ospf6 link-local addresses

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ospf6 link-local addresses

Kapetanakis Giannis
Hi,

I have working setup of both ospf/ospf6. Nothing fancy.

Cisco <---> [OBSD firewalls] <---> Cisco

The inet6 interfaces on OBSD are setup with -autoconf

All routers prefers to set next-hop routes via the link-local addresses,
which apart from making my life harder (cannot easily tell who is who)
it creates a minor problem with mtr/traceroute -6 -I replies.

The active OBSD firewall prefers to reply through it's link-local
address and not it's global address.

13:20:30.403197 2001:648:xxxx:x::2 > 2001:648:yyyy:y::2: icmp6: echo
request [hlim 1]
13:20:30.403224 fe80::92e2:baff:feb8:715d > 2001:648:xxxx:x::2: icmp6:
time exceeded in-transit for 2001:648:yyyy:y::2

This is probably because of the link-local routes:
default    fe80::2a94:fff:fe4a:5a00%vlan123 UG 0 105920403 -    32 vlan123
fe80::%vlan123/64 fe80::92e2:baff:feb8:715d%vlan123 UCn        1        
0     - 4 vlan123
fe80::2a94:fff:fe4a:5a00%vlan123   28:94:0f:4a:5a:00 UHLch     13    
8594     -     4 vlan123
fe80::92e2:baff:feb8:715d%vlan123  90:e2:ba:b8:71:5d UHLl       0    
2156     -     1 vlan123

vlan123: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         lladdr 90:e2:ba:b8:71:5d
         description: External-10G-ipv6
         index 11 priority 0 llprio 3
         vlan: 123 parent interface: ix1
         vnetid: 123
         parent: ix1
         groups: vlan egress
         status: active
         inet6 fe80::92e2:baff:feb8:715d%vlan123 prefixlen 64 scopeid 0xb
         inet6 2001:648:yyyy:a::2 prefixlen 126

This might be normal but is there any way to change this behavior?

Thanks

G

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ospf6 link-local addresses

Claudio Jeker
On Sat, Mar 18, 2017 at 01:47:27PM +0200, Kapetanakis Giannis wrote:

> Hi,
>
> I have working setup of both ospf/ospf6. Nothing fancy.
>
> Cisco <---> [OBSD firewalls] <---> Cisco
>
> The inet6 interfaces on OBSD are setup with -autoconf
>
> All routers prefers to set next-hop routes via the link-local addresses,
> which apart from making my life harder (cannot easily tell who is who)
> it creates a minor problem with mtr/traceroute -6 -I replies.
>
> The active OBSD firewall prefers to reply through it's link-local address
> and not it's global address.
>
> 13:20:30.403197 2001:648:xxxx:x::2 > 2001:648:yyyy:y::2: icmp6: echo request
> [hlim 1]
> 13:20:30.403224 fe80::92e2:baff:feb8:715d > 2001:648:xxxx:x::2: icmp6: time
> exceeded in-transit for 2001:648:yyyy:y::2
>
> This is probably because of the link-local routes:
> default    fe80::2a94:fff:fe4a:5a00%vlan123 UG 0 105920403 -    32 vlan123
> fe80::%vlan123/64 fe80::92e2:baff:feb8:715d%vlan123 UCn        1        0
> - 4 vlan123
> fe80::2a94:fff:fe4a:5a00%vlan123   28:94:0f:4a:5a:00 UHLch     13     8594
> -     4 vlan123
> fe80::92e2:baff:feb8:715d%vlan123  90:e2:ba:b8:71:5d UHLl       0     2156
> -     1 vlan123
>
> vlan123: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 90:e2:ba:b8:71:5d
>         description: External-10G-ipv6
>         index 11 priority 0 llprio 3
>         vlan: 123 parent interface: ix1
>         vnetid: 123
>         parent: ix1
>         groups: vlan egress
>         status: active
>         inet6 fe80::92e2:baff:feb8:715d%vlan123 prefixlen 64 scopeid 0xb
>         inet6 2001:648:yyyy:a::2 prefixlen 126
>
> This might be normal but is there any way to change this behavior?

Could you try a prefixlen 64 route for 2001:648:yyyy:a::2? The non
standard prefixlens can cause problems. I'm not sure if that may help but
the IPv6 source address selection is way to complex and error prone. So
lets see if that helps...

--
:wq Claudio

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ospf6 link-local addresses

Kapetanakis Giannis
On 20/03/17 23:54, Claudio Jeker wrote:

> On Sat, Mar 18, 2017 at 01:47:27PM +0200, Kapetanakis Giannis wrote:
>> Hi,
>>
>> I have working setup of both ospf/ospf6. Nothing fancy.
>>
>> Cisco <---> [OBSD firewalls] <---> Cisco
>>
>> The inet6 interfaces on OBSD are setup with -autoconf
>>
>> All routers prefers to set next-hop routes via the link-local addresses,
>> which apart from making my life harder (cannot easily tell who is who)
>> it creates a minor problem with mtr/traceroute -6 -I replies.
>>
>> The active OBSD firewall prefers to reply through it's link-local address
>> and not it's global address.
>>
>> 13:20:30.403197 2001:648:xxxx:x::2 > 2001:648:yyyy:y::2: icmp6: echo request
>> [hlim 1]
>> 13:20:30.403224 fe80::92e2:baff:feb8:715d > 2001:648:xxxx:x::2: icmp6: time
>> exceeded in-transit for 2001:648:yyyy:y::2
>>
>> This is probably because of the link-local routes:
>> default    fe80::2a94:fff:fe4a:5a00%vlan123 UG 0 105920403 -    32 vlan123
>> fe80::%vlan123/64 fe80::92e2:baff:feb8:715d%vlan123 UCn        1        0
>> - 4 vlan123
>> fe80::2a94:fff:fe4a:5a00%vlan123   28:94:0f:4a:5a:00 UHLch     13     8594
>> -     4 vlan123
>> fe80::92e2:baff:feb8:715d%vlan123  90:e2:ba:b8:71:5d UHLl       0     2156
>> -     1 vlan123
>>
>> vlan123: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>         lladdr 90:e2:ba:b8:71:5d
>>         description: External-10G-ipv6
>>         index 11 priority 0 llprio 3
>>         vlan: 123 parent interface: ix1
>>         vnetid: 123
>>         parent: ix1
>>         groups: vlan egress
>>         status: active
>>         inet6 fe80::92e2:baff:feb8:715d%vlan123 prefixlen 64 scopeid 0xb
>>         inet6 2001:648:yyyy:a::2 prefixlen 126
>>
>> This might be normal but is there any way to change this behavior?
>
> Could you try a prefixlen 64 route for 2001:648:yyyy:a::2? The non
> standard prefixlens can cause problems. I'm not sure if that may help but
> the IPv6 source address selection is way to complex and error prone. So
> lets see if that helps...

I cannot do that on the external side, since that /126 has been given to me by my upstream...

However since on the inside I also use a /126, I've changed it to /64.
No change. It also replied from it's internal link-local address.

the setup was pc <-> cisco <-> obsd

G

Loading...