Static IPv6, router tries to reach system with unknown fe80 address

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Static IPv6, router tries to reach system with unknown fe80 address

Stefan Hagen-4
Hello,

I have a question regarding the IPv6 behavior of OpenBSD compared to
Linux/FreeBSD. I tried to configure a static IPv6 address on my VPS.

From my provider, I got the following data:

IP Address: 2a01:4f8:c2c:76ef::/64
Gateway: fe80::1

So I configured my interface:

$ cat /etc/hostname.vio0
inet6 2a01:4f8:c2c:76ef::1 128

$ cat /etc/mygate
fe80::1%vio0

Which results in:
vio0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 96:00:00:2a:a9:8b
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet6 fe80::72f2:b265:b89c:b4ec%vio0 prefixlen 64 scopeid 0x1
        inet6 2a01:4f8:c2c:76ef::1 prefixlen 128

$ route -n show
Internet6:
Destination Gateway      Flags Refs Use Mtu Prio Iface
default     fe80::1%vio0 UGS      0  26   -    8 vio0
[...]

$ ndp -an
Neighbor                       Linklayer Address Netif Expire    S Flags
2a01:4f8:c2c:76ef::1           96:00:00:2a:a9:8b  vio0 permanent R l
fe80::1%vio0                   d2:74:7f:6e:37:e3  vio0 8h32m58s  S R
fe80::3452:7ff:fe83:fa7b%vio0  d2:74:7f:6e:37:e3  vio0 10h9m34s  S R
fe80::72f2:b265:b89c:b4ec%vio0 96:00:00:2a:a9:8b  vio0 permanent R l

While this configuration (just setting IP and gateway) leads to a
working IPv6 connectivity on Linux and FreeBSD, it does not on OpenBSD
and it took me while to figure out why.

While pinging an IPv6 only address, tcpdump revealed the following line
repeating over and over again:

$ tcpdump -i vio0 ip6
[...]
21:50:58.688256 fe80::3896:ecff:fe78:2702 > ff02::1:ff2a:a98b: \
    icmp6: neighbor sol: who has fe80::9400:ff:fe2a:a98b
[...]

I then added the address fe80::9400:ff:fe2a:a98b as alias to my
interface.

Now IPv6 works like a charm:

$ ifconfig vio0
vio0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 96:00:00:2a:a9:8b
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet 116.203.83.222 netmask 0xffffffff
        inet6 fe80::72f2:b265:b89c:b4ec%vio0 prefixlen 64 scopeid 0x1
        inet6 2a01:4f8:c2c:76ef::1 prefixlen 128
        inet6 fe80::9400:ff:fe2a:a98b%vio0 prefixlen 64 scopeid 0x1

$ ndp -an
Neighbor                       Linklayer Address Netif Expire    S Flags
2a01:4f8:c2c:76ef::1           96:00:00:2a:a9:8b  vio0 permanent R l
fe80::1%vio0                   d2:74:7f:6e:37:e3  vio0 8h20m39s  S R
fe80::3452:7ff:fe83:fa7b%vio0  d2:74:7f:6e:37:e3  vio0 9h57m15s  S R
fe80::72f2:b265:b89c:b4ec%vio0 96:00:00:2a:a9:8b  vio0 permanent R l
fe80::9400:ff:fe2a:a98b%vio0   96:00:00:2a:a9:8b  vio0 permanent R l

My assumption is, that the gateway definition of fe80::1 instructs the
OS to "look around for a router". The router then offers(?) a new fe80
Address to communicate with my interface. But my interface doesn't know
about it and ignores the request.

My assumption is probably wrong. Can someone help me to understand this
scenario and how to make it work in OpenBSD without having to play with
tcpdump?

Wasn't the router supposed to talk to me via fe80::72f2:b265:b89c:b4ec?
Or should OpenBSD have assigned fe80::9400:ff:fe2a:a98b automatically as
alias?

Compared with FreeBSD on a VM next to the OpenBSD one:

$ ifconfig vtnet0
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=[...line too long...]
        ether 96:00:00:2a:c9:de
        inet6 2a01:4f8:c2c:70f1::1 prefixlen 64
        inet6 fe80::9400:ff:fe2a:c9de%vtnet0 prefixlen 64 scopeid 0x1
        inet 116.203.86.85 netmask 0xffffffff broadcast 116.203.86.85
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Here I see fe80::9400:ff:fe2a:c9de%vtnet0 set as local alias
automatically. I'm not sure how this address is being generated and/or
communicated between the OS and the router. But apparently there is a
mismatch between router and OpenBSD, but not on Linux and FreeBSD.

Am I missing something?

Best Regards,
Stefan


Reply | Threaded
Open this post in threaded view
|

Re: Static IPv6, router tries to reach system with unknown fe80 address

Denis Fondras
On Sat, Jul 13, 2019 at 12:15:30PM +0200, Stefan Hagen wrote:

> Hello,
>
> I have a question regarding the IPv6 behavior of OpenBSD compared to
> Linux/FreeBSD. I tried to configure a static IPv6 address on my VPS.
>
> From my provider, I got the following data:
>
> IP Address: 2a01:4f8:c2c:76ef::/64
> Gateway: fe80::1
>
> So I configured my interface:
>
> $ cat /etc/hostname.vio0
> inet6 2a01:4f8:c2c:76ef::1 128
>
> $ cat /etc/mygate
> fe80::1%vio0
>
> Which results in:
> vio0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr 96:00:00:2a:a9:8b
>        index 1 priority 0 llprio 3
>        groups: egress
>        media: Ethernet autoselect
>        status: active
>        inet6 fe80::72f2:b265:b89c:b4ec%vio0 prefixlen 64 scopeid 0x1
>        inet6 2a01:4f8:c2c:76ef::1 prefixlen 128
>
> $ route -n show
> Internet6:
> Destination Gateway      Flags Refs Use Mtu Prio Iface
> default     fe80::1%vio0 UGS      0  26   -    8 vio0
> [...]
>
> $ ndp -an
> Neighbor                       Linklayer Address Netif Expire    S Flags
> 2a01:4f8:c2c:76ef::1           96:00:00:2a:a9:8b  vio0 permanent R l
> fe80::1%vio0                   d2:74:7f:6e:37:e3  vio0 8h32m58s  S R
> fe80::3452:7ff:fe83:fa7b%vio0  d2:74:7f:6e:37:e3  vio0 10h9m34s  S R
> fe80::72f2:b265:b89c:b4ec%vio0 96:00:00:2a:a9:8b  vio0 permanent R l
>
> While this configuration (just setting IP and gateway) leads to a
> working IPv6 connectivity on Linux and FreeBSD, it does not on OpenBSD
> and it took me while to figure out why.
>
> While pinging an IPv6 only address, tcpdump revealed the following line
> repeating over and over again:
>
> $ tcpdump -i vio0 ip6
> [...]
> 21:50:58.688256 fe80::3896:ecff:fe78:2702 > ff02::1:ff2a:a98b: \
>    icmp6: neighbor sol: who has fe80::9400:ff:fe2a:a98b
> [...]
>
> I then added the address fe80::9400:ff:fe2a:a98b as alias to my
> interface.
>
> Now IPv6 works like a charm:
>
> $ ifconfig vio0
> vio0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr 96:00:00:2a:a9:8b
>        index 1 priority 0 llprio 3
>        groups: egress
>        media: Ethernet autoselect
>        status: active
>        inet 116.203.83.222 netmask 0xffffffff
>        inet6 fe80::72f2:b265:b89c:b4ec%vio0 prefixlen 64 scopeid 0x1
>        inet6 2a01:4f8:c2c:76ef::1 prefixlen 128
>        inet6 fe80::9400:ff:fe2a:a98b%vio0 prefixlen 64 scopeid 0x1
>
> $ ndp -an
> Neighbor                       Linklayer Address Netif Expire    S Flags
> 2a01:4f8:c2c:76ef::1           96:00:00:2a:a9:8b  vio0 permanent R l
> fe80::1%vio0                   d2:74:7f:6e:37:e3  vio0 8h20m39s  S R
> fe80::3452:7ff:fe83:fa7b%vio0  d2:74:7f:6e:37:e3  vio0 9h57m15s  S R
> fe80::72f2:b265:b89c:b4ec%vio0 96:00:00:2a:a9:8b  vio0 permanent R l
> fe80::9400:ff:fe2a:a98b%vio0   96:00:00:2a:a9:8b  vio0 permanent R l
>
> My assumption is, that the gateway definition of fe80::1 instructs the OS to
> "look around for a router". The router then offers(?) a new fe80 Address to
> communicate with my interface. But my interface doesn't know
> about it and ignores the request.
>
> My assumption is probably wrong. Can someone help me to understand this
> scenario and how to make it work in OpenBSD without having to play with
> tcpdump?
>
> Wasn't the router supposed to talk to me via fe80::72f2:b265:b89c:b4ec?
> Or should OpenBSD have assigned fe80::9400:ff:fe2a:a98b automatically as
> alias?
>
> Compared with FreeBSD on a VM next to the OpenBSD one:
>
> $ ifconfig vtnet0
> vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>        options=[...line too long...]
>        ether 96:00:00:2a:c9:de
>        inet6 2a01:4f8:c2c:70f1::1 prefixlen 64
>        inet6 fe80::9400:ff:fe2a:c9de%vtnet0 prefixlen 64 scopeid 0x1
>        inet 116.203.86.85 netmask 0xffffffff broadcast 116.203.86.85
>        media: Ethernet 10Gbase-T <full-duplex>
>        status: active
>        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>
> Here I see fe80::9400:ff:fe2a:c9de%vtnet0 set as local alias
> automatically. I'm not sure how this address is being generated and/or
> communicated between the OS and the router. But apparently there is a
> mismatch between router and OpenBSD, but not on Linux and FreeBSD.
>
> Am I missing something?
>

OpenBSD has RFC7217 enabled by default. This means your LL address does not
embed your MAC address. Use "ifconfig vio0 -soii" to disable that behavior (see
ifconfig(8) for details).

Reply | Threaded
Open this post in threaded view
|

Re: Static IPv6, router tries to reach system with unknown fe80 address

Stefan Hagen-4
Denis Fondras wrote:
> On Sat, Jul 13, 2019 at 12:15:30PM +0200, Stefan Hagen wrote:
>> Am I missing something?
>
> OpenBSD has RFC7217 enabled by default. This means your LL address does not
> embed your MAC address. Use "ifconfig vio0 -soii" to disable that behavior (see
> ifconfig(8) for details).

Thank you very much! This didn't catch my eye when reading ifconfig(8).

Best Regards,
Stefan