Date: Wed, 13 Mar 2013 16:33:23 +0000 From: Schrodinger <schrodinger@konundrum.org> To: freebsd-net@freebsd.org Subject: Re: ipv6 default router Operation not permitted Message-ID: <20130313163323.GE18992@defiant.konundrum.org> In-Reply-To: <5140A965.5090206@rewt.org.uk> References: <20130313091727.GA17859@defiant.konundrum.org> <201303131227.57751.Mark.Martinec%2Bfreebsd@ijs.si> <20130313125221.GD17859@defiant.konundrum.org> <B58DABE0-BB82-412D-82AB-C7C9AFD82F12@my.gd> <20130313131016.GE17859@defiant.konundrum.org> <D38E17AB-86AA-40B5-BFD6-A092DFAA1660@my.gd> <20130313135253.GA18992@defiant.konundrum.org> <5140A0CE.4030605@rewt.org.uk> <20130313155936.GC18992@defiant.konundrum.org> <5140A965.5090206@rewt.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--X3gaHHMYHkYqP6yf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2013/03/13 16:29, Joe Holden wrote: > Strange, I used this setup on an OVH machine a while ago, seemed to work= =20 > - perhaps something isn't properly configured at their end properly >=20 I have a ticket opened with OVH since yesterday to confirm or deny the future of RA on their network. Thankfully this discussion has helped to further understand what *should* be happening and why RA is really more ideal. This is for a new box and I have time to experiment, my old host uses=20 /56 but it's not the right way to do it, IMHO. C. > Schrodinger wrote: > > On 2013/03/13 15:52, Joe Holden wrote: > >> Just use router solicitation to ask for the link-local gateway, that i= s=20 > >> the "correct" way to do it. > >> > >=20 > > Hi Joe, > >=20 > > If you read some of this thread you'll note that router advertisements > > are being disabled by the hosting provider. While their documentation > > indicates the use of router advertisments this does not solve the issue > > that I get "Operation not permitted" when trying to ping the default > > gateway. > >=20 > > Without ACCEPT_RTADV on re0 FreeBSD does not even perform NEIGHBOUR > > solicitation for 2001:41d0:2:e7ff:ff:ff:ff:ff - presumably because it > > thinks that this is not on the same link as re0. > >=20 > > C. > >=20 > >> Schrodinger wrote: > >>> Damien,=20 > >>> > >>> I appreciate your replies very much, but I'm a subscriber so just rep= ly > >>> to the mailing list. Thanks. > >>> > >>> On 2013/03/13 14:19, Fleuriot Damien wrote: > >>> > >>> [SNARF] > >>> > >>>> These are indeed correct, thanks for clarifying. > >>>> > >>> I thought that's what I said in my first email ;) Sorry for any > >>> confusion. > >>> > >>>> Find below the config I'm using on an old OVH box. > >>>> Said config might be outdated now (as per OVH's guide on setting up = IPv6 [1]) , however that was at the time the only way to get things working= properly. > >>>> > >>>> rc.conf > >>>> =3D=3D=3D > >>>> #Range IPv6: 2001:41D0:2:613b::/64 > >>>> ipv6_enable=3D"YES" > >>>> ipv6_ifconfig_re0=3D"fe80::21c:c0ff:fef3:31fa/64 scopeid 0x1" > >>>> ipv6_ifconfig_re0_alias0=3D"2001:41d0:2:613b::dead:beef/56" > >>>> ipv6_defaultrouter=3D"2001:41d0:2:61ff:ff:ff:ff:ff" > >>>> =3D=3D=3D > >>>> > >>> You have /56 and this is what I believe to be the incorrect way to get > >>> this to Just Work. I think this assume that anyone else in this /56 is > >>> in the same layer two segment as you....=20 > >>> > >>>> routing table > >>>> =3D=3D=3D > >>> [SNARF] > >>>> =3D=3D=3D > >>>> > >>>> > >>>> > >>>> Notice that said config actually works: > >>>> =3D=3D=3D > >>>> $ ping6 www.google.com > >>>> PING6(56=3D40+8+8 bytes) 2001:41d0:2:613b::dead:beef --> 2a00:1450:4= 007:804::1014 > >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=3D0 hlim=3D57 time= =3D4.461 ms > >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=3D1 hlim=3D57 time= =3D4.462 ms > >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=3D2 hlim=3D57 time= =3D4.405 ms > >>>> ^C > >>>> --- www.google.com ping6 statistics --- > >>>> 3 packets transmitted, 3 packets received, 0.0% packet loss > >>>> round-trip min/avg/max/std-dev =3D 4.405/4.443/4.462/0.027 ms > >>>> =3D=3D=3D > >>>> > >>>> Either way, you might want to have a look at OVH's guide [1] but in = my own case, using a /56 was, at the time, the only way to get things worki= ng in a clean way. > >>>> > >>>> [1] http://help.ovh.com/Ipv4Ipv6#link10 > >>>> > >>> I read this, I made sure to read this and then I read it a second tim= e. > >>> No where does it indicate the use of a /56. I am in the process of a > >>> migration from an old OVH server to a new OVH server. My old box uses > >>> the /56 prefix length "fix" but based on the documentation this is > >>> incorrect and IMO this assumes that anyone else in the /56 is in the= =20 > >>> same segment as me and if they are using /64 - well, There Be Dragons. > >>> > >>> Also from the information I have received, router advertisements may = be > >>> turned off in the future, my host should simply Neighbour Solicit for > >>> the global scope unicast address of my default gateway. And as pointed > >>> out in previous emails without ACCEPT_RTADV for re0 - FreeBSD does not > >>> perform this action. > >>> > >>> So again, what is the correct way ? I think this is a debate of IPv6 > >>> Protocol vs. IPv6 Policy vs. Network architecture. > >>> > >>> I'll go and get Tina Turner. You get Masterblaster and we'll meet in > >>> Thunderdome. > >>> > >>> C. > >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --=20 +---------------------------------------------------------------+ Quidquid latine dictum sit, altum sonatur. MSN: schro5@hotmail.com ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc --X3gaHHMYHkYqP6yf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQIcBAEBCgAGBQJRQKpSAAoJEBBi7cjNKnTjeI4QAJ+J3oL9+oVZQBXygZLs4Dkd I6PtuK7Si9QB8D1T17c60+v2ZC8zZacnnriI6tZVJ1V81HmHXQk2TjnIQ22EMN4l KPdUSf+YvkQurFZexCr/ZXaYJYiyjGPyAhGkVtO2vZ8uoXqU0LIASdm43gH+fXSS c6QyQ/i1394Mir5Gq2gBdsl9CshHIxkkYQeIyifDUDKxi2HNWrm4lKS2ED/DEzSQ uaGKns/tx6if5nyRnfZyLlCC9u2TiGBIX2mV2e7HDFtIqOeDJkLv9MfDdptC62yT /zn72k+eWMLtmLJPbwc2dfZds5wzczGj1KpQK5iW009uxtPFzlrQjboK8zN++2bP Ay46qVASgiOYYv5b20LFszVtZDCghaoijwRNOVCjg+2Bh8g50XhgsvJLqDPsJIkW 3rgaCp4vxsW/02hKxuCa1dEXH6fq8BdHAaOJQpOMJE3yvbvP2v5l2RljebK34979 2wHADbY828iao82CRTkHDA+xixjN5RCd2OW0vWA6zny/hggHILnhgkmQQ+JTv2dh bELOKjVXAmNp7vYj2QzTp3P++7ZJbVyR8oie30NmiaRpr/JSGhBWnGBXEQkbpGoi o/iffA7WA0SLwLfnRdyT6BhkFrErI98Od/7BPhM67ij0+lc1knTNmVXse0wP8Umk 3++elE8l2+q2PCRUkPFw =9swd -----END PGP SIGNATURE----- --X3gaHHMYHkYqP6yf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130313163323.GE18992>