From nobody Mon Aug 15 10:14:31 2022 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M5qs90FM2z4ZLmh for ; Mon, 15 Aug 2022 10:14:53 +0000 (UTC) (envelope-from jhay@meraka.org.za) Received: from marge.meraka.csir.co.za (marge.meraka.csir.co.za [146.64.28.1]) by mx1.freebsd.org (Postfix) with ESMTP id 4M5qs73Sfrz470b for ; Mon, 15 Aug 2022 10:14:51 +0000 (UTC) (envelope-from jhay@meraka.org.za) Received: from marge.meraka.csir.co.za (localhost [127.0.0.1]) by marge.meraka.csir.co.za (Postfix) with ESMTP id A1E374DAFA for ; Mon, 15 Aug 2022 12:14:47 +0200 (SAST) X-Virus-Scanned: amavisd-new at meraka.org.za Received: from marge.meraka.csir.co.za ([127.0.0.1]) by marge.meraka.csir.co.za (marge.meraka.csir.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfVkmItI-USd for ; Mon, 15 Aug 2022 12:14:46 +0200 (SAST) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by marge.meraka.csir.co.za (Postfix) with ESMTPSA for ; Mon, 15 Aug 2022 12:14:46 +0200 (SAST) Received: by mail-pj1-f50.google.com with SMTP id ha11so6575782pjb.2 for ; Mon, 15 Aug 2022 03:14:46 -0700 (PDT) X-Gm-Message-State: ACgBeo2lXgHyl2ePoJxnV5KGOqqH75cVULf1Ys1l96Bw16l9+nbGIKqu /iCkcrYj0KC8UFrLrL0pjjcKjNhqoPFKYSMRmZ5Gmw== X-Google-Smtp-Source: AA6agR6bIEyP1FxKg8daoygPzq9CO0eytOcy01jQ5Qm23CBGY24/tzcjQfS80Ut6DxqKjP9jpbfSdycbdECHhhC3zyo= X-Received: by 2002:a17:902:ed44:b0:16d:b1a2:f24 with SMTP id y4-20020a170902ed4400b0016db1a20f24mr15830029plb.145.1660558482794; Mon, 15 Aug 2022 03:14:42 -0700 (PDT) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 References: <718207270.67.1660552177215@localhost> <1540677665.110.1660556486732@localhost> In-Reply-To: From: John Hay Date: Mon, 15 Aug 2022 12:14:31 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: what to check? no IPV6 pings between nodes on the same switch To: Benoit Chesneau Cc: "freebsd-net@FreeBSD.org" Content-Type: multipart/alternative; boundary="0000000000007f075905e644e64a" X-Rspamd-Queue-Id: 4M5qs73Sfrz470b X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jhay@meraka.org.za designates 146.64.28.1 as permitted sender) smtp.mailfrom=jhay@meraka.org.za X-Spamd-Result: default: False [-3.40 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.997]; RCVD_IN_DNSWL_MED(-0.20)[146.64.28.1:from]; R_SPF_ALLOW(-0.20)[+ip4:146.64.28.1]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_IN_DNSWL_NONE(0.00)[209.85.216.50:received]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; R_DKIM_NA(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_NA(0.00)[meraka.org.za]; FREEFALL_USER(0.00)[jhay]; RCVD_COUNT_FIVE(0.00)[5]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:2018, ipnet:146.64.28.0/24, country:ZA]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; SUBJECT_HAS_QUESTION(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --0000000000007f075905e644e64a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Benoit, It will allow multicast packets to go through, which IPv6 depends on. Maybe there is a problem setting up the multicast filter for that driver / card. Regards John On Mon, 15 Aug 2022 at 12:08, Benoit Chesneau wrote: > So I noticed that tcpdump was enabling the "promiscuous" mode to the > interface. So I tried to do it manually: `ifconfig ql0 promisc` and ping > worked even after disabling this mode `ifconfig ql0 -promisc`. > > What does happen when the promiscuous mode is enabled? I'm not sure to > understand what is the issue :/ > > Beno=C3=AEt > ------- Original Message ------- > On Monday, August 15th, 2022 at 11:53, Benoit Chesneau < > benoitc@enki-multimedia.eu> wrote: > > Unfortunately I get the same results with rtsold enabled and the interfac= e > up. It doesn't seems related to teh switch since link-local ping work :/ > > > Beno=C3=AEt > ------- Original Message ------- > On Monday, August 15th, 2022 at 11:41, Ronald Klop > wrote: > > Set rtsold_enable=3D"YES" in rc.conf and restart. > Does that help? > > " > DESCRIPTION > rtsold is the daemon program to send ICMPv6 Router Solicitation > messages > on the specified interfaces. If a node (re)attaches to a link, rtso= ld > sends some Router Solicitations on the link destined to the link-loc= al > scope all-routers multicast address to discover new routers and to g= et > non link-local addresses. > > rtsold should be used on IPv6 hosts (non-router nodes) only. > " > > Btw: accept_rtadv makes "rtsol" to run once on startup if you set it in > rc.conf and use it to boot the machine. (BTW: for me this does not work > well enough, so I run rtsold explicitly.) Setting accept_rtadv by ifconfi= g > will not run rtsol. > > Regards, > Ronald. > > > > *Van:* Benoit Chesneau > *Datum:* maandag, 15 augustus 2022 11:25 > *Aan:* Benoit Chesneau > *CC:* Ronald Klop , "freebsd-net@FreeBSD.org" < > freebsd-net@freebsd.org> > *Onderwerp:* Re: what to check? no IPV6 pings between nodes on the same > switch > > OK here is the weird but interesting thing. When I start to capture icmp= 6 > packets using tcpdump `tcpdump -i ql0 icmp6` then ping6 starts to work. > Even after stopping the capture. Any idea what could it be ? > > Beno=C3=AEt > ------- Original Message ------- > On Monday, August 15th, 2022 at 10:50, Benoit Chesneau < > benoitc@enki-multimedia.eu> wrote: > > > Hi, > > Thanks for the help :) The nodes can indeed ping each others using the > link-local address. What does it means? I tested to set `accept_rtadv` > using the ifconfig command without much success. > > > Here are the ifconfigs, the prefix is the same for all To be sure, I > replaced the content by using sed. > > node 1: > > ``` > $ ifconfig ql0 > ql0: flags=3D8843 metric 0 mtu 15= 00 > > options=3D507bb > ether b4:7a:f1:7a:9c:10 > inet6 ::11 prefixlen 64 > inet6 fe80::b67a:f1ff:fe7a:9c10%ql0 prefixlen 64 scopeid 0x1 > media: Ethernet autoselect (25GBase-SR ) > status: active > nd6 options=3D21 > ``` > > node 2: > > ``` > $ ifconfig ql0 > ql0: flags=3D8843 metric 0 mtu 15= 00 > > options=3D507bb > ether b4:7a:f1:7a:99:52 > inet6 ::12 prefixlen 64 > inet6 fe80::b67a:f1ff:fe7a:9952%ql0 prefixlen 64 scopeid 0x1 > media: Ethernet autoselect (25GBase-SR ) > status: active > nd6 options=3D21 > ``` > > node 3 > ``` > ifconfig ql0 > ql0: flags=3D8843 metric 0 mtu 15= 00 > > options=3D507bb > ether b4:7a:f1:18:ff:d8 > inet6 ::13 prefixlen 64 > inet6 fe80::b67a:f1ff:fe18:ffd8%ql0 prefixlen 64 scopeid 0x1 > media: Ethernet autoselect (25GBase-SR ) > status: active > nd6 options=3D21 > ``` > > > ------- Original Message ------- > On Monday, August 15th, 2022 at 10:29, Ronald Klop > wrote: > > > Hi, > > My rc.conf config has: > ifconfig_genet0_ipv6=3D"inet6 accept_rtadv" > > Can you post the output of "ifconfig" and "ipfw show"? > Can you ping the link-local address of the other hosts? > > Regards. > Ronald. > > > > *Van:* Benoit Chesneau > *Datum:* maandag, 15 augustus 2022 08:59 > *Aan:* "freebsd-net@FreeBSD.org" > *Onderwerp:* what to check? no IPV6 pings between nodes on the same switc= h > > > I have setup 3 nodes on a fresh Freebsd 13.1-RELEASE-p1. They have the > same gateway and IPS are in same /64. All 3 nodes are on the same switch > (mikrotik) and same vlan untagged. > > I can ping them from an external machine through the router/gateway but t= he > nodes can't ping each others. When I run `ndp-a` it only return the > gateway and the node ipv6 (+ their libks) but not the ips of the other > nodes. > > Previously these nodes wee under linux and were able to ping each others. > > What could be the issue? What do I need to check? > > Configuration is pretty straightforward: > > ``` > > hostname=3D"node1.domain.tld" > > keymap=3D"fr.macbook.kbd" > > ifconfig_ql0=3D"" > > ifconfig_ql0_ipv6=3D"inet6 ::11/64" > > ipv6_defaultrouter=3D"::1" > > sshd_enable=3D"YES" > > ntpd_enable=3D"YES" > > # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable > > dumpdev=3D"AUTO" > > zfs_enable=3D"YES" > ``` > > Others machines are `::12`, `::13`Sent from Proton Mail > for iOS > > Beno=C3=AEt > > > > --0000000000007f075905e644e64a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Benoit,

It will allow mul= ticast packets to go through, which IPv6 depends on. Maybe there is a probl= em setting up the multicast filter for that driver / card.

Regards

John

On Mon, = 15 Aug 2022 at 12:08, Benoit Chesneau <benoitc@enki-multimedia.eu> wrote:
So I noticed that tcpdump was enabling the "promiscuous&qu= ot; mode =C2=A0to the interface. So I tried to do it manually: `ifconfig ql= 0 promisc` and ping worked even after disabling this mode `ifconfig ql0 -promisc`.

What does happen when the promiscuous= mode is enabled? I'm not sure to understand what is the issue :/
=

Beno=C3=AEt=C2=A0
------- Original Message -------
On Monday, August 15th, 2022 at 11:53, Benoit Chesneau <benoitc@enki-multi= media.eu> wrote:

Unfortunately I= get the same results with rtsold enabled and the interface up.=C2=A0 It do= esn't seems related to teh switch since link-local ping work :/


Beno=C3=AEt
------- Original Message -------
On Monday, August 15th, 2022 at 11:41, Ronald Klop <ronald-lists@klop.ws> = wrote:

Set rtsold_enable=3D"YES" in rc.conf and restart.
Does that help?

"
DESCRIPTION
=C2=A0=C2=A0=C2=A0=C2=A0 rtsold is the daemon program to send ICMPv6 Router= Solicitation messages
=C2=A0=C2=A0=C2=A0=C2=A0 on the specified interfaces.=C2=A0 If a node (re)a= ttaches to a link, rtsold
=C2=A0=C2=A0=C2=A0=C2=A0 sends some Router Solicitations on the link destin= ed to the link-local
=C2=A0=C2=A0=C2=A0=C2=A0 scope all-routers multicast address to discover ne= w routers and to get
=C2=A0=C2=A0=C2=A0=C2=A0 non link-local addresses.

=C2=A0=C2=A0=C2=A0=C2=A0 rtsold should be used on IPv6 hosts (non-router no= des) only.
"

Btw: accept_rtadv makes "rtsol" to run once on startup if you set= it in rc.conf and use it to boot the machine. (BTW: for me this does not w= ork well enough, so I run rtsold explicitly.) Setting accept_rtadv by ifcon= fig will not run rtsol.

Regards,
Ronald.

=C2=A0

Van: Benoit Chesneau <benoitc@enki-multimedia.eu>
Datum: maandag, 15 augustus 2022 11:25
Aan: Benoit Chesneau <benoitc@enki-multimedia.eu>
CC: Ronald Klop <ronald-lists@klop.ws>, "freebsd-net@FreeBSD= .org" <freebsd-net@freebsd.org>
Onderwerp: Re: what to check? no IPV6 pings between nodes = on the same switch

OK here is the weird but in= teresting thing. When I start =C2=A0to capture icmp6 packets using tcpdump = `tcpdump -i ql0 icmp6` then ping6 starts to work.=C2=A0 Even after stopping= the capture. Any idea what could it be ?
=C2=A0
Beno= =C3=AEt=C2=A0
------- Original Message -------
On Monday, August 15th, 2022 at 10:50, Benoit Chesneau <benoitc@enki-multimedia.eu<= /a>> wrote:
=C2=A0
Hi,
=C2=A0
Thanks for= the help :) The nodes can indeed ping each others using the link-local add= ress. What does it means? I tested to set `accept_rtadv` using the if= config command without much success.
=C2=A0
=C2=A0
Here are t= he ifconfigs, the prefix is the same for all To be sure, I =C2=A0replaced t= he content by <PREFIX> using sed.
=C2=A0
node 1:
=C2=A0
```
=C2= =A0$ ifconfig ql0
ql0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> = metric 0 mtu 1500
options=3D507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_M= TU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO>
ether b4:7a:f1:7a:9c:10
inet6 <PREFIX>::11 prefixlen 64
inet6 fe80::b67a:f1ff:fe7a:9c10%ql0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (25GBase-SR <full-duplex>)
status: active
nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
```
=C2=A0
node 2:
=C2=A0
```
=C2= =A0$ ifconfig ql0
ql0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> = metric 0 mtu 1500
options=3D507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_M= TU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO>
ether b4:7a:f1:7a:99:52
inet6 <PREFIX>::12 prefixlen 64
inet6 fe80::b67a:f1ff:fe7a:9952%ql0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (25GBase-SR <full-duplex>)
status: active
nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
```
=C2=A0
node= 3
```
ifco= nfig ql0
ql0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> = metric 0 mtu 1500
options=3D507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_M= TU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO>
ether b4:7a:f1:18:ff:d8
inet6 <PREFIX>::13 prefixlen 64
inet6 fe80::b67a:f1ff:fe18:ffd8%ql0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (25GBase-SR <full-duplex>)
status: active
nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
```
=C2=A0
=C2=A0
------- Original Message -------
On Monday, August 15th, 2022 at 10:29, Ronald Klop <ronald-lists@klop.ws> wrote: =C2=A0
Hi,

My rc.conf config has:
ifconfig_genet0_ipv6=3D"inet6 accept_rtadv"

Can you post the output of "ifconfig" and "ipfw show"?<= br> Can you ping the link-local address of the other hosts?

Regards.
Ronald.

=C2=A0

Van: Benoit Chesneau <benoitc@enki-multimedia.eu>
Datum: maandag, 15 augustus 2022 08:59
Aan: "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org= >
Onderwerp: what to check? no IPV6 pings between nodes on t= he same switch

=C2=A0
I=C2=A0have setup 3 nodes on a fresh Freebsd 13.1-RELEASE-p1. They ha= ve the same gateway and IPS are in same /64. All 3 nodes are on the same sw= itch (mikrotik) and same vlan untagged.

I can ping them from an external machine through the router/gateway b= ut=C2=A0the nodes can't ping each others.=C2= =A0When I run `ndp-a` it only return the gateway and the node ipv6 (+ their= libks) but not the ips of the other nodes.

Previously these nodes wee under linux and were able to ping each oth= ers.

What could be the issue? What do I need to check?

Configuration is pretty straightforward:
=C2=A0
```

hostname=3D"node1.domain.tld"

keymap=3D"fr.macbook.kbd"

ifconfig_ql0=3D""

ifconfig_ql0_ipv6=3D"inet6 <PREFIX>::11/64"

ipv6_defaultrouter=3D"<PREFIX>::1"

sshd_enable=3D"YES"

ntpd_enable=3D"YES"

# Set dumpdev to "AUTO" to enable crash dumps, "NO" = to disable

dumpdev=3D"AUTO"

zfs_enable=3D"YES"

```
=C2=A0
Others machines are `<PREFIX>::12`, `<PREFIX>:= :13`Sent from Proton Mail for iOS
=C2=A0
Beno=C3=AEt=C2=A0


--0000000000007f075905e644e64a--