From owner-freebsd-net@FreeBSD.ORG Mon Oct 14 20:39:32 2013 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 11E4868E for ; Mon, 14 Oct 2013 20:39:32 +0000 (UTC) (envelope-from prox@prolixium.com) Received: from nox.prolixium.com (nox.prolixium.com [IPv6:2001:48c8:1:104::1e]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DA76025E1 for ; Mon, 14 Oct 2013 20:39:31 +0000 (UTC) Received: from prox by nox.prolixium.com with local (Exim 4.80) (envelope-from ) id 1VVovJ-0000Rj-Ju for freebsd-net@FreeBSD.org; Mon, 14 Oct 2013 16:39:29 -0400 Date: Mon, 14 Oct 2013 16:39:29 -0400 From: Mark Kamichoff To: freebsd-net@FreeBSD.org Subject: IPv6 Source Address Selection in 9.x Message-ID: <20131014203929.GG25061@prolixium.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PNTmBPCT7hxwcZjr" Content-Disposition: inline X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: prox@prolixium.com X-SA-Exim-Scanned: No (on nox.prolixium.com); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2013 20:39:32 -0000 --PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi -=20 A colleague of mine recently stumbled upon an IPv6-related quirk in FreeBSD that seems to have appeared in the 9.x series. It appears that more often than not, IPv6 is not chosen as the default address family when initiating outbound connections, even in cases where there's an IPv6 address on the outgoing interface and the DNS returns at least one AAAA for the destination host. For example: (dax:16:23)% host he.net. he.net has address 216.218.186.2 he.net has IPv6 address 2001:470:0:76::2 he.net mail is handled by 1 he.net. (dax:16:23)% telnet he.net. 80 Trying 216.218.186.2... Connected to he.net. Escape character is '^]'. ^]^D telnet> Connection closed. he.net. clearly has an AAAA, but FreeBSD connects using IPv4, instead of IPv6. Forcing the address family does still work, though: (dax:16:23)% telnet -6 he.net. 80 Trying 2001:470:0:76::2... Connected to he.net. Escape character is '^]'. ^]^D telnet> Connection closed. The above was taken on a FreeBSD-9.1-RELEASE-p4 host with a static default route to the Internet and static IPv6 addressing on the outgoing interface. Although there are tunnels on the machine, the default route does not exit through a tunnel interace. Here is some sanitized output from ifconfig and route: (dax:16:31)% ifconfig em0 em0: flags=3D8943 metric 0 = mtu 1500 options=3D4219b ether 00:24:8c:36:57:ad inet 10.9.189.182 netmask 0xfffffffc broadcast 10.9.189.183 inet6 fe80::224:8cff:fe26:57ad%em0 prefixlen 64 scopeid 0x1=20 inet6 2001:db8:1:2::2 prefixlen 64=20 nd6 options=3D21 media: Ethernet autoselect (1000baseT ) status: active (dax:16:35)% netstat -f inet6 -n -r|grep default default 2001:db8:1:2::1 UG1 em0 This behavior has been reproduced on 9.2, as well. It has not been seen on any prior version of FreeBSD that supports IPv6. I took a quick look through /etc/default/rc.conf to see if there were any new variables that might influence source address selection or name resolution, but did not see anything relevant. Has anyone else experienced a problem like this? - Mark --=20 Mark Kamichoff prox@prolixium.com http://www.prolixium.com/ --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlJcVoEACgkQ0TYC9KtF8BN82gCgmKToWz7na0evOMVzWShc/LXd K/0AoJASDJtZPn1vciaDBszSnGpsRQm3 =2LL2 -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr--