Date: Fri, 30 Dec 2011 09:58:54 -0500 From: Jason Hellenthal <jhell@DataIX.net> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org, Marcin Cieslak <saper@saper.info> Subject: Re: IPv6 not responding on some aliases (recent 8-stable) Message-ID: <20111230145854.GA22414@DataIX.net> In-Reply-To: <AEB320C2-0345-436E-91B3-CBA760FEF37A@lists.zabbadoz.net> References: <slrnjf53o4.2d1.saper@saper.info> <F2005BBF-1808-4E63-B5F3-71361A95008A@lists.zabbadoz.net> <slrnjf6s3g.i0d.saper@saper.info> <C72FCBE6-AC3B-486B-B487-DA1FDA1F4474@lists.zabbadoz.net> <slrnjf75bk.i0d.saper@saper.info> <AEB320C2-0345-436E-91B3-CBA760FEF37A@lists.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Dec 23, 2011 at 09:17:09AM +0000, Bjoern A. Zeeb wrote: > > On 22. Dec 2011, at 20:39 , Marcin Cieslak wrote: > > >>> Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote: > >>> I initially thought it's a transport layer issue, since previously (before > >>> I changed configuration) 30%-50% SSH connection attempts succeeded > >>> (but prefix was wrong on the "primary" IPv6 address :1000). > >>> Now I get no packets on receiving side at all for those "broken" IPv6 addresses. > >> > >> Talk to ywhomever is providing in front of you to > >> 1) either relax nd6 table limits or > >> 2) to route a /64 to your host to only have 1 entry in the neighbour table. > >> > >> That's most likely the problem given my crystal ball and experience. > > > > Thank you for insightful analysis! > > Seems like this provider has some significant IPv6 takeup, which is > > good news - sorry for hassle, but problems started after upgrade. > > > > I'll talk to my upstream then, thanks! > > Please let us know of the results, especially if my crystal ball was wrong. > I have seen this behavior before when one of the addresses on an interface is in a DMZ while the others are not. But this was with IPv4. I would assume IPv6 would have acted the same way but left it untested as it was not critical. Take this as informational only and double check your switches, firewalls, etc... -- ;s =; [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJO/dGtAAoJEJBXh4mJ2FR+QVgH/Rk8Ns+BRylps4qCSCNTbWg8 iIdYhCFP2rQmdZUdRlbrIAVFaKGQawYiBGh/cYmaA9zZ9t5kF0oIGBLcW2Xtz/eA 30M0vyUN/m6UDLK1ERttZ/mNdQUTsZpPtaSYoKNjW8D+KttNL1cNE9LRwfSs4aPU UIiA3NTqrfoue1QWsqz23UkOI9EY1fU54xKlEKGRGXzlErQoAumxKB8OCGnazgON yBJWVS1zgSvb5Lz9AOhZqTjBaFntqWyUK4D+T21+B71F/TjGDtJxpsV9LFvjP2R3 GgUaLp/OFAZefcOFCTEVuVp12eoPeTKQO961ysiSc+76aZBOvmvwlYULTZmNV+4= =VknF -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111230145854.GA22414>