@lists.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 23, 2011 at 09:17:09AM +0000, Bjoern A. Zeeb wrote: >=20 > On 22. Dec 2011, at 20:39 , Marcin Cieslak wrote: >=20 > >>> Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote: > >>> I initially thought it's a transport layer issue, since previously (b= efore > >>> I changed configuration) 30%-50% SSH connection attempts succeeded > >>> (but prefix was wrong on the "primary" IPv6 address :1000). > >>> Now I get no packets on receiving side at all for those "broken" IPv6= addresses. > >>=20 > >> Talk to ywhomever is providing in front of you to > >> 1) either relax nd6 table limits or > >> 2) to route a /64 to your host to only have 1 entry in the neighbour t= able. > >>=20 > >> That's most likely the problem given my crystal ball and experience. > >=20 > > Thank you for insightful analysis!=20 > > Seems like this provider has some significant IPv6 takeup, which is > > good news - sorry for hassle, but problems started after upgrade.=20 > >=20 > > I'll talk to my upstream then, thanks! >=20 > Please let us know of the results, especially if my crystal ball was wron= g. >=20 I have seen this behavior before when one of the addresses on an interface = is in a DMZ while the others are not. But this was with IPv4. I would assum= e IPv6 would have acted the same way but left it untested as it was not cri= tical. Take this as informational only and double check your switches, fire= walls, etc... --=20 ;s =3D; --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJO/dGtAAoJEJBXh4mJ2FR+QVgH/Rk8Ns+BRylps4qCSCNTbWg8 iIdYhCFP2rQmdZUdRlbrIAVFaKGQawYiBGh/cYmaA9zZ9t5kF0oIGBLcW2Xtz/eA 30M0vyUN/m6UDLK1ERttZ/mNdQUTsZpPtaSYoKNjW8D+KttNL1cNE9LRwfSs4aPU UIiA3NTqrfoue1QWsqz23UkOI9EY1fU54xKlEKGRGXzlErQoAumxKB8OCGnazgON yBJWVS1zgSvb5Lz9AOhZqTjBaFntqWyUK4D+T21+B71F/TjGDtJxpsV9LFvjP2R3 GgUaLp/OFAZefcOFCTEVuVp12eoPeTKQO961ysiSc+76aZBOvmvwlYULTZmNV+4= =VknF -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111230145854.GA22414>