From owner-freebsd-net@freebsd.org Mon Dec 19 07:02:52 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53CFFC8788A for ; Mon, 19 Dec 2016 07:02:52 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.allbsd.org", Issuer "RapidSSL SHA256 CA - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B8E2869E; Mon, 19 Dec 2016 07:02:51 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail-d.allbsd.org (p2027-ipbf1605funabasi.chiba.ocn.ne.jp [123.225.191.27]) (authenticated bits=56) by mail.allbsd.org (8.15.2/8.15.2) with ESMTPSA id uBJ72Qcw015493 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) (Client CN "/OU=GT07882699/OU=See+20www.rapidssl.com/resources/cps+20+28c+2915/OU=Domain+20Control+20Validated+20-+20RapidSSL+28R+29/CN=*.allbsd.org", Issuer "/C=US/O=GeoTrust+20Inc./CN=RapidSSL+20SHA256+20CA+20-+20G3"); Mon, 19 Dec 2016 16:02:47 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from alph.allbsd.org (alph.allbsd.org [192.168.0.10]) by mail-d.allbsd.org (8.15.2/8.15.2) with ESMTPS id uBJ71A2P006973 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 19 Dec 2016 16:01:11 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.allbsd.org (8.15.2/8.15.2) with ESMTPA id uBJ719Ii006965; Mon, 19 Dec 2016 16:01:10 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Mon, 19 Dec 2016 16:00:48 +0900 (JST) Message-Id: <20161219.160048.1136181454257627813.hrs@allbsd.org> To: anderson.ferreira@gmx.com, freebsd-net@freebsd.org Cc: ae@FreeBSD.org, melifaro@freebsd.org, bz@FreeBSD.org, markj@freebsd.org Subject: Re: Trouble with ipv6 routing through interface,Re: Trouble with ipv6 routing through interface From: Hiroki Sato In-Reply-To: References: <780FE1FC-EA67-4593-BC0A-259F4B8E7FB5@gmx.com> <780FE1FC-EA67-4593-BC0A-259F4B8E7FB5@gmx.com> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.7 on Emacs 25.1 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Mon_Dec_19_16_00_48_2016_153)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.99 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.4.3 (mail.allbsd.org [133.31.130.32]); Mon, 19 Dec 2016 16:02:47 +0900 (JST) X-Spam-Status: No, score=-100.0 required=13.0 tests=CONTENT_TYPE_PRESENT, ISO2022JP_BODY,QENCPTR1,USER_IN_WHITELIST autolearn=unavailable autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on gatekeeper.allbsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Dec 2016 07:02:52 -0000 ----Security_Multipart(Mon_Dec_19_16_00_48_2016_153)-- Content-Type: Text/Plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit "Andrey V. Elsukov" wrote in ,: ae> On 16.12.2016 03:24, Anderson Soares Ferreira wrote: ae> > I have a freebsd 11 box running as my network gateway and I’m having ae> > some trouble trying to route ipv6 packets through an interface with ae> > only linklocal address. In short, what I’m doing is: ae> > ae> > My freebsd gateway has one global scope address on lo0 interface, ae> > each other interface has only a link local address fe80::1. Static ae> > routes for the global scope subnets have been created, Each route was ae> > created using the command: ae> > ae> > # route -6 add -net /64 -interface ae> > ae> > The clients on each subnet have a global scope address and fe80::1 as ae> > default gateway. ae> > ae> > What is happening with this approach is that my gateway can’t reach ae> > the clients on the subnets. Ping tests from the gateway to the client ae> > return the error "ping6: sendmsg: No buffer space available”. On the ae> ae> Hi, ae> ae> this ENOBUFS error is returned from ND6 code. Due to the lack of ae> prefixes, layer2 doesn't consider that destination address is a ae> neighbor. ae> ae> > other hand, when I try to do a ping from client to gateway, the ae> > packets from the client are received by the gateway but no response ae> > is sent. In my tests using a linux gateway with the same approach, ae> > everything worked fine . ae> ae> I'm not sure how this should be fixed. A FreeBSD router box must have an IPv6 address on each interface if you want to reach the router from a client (and vice versa). Currently FreeBSD does not properly support an IPv6 GUA on an interface and a route of the GUA's prefix on another interface without an GUA at the same time, which is often seen on a dedicated router box like Cisco. This is partly because FreeBSD's NDP and routing table assume that an on-link prefix is interface-local, not node-local across multiple interfaces. A practical workaround is using an LLA (i.e. fe80::1 or something) for communication between the router and the clients. -- Hiroki ----Security_Multipart(Mon_Dec_19_16_00_48_2016_153)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAlhXhaAACgkQTyzT2CeTzy2a2ACeKET3R9U9erE9sRmqN+ZYoGOq nioAn3z/Y58w7E/0en9lc4w726bNmUQL =hzfy -----END PGP SIGNATURE----- ----Security_Multipart(Mon_Dec_19_16_00_48_2016_153)----