IPv6 Neighbor Discovery Issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

IPv6 Neighbor Discovery Issue

Alexander Mischke-2
Hello,


I am currently facing the following problem:

I have a server with two interfaces:

- em1 (Outbound / facing the Internet)
- em0 (Internal use / LAN)
  (additionally: vlan1000 - parentdev is em0)

The server runs OpenBSD 6.6-stable with the latest
syspatches installed and rebooted to the patched kernel.


I assigned one address of the /56 my provider gave me
to em1. Let's say it looks like this (obfuscated):


Prefix = 2a02:aaaa:bbbb:cc00::/56
Gateway (provider) = 2a02:aaaa:bbbb:cc00::1


I assigned to em1:

2a02:aaaa:bbbb:cc00::2/56


### /etc/hostname.em1 ###

inet6 2a02:aaaa:bbbb:cc00::2 56
!route add -inet6 default 2a02:aaaa:bbbb:cc00::1
-soii

-----------------------


This far, everything works (inbound and outbound IPv6 connectivity).



In the next step I took a /64 from that range and assigned an address to
the vlan1000 interface:


2a02:aaaa:bbbb:ccff:dead::1


### /etc/hostname.em0 ###

up

-----------------------

### /etc/hostname.vlan1000 ###

inet 10.20.30.40 255.255.255.0 vnetid 1000 parent em0
inet6 2a02:aaaa:bbbb:ccff:dead::1 64

-----------------------


This worked "somehow" (e.g. for a short period of time)
"Worked" means: This address was reachable from the outside world
and vice versa.

After it stopped working I did a reboot and then it worked again
(for a limited amount of time)


All i can see (from tcpdump) is that the provider gateway sends NDP
solicitations, asking for 2a02:aaaa:bbbb:ccff:dead::1
But no replies are appearing.

The same behaviour occurs independently from either

- pf disabled
or
- allowing anything IPv6 related (icmp-v6 etc.)


I already enabled net.inet6.icmp6.nd6_debug but nothing shows up in
dmesg.



Has anyone encountered this as well and/or has hints on
how to solve this?


Thank you very much for your time.


Best regards,

Alex

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Neighbor Discovery Issue

Fernando Gont-2
Alexander,

It would be easier for us if you could provide a network diagram with
more syntetic information and/or the corresponding ifconfig -a and route
show.

That said, you configuration is clearly incorrect. From starters, your
em1 interface configuration covers the same prefix that you've assigned
to em0.

Normally, you configure /64s on IPv6 interfaces -- not /56s.

So you'd configure, say, 2a02:aaaa:bbbb:cc00::2/64 on em1, and any
subnet *other than 2a02:aaaa:bbbb:cc00::/64* on em0 et al.

 From the pov of your provider, its expected to assume that
2a02:aaaa:bbbb:cc00::/64 is employed to connect to you, and then have
another 2a02:aaaa:bbbb:cc00::/56 route directed to you (so that your
system can route subnets other than 2a02:aaaa:bbbb:cc00::/64).

Please let me know if the above solves your problem. If not, please send
more specific information, as suggested above.

Thanks,
Fernando




On 26/3/20 15:44, Alexander Mischke wrote:

> Hello,
>
>
> I am currently facing the following problem:
>
> I have a server with two interfaces:
>
> - em1 (Outbound / facing the Internet)
> - em0 (Internal use / LAN)
>    (additionally: vlan1000 - parentdev is em0)
>
> The server runs OpenBSD 6.6-stable with the latest
> syspatches installed and rebooted to the patched kernel.
>
>
> I assigned one address of the /56 my provider gave me
> to em1. Let's say it looks like this (obfuscated):
>
>
> Prefix = 2a02:aaaa:bbbb:cc00::/56
> Gateway (provider) = 2a02:aaaa:bbbb:cc00::1
>
>
> I assigned to em1:
>
> 2a02:aaaa:bbbb:cc00::2/56
>
>
> ### /etc/hostname.em1 ###
>
> inet6 2a02:aaaa:bbbb:cc00::2 56
> !route add -inet6 default 2a02:aaaa:bbbb:cc00::1
> -soii
>
> -----------------------
>
>
> This far, everything works (inbound and outbound IPv6 connectivity).
>
>
>
> In the next step I took a /64 from that range and assigned an address to
> the vlan1000 interface:
>
>
> 2a02:aaaa:bbbb:ccff:dead::1
>
>
> ### /etc/hostname.em0 ###
>
> up
>
> -----------------------
>
> ### /etc/hostname.vlan1000 ###
>
> inet 10.20.30.40 255.255.255.0 vnetid 1000 parent em0
> inet6 2a02:aaaa:bbbb:ccff:dead::1 64
>
> -----------------------
>
>
> This worked "somehow" (e.g. for a short period of time)
> "Worked" means: This address was reachable from the outside world
> and vice versa.
>
> After it stopped working I did a reboot and then it worked again
> (for a limited amount of time)
>
>
> All i can see (from tcpdump) is that the provider gateway sends NDP
> solicitations, asking for 2a02:aaaa:bbbb:ccff:dead::1
> But no replies are appearing.
>
> The same behaviour occurs independently from either
>
> - pf disabled
> or
> - allowing anything IPv6 related (icmp-v6 etc.)
>
>
> I already enabled net.inet6.icmp6.nd6_debug but nothing shows up in
> dmesg.
>
>
>
> Has anyone encountered this as well and/or has hints on
> how to solve this?
>
>
> Thank you very much for your time.
>
>
> Best regards,
>
> Alex
>
>


--
Fernando Gont
e-mail: [hidden email] || [hidden email]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1



Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Neighbor Discovery Issue

Alexander Mischke-2
In reply to this post by Alexander Mischke-2
Dear Fernando,


I tried it the way you recommended, but it still doesn't work.
I have created a network diagram and the ouzput of "route -n show -inet6"

(Two separate files).

They can be found here (my private Nextcloud):



https://cloud.mischke.it/nextcloud/index.php/s/ZnHrHMMgrofZdiF

Best regards,

Alex