[6bone] ipv6 setup question

Thu, 12 Sep 2002 09:03:32 +0200

Hoi,

Smoe year or so ago I had the same problem, but with Riverstone as a
bridge. Check to see if it handles multicast properly. I see your paste
with the linux/usagi boxes doing a neighbor sollicitation. This is like
ARP but then for IPv6. There is no answer.

I'm interrested to see if your NS reaches xl1 and xl0 on the OpenBSD
box. Please tcpdump them when you are trying an NS from the backend
(xl1) LAN.

My bet is, the OpenBSD kernel never gets the neighbor sollicitation and
therefor cannot answer with a neighbor advertisement, so the client
boxes never know which linklocal address (and MAC adres) to send the
ICMPv6 echo packet to.

The other way around, is trivial. The OpenBSD box does send out a NS
packet and the box on the xl1 side answers with a NA, which your OpenBSD 
box does get.

Once this has happened, the client on xl0 side (linux/usagi) can put
the linklocal of the OpenBSD in the neighbor cache and therefor does not
have to resend a NS packet when it wants to ping the openbsd server.

I hope this is somewhat clear :) Check if the bridge forwards NS
properly and while you're at it, check to see if it bridges router
advertisement/sollicitation (RA/RS).

good luck!
Pim

On Wed, Sep 11, 2002 at 05:50:58PM +0200, Flavio Curti wrote:
| hi
| 
| hope nobody minds me asking this in the 6bone list, but i'm running out
| of lists where i can ask (tried debian-ipv6, snap-users, openbsd-ipv6,
| openbsd-misc, usagi). hope somebody has an idea!
| 
| i want to setup the following:
| 
| 3ffe:2029:8400:0:1::1 - openbsd 3.1-stable router (i386)
|                           xl0 3ffe:2029:8400:0:1::1
|                           xl1 no addresses
|                           bridge0 - xl0 and xl1
| the linux, linuxusagi and the netbsd machines are connected to a hub,
| which is connected to xl1.
| 
| \--- 3ffe:2029:8400:0:1::2 - linux usagi 2.2.19 box (i386)
| \--- 3ffe:2029:8400:0:1::3 - normal linux 2.2.19 box (i386)
| \--- 3ffe:2029:8400:0:1::4 - netbsd 1.5 (alpha)
| 
| when i try to ping6 the gateway from the linux boxes it fails. (host
| unreachable):
| --(linux2219usagi: $:~)-- ping6 3ffe:2029:8400:0:1::1
| PING 3ffe:2029:8400:0:1::1(3ffe:2029:8400:0:1::1) from \
|   3ffe:2029:8400:0:1::2 : 56 data bytes
| >From 3ffe:2029:8400:0:1::2 icmp_seq=3 Destination unreachable: Address \
|   unreachable
| 
| --(linux2219usagi: $:~)-- ip -6 neigh
| --(linux2219usagi: $:~)-- 
| 
| (the same from the linux2219 box.)
| and the same from the netbsd box.
| however as soon as i ping the linux box from the openbsd box:
| 
| --(openbsd: $:~)-- ping6 3ffe:2029:8400:0:1::2
| PING6(56=40+8+8 bytes) 3ffe:2029:8400:0:1::1 --> 3ffe:2029:8400:0:1::2
| 16 bytes from 3ffe:2029:8400:0:1::2, icmp_seq=5 hlim=64 time=27.794 ms
| 16 bytes from 3ffe:2029:8400:0:1::2, icmp_seq=8 hlim=64 time=7.178 ms
| --- 3ffe:2029:8400:0:1::2 ping6 statistics ---
| 9 packets transmitted, 6 packets received, 33% packet loss
| round-trip min/avg/max/std-dev = 2.870/517.059/2028.869/771.456 ms
| 
| it makes the entries just fine and i can ping the other way around fine:
| --(linux2219usagi: $:~)-- ip -6 neigh
| 3ffe:2029:8400:0:1::1 dev eth0 lladdr 00:50:da:84:bf:49 router nud stale
| fe80::250:daff:fe84:bf49 dev eth0 lladdr 00:50:da:84:bf:49 nud stale
| 
| i did a tcpdump on the openbsd box, showing the linux2219usagi box
| trying to ping the openbsd box:
| --($:~)-- tcpdump -i xl0 -n proto ipv6-icmp
| tcpdump: listening on xl0
| 17:36:55.462827 3ffe:2029:8400:0:1::2 > ff02::1:ff00:1: icmp6: neighbor
| sol: who has 3ffe:2029:8400:0:1::1
| 17:36:56.462734 3ffe:2029:8400:0:1::2 > ff02::1:ff00:1: icmp6: neighbor
| sol: who has 3ffe:2029:8400:0:1::1
| 
| so i now have exactly the same problem with the netbsd box as well. ping
| between the boxes netbsd, linux2219, linux2219usagi works. ping to
| the openbsd bridge from one of the boxes does not work. when i ping from
| the openbsd box to one of the boxes it works. after that, the back-ping
| does work too!!
| 
| so it definitly seems to be some openbsd problem. (is it the bridge that
| makes problems? i will try this on wendesday when i got console access
| to that firewall box) 
| 
| i hope you have an idea, thank you and greetz
| 
| Flavio
| -- 
| http://no-way.org/~fcu/
| 
| _______________________________________________
| 6bone mailing list
| 6bone@mailman.isi.edu
| http://mailman.isi.edu/mailman/listinfo/6bone

-- 
---------- - -    - - -+- - -    - - ----------
Pim van Pelt                 Email: pim@ipng.nl
http://www.ipng.nl/             IPv6 Deployment
-----------------------------------------------