Discussion:
IPv6 aliases on FreeBSD 10
pepe
2014-10-22 08:22:13 UTC
Permalink
Hello

I have little problem with IPv6 aliases. Not working at all. Default IPv6
address works fine. When I try to connect (or ping or traceroute or
anything) withn alias address it just timeouts. Ifconfig output for IPv6 is:

inet6 2001:14b8:1801:c001::1 prefixlen 48
inet6 2001:14b8:1801:c001::42 prefixlen 64
inet6 2001:14b8:1801:c001::2 prefixlen 64

So, ::1 works, ::2 or ::42 does not. And they're now prefix /64, but I
tried with prefix /48 for aliases too, it doesn't change anything.

When I try to traceroute alias ips from outside it stops here:


11 lah1-er23.ip6.dnaip.fi (2001:14b8::1177) 2054.594 ms !H * *


When I try to traceroute with alias ip as source only output in tcpdump is
this:

11:11:39.215209 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 16)
bronx.iim.wtf > irc.nebula.fi: [icmp6 sum ok] ICMP6, echo request, seq 1

bronx.iim.wtf if my ::2 and irc.nebula.fi is of course where I tried to
traceroute.

So. Anyone have any ideas what might be wrong here?
--
Perttu Laine, ***@kahvipannu.com
http://kpn.kahvipannu.fi
krad
2014-10-22 13:05:05 UTC
Permalink
it works for me fine, although im only using /64 prefixes, im not sure you
should be mixing the prefixes though. Are you running rtadvd on the lan as
I am?
Post by pepe
Hello
I have little problem with IPv6 aliases. Not working at all. Default IPv6
address works fine. When I try to connect (or ping or traceroute or
inet6 2001:14b8:1801:c001::1 prefixlen 48
inet6 2001:14b8:1801:c001::42 prefixlen 64
inet6 2001:14b8:1801:c001::2 prefixlen 64
So, ::1 works, ::2 or ::42 does not. And they're now prefix /64, but I
tried with prefix /48 for aliases too, it doesn't change anything.
11 lah1-er23.ip6.dnaip.fi (2001:14b8::1177) 2054.594 ms !H * *
When I try to traceroute with alias ip as source only output in tcpdump is
11:11:39.215209 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 16)
bronx.iim.wtf > irc.nebula.fi: [icmp6 sum ok] ICMP6, echo request, seq 1
bronx.iim.wtf if my ::2 and irc.nebula.fi is of course where I tried to
traceroute.
So. Anyone have any ideas what might be wrong here?
--
http://kpn.kahvipannu.fi
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
Robert Schulze
2014-10-22 13:12:31 UTC
Permalink
Hi,
Post by pepe
Hello
I have little problem with IPv6 aliases. Not working at all. Default IPv6
address works fine. When I try to connect (or ping or traceroute or
inet6 2001:14b8:1801:c001::1 prefixlen 48
inet6 2001:14b8:1801:c001::42 prefixlen 64
inet6 2001:14b8:1801:c001::2 prefixlen 64
try using a prefixlen of 128 on the alias addresses.

with kind regards,
Robert Schulze
krad
2014-10-22 13:16:32 UTC
Permalink
yep with ipv4 its always a /32 so makes sense however it still worked for
me with /64 all round
Post by Robert Schulze
Hi,
Post by pepe
Hello
I have little problem with IPv6 aliases. Not working at all. Default IPv6
address works fine. When I try to connect (or ping or traceroute or
inet6 2001:14b8:1801:c001::1 prefixlen 48
inet6 2001:14b8:1801:c001::42 prefixlen 64
inet6 2001:14b8:1801:c001::2 prefixlen 64
try using a prefixlen of 128 on the alias addresses.
with kind regards,
Robert Schulze
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
pepe
2014-10-23 05:19:07 UTC
Permalink
prefix 128 didn't work either. only first real address is working. none of
the aliases work with 48, 64 or 128...
our network is 2001:14b8:1801::/48 so that prefixlen 48 is right for ::1
address isn't it? and well, it works so
I think it is right...

And now it got even funnier. I added many aliases like this (copypaste from
ifconfig output so ipv4 addresses are there too):

inet6 2001:14b8:1801:c001::2 prefixlen 48
inet6 2001:14b8:1801:c001::3 prefixlen 48
inet6 2001:14b8:1801:c001::42 prefixlen 48
inet 62.165.159.203 netmask 0xffffffff broadcast 62.165.159.203
inet6 2001:14b8:1801:c001::4 prefixlen 48
inet6 2001:14b8:1801:c001::5 prefixlen 48
inet6 2001:14b8:1801:c001::6 prefixlen 48
inet6 2001:14b8:1801:c001::7 prefixlen 48
inet6 2001:14b8:1801:c001::8 prefixlen 48
inet6 2001:14b8:1801:c001::9 prefixlen 48
inet6 2001:14b8:1801:c001::10 prefixlen 48
inet 62.165.159.204 netmask 0xffffffff broadcast 62.165.159.204
inet 62.165.159.205 netmask 0xffffffff broadcast 62.165.159.205
inet6 2001:14b8:1801:c001::1 prefixlen 48
inet 62.165.159.206 netmask 0xffffffff broadcast 62.165.159.206

::1 is "real" address and rest are aliases. All added with same command
like this:
ifconfig em0 inet6 2001:14b8:1801:c001::9/48 alias

But the funny part is. Couple of addresses do work and rest don't. ::1, ::2
and ::42 works. They can be used to connect irc and
they work fine as ping6 source. Rest behave like I said in first post.
prefix 128 didn't work either. only first real address is working. none of
the aliases work with 48, 64 or 128...
our network is 2001:14b8:1801::/48 so that prefixlen 48 is right for ::1
address isn't it? and well, it works so
I think it is right...
Post by Robert Schulze
Hi,
Post by pepe
Hello
I have little problem with IPv6 aliases. Not working at all. Default IPv6
address works fine. When I try to connect (or ping or traceroute or
inet6 2001:14b8:1801:c001::1 prefixlen 48
inet6 2001:14b8:1801:c001::42 prefixlen 64
inet6 2001:14b8:1801:c001::2 prefixlen 64
try using a prefixlen of 128 on the alias addresses.
with kind regards,
Robert Schulze
--
pepe
--
pepe
pepe
2014-10-23 06:06:59 UTC
Permalink
And this is getting even "funnier". I removed all aliases and added them
again with same command.
::1, ::2 and ::42 still working like earlier. But now also ::3, ::4 and
::10 works. But 5-9 does not..
Post by pepe
prefix 128 didn't work either. only first real address is working. none of
the aliases work with 48, 64 or 128...
our network is 2001:14b8:1801::/48 so that prefixlen 48 is right for ::1
address isn't it? and well, it works so
I think it is right...
And now it got even funnier. I added many aliases like this (copypaste
inet6 2001:14b8:1801:c001::2 prefixlen 48
inet6 2001:14b8:1801:c001::3 prefixlen 48
inet6 2001:14b8:1801:c001::42 prefixlen 48
inet 62.165.159.203 netmask 0xffffffff broadcast 62.165.159.203
inet6 2001:14b8:1801:c001::4 prefixlen 48
inet6 2001:14b8:1801:c001::5 prefixlen 48
inet6 2001:14b8:1801:c001::6 prefixlen 48
inet6 2001:14b8:1801:c001::7 prefixlen 48
inet6 2001:14b8:1801:c001::8 prefixlen 48
inet6 2001:14b8:1801:c001::9 prefixlen 48
inet6 2001:14b8:1801:c001::10 prefixlen 48
inet 62.165.159.204 netmask 0xffffffff broadcast 62.165.159.204
inet 62.165.159.205 netmask 0xffffffff broadcast 62.165.159.205
inet6 2001:14b8:1801:c001::1 prefixlen 48
inet 62.165.159.206 netmask 0xffffffff broadcast 62.165.159.206
::1 is "real" address and rest are aliases. All added with same command
ifconfig em0 inet6 2001:14b8:1801:c001::9/48 alias
But the funny part is. Couple of addresses do work and rest don't. ::1,
::2 and ::42 works. They can be used to connect irc and
they work fine as ping6 source. Rest behave like I said in first post.
Post by pepe
prefix 128 didn't work either. only first real address is working. none
of the aliases work with 48, 64 or 128...
our network is 2001:14b8:1801::/48 so that prefixlen 48 is right for ::1
address isn't it? and well, it works so
I think it is right...
Post by Robert Schulze
Hi,
Post by pepe
Hello
I have little problem with IPv6 aliases. Not working at all. Default IPv6
address works fine. When I try to connect (or ping or traceroute or
inet6 2001:14b8:1801:c001::1 prefixlen 48
inet6 2001:14b8:1801:c001::42 prefixlen 64
inet6 2001:14b8:1801:c001::2 prefixlen 64
try using a prefixlen of 128 on the alias addresses.
with kind regards,
Robert Schulze
--
pepe
--
pepe
--
pepe
Jon Radel
2014-10-23 13:49:06 UTC
Permalink
Post by pepe
prefix 128 didn't work either. only first real address is working. none of
the aliases work with 48, 64 or 128...
our network is 2001:14b8:1801::/48 so that prefixlen 48 is right for ::1
address isn't it? and well, it works so
I think it is right...
It would be rather unusual to have a /48 there. There are many things
in IPv6 that assume you're using a /64 network on each LAN segment /
collision domain / however-you-want-to-think-of-it. So while, in some
senses, using a /48 there isn't *wrong*, after all, one might need to
have 1.208 x 10^24 addresses on a single LAN segment [but so much else
would break], in your case it's probably wrong.

Things will probably go more smoothly in general if you use
IPv6-think: You were assigned 2^16 (65,536) networks (each a /64).
You were *not* assigned 2^80 addresses. (Obviously you were actually
assigned 2^80 addresses, but that's really not a useful way to think of
IPv6 addresses when planning your network.)

Assign a /64 to the network this machine is connected to. Obviously
other equipment has to play along and have a matching prefix length.

You might also want to show us what is in your rc.conf, not just what
ifconfig reports. Here's an example from an 8.3 server:

ipv6_ifconfig_fxp0="2001:470:880a:5237::10:1 prefixlen 64"
ipv6_ifconfig_fxp0_alias0="2001:470:880a:5237::12:1 prefixlen 128"
ipv6_ifconfig_fxp0_alias1="2001:4830:1707:5237::10:1 prefixlen 64"
ipv6_ifconfig_fxp0_alias2="2001:4830:1707:5237::12:1 prefixlen 128"
ipv6_defaultrouter="2001:470:880a:5237::1"

That works fine.

--Jon Radel
***@radel.com
pepe
2014-10-25 08:00:36 UTC
Permalink
I know it's usually done with /64, but my ISP just said: your block is
2001:14b8:1801::/48 and
defaultrouter should be ::1. So I can't really change that.

My rc.conf was like that when I copied it from fbsd 8 server, but new
server is fbsd 10 so ipv6 section is like this:

ifconfig_em0_alias59="inet 62.165.159.154 netmask 255.255.255.255"
ipv6_activate_all_interfaces="YES"
ipv6_defaultrouter="2001:14b8:1801::1"
ifconfig_em0_ipv6="inet6 2001:14b8:1801:c001::1 prefixlen 48"
ifconfig_em0_alias60="inet6 2001:14b8:1801:c001::2 prefixlen 48"
ifconfig_em0_alias61="inet6 2001:14b8:1801:c001::3 prefixlen 48"
ifconfig_em0_alias62="inet6 2001:14b8:1801:c001::4 prefixlen 48"
ifconfig_em0_alias63="inet6 2001:14b8:1801:c001::5 prefixlen 48"
ifconfig_em0_alias64="inet6 2001:14b8:1801:c001::6 prefixlen 48"
ifconfig_em0_alias65="inet6 2001:14b8:1801:c001::7 prefixlen 48"
ifconfig_em0_alias66="inet6 2001:14b8:1801:c001::8 prefixlen 48"
ifconfig_em0_alias67="inet6 2001:14b8:1801:c001::9 prefixlen 48"
ifconfig_em0_alias68="inet6 2001:14b8:1801:c001::10 prefixlen 48"
ifconfig_em0_alias69="inet6 2001:14b8:1801:c001::42 prefixlen 48"
Post by pepe
prefix 128 didn't work either. only first real address is working. none of
the aliases work with 48, 64 or 128...
our network is 2001:14b8:1801::/48 so that prefixlen 48 is right for ::1
address isn't it? and well, it works so
I think it is right...
It would be rather unusual to have a /48 there. There are many things in
IPv6 that assume you're using a /64 network on each LAN segment / collision
domain / however-you-want-to-think-of-it. So while, in some senses,
using a /48 there isn't *wrong*, after all, one might need to have 1.208 x
10^24 addresses on a single LAN segment [but so much else would break], in
your case it's probably wrong.
You were assigned 2^16 (65,536) networks (each a /64). You were *not*
assigned 2^80 addresses. (Obviously you were actually assigned 2^80
addresses, but that's really not a useful way to think of IPv6 addresses
when planning your network.)
Assign a /64 to the network this machine is connected to. Obviously other
equipment has to play along and have a matching prefix length.
You might also want to show us what is in your rc.conf, not just what
ipv6_ifconfig_fxp0="2001:470:880a:5237::10:1 prefixlen 64"
ipv6_ifconfig_fxp0_alias0="2001:470:880a:5237::12:1 prefixlen 128"
ipv6_ifconfig_fxp0_alias1="2001:4830:1707:5237::10:1 prefixlen 64"
ipv6_ifconfig_fxp0_alias2="2001:4830:1707:5237::12:1 prefixlen 128"
ipv6_defaultrouter="2001:470:880a:5237::1"
That works fine.
--Jon Radel
--
pepe
Darren Pilgrim
2014-10-25 16:07:45 UTC
Permalink
Post by pepe
I know it's usually done with /64, but my ISP just said: your block is
2001:14b8:1801::/48 and
defaultrouter should be ::1. So I can't really change that.
They meant your allocation is 2001:14b8:1801::/48. You can subnet that
however you like. Subnetting at /64 is BCP for a lot of reasons.
Randal L. Schwartz
2014-10-25 16:25:35 UTC
Permalink
Post by pepe
I know it's usually done with /64, but my ISP just said: your block is
2001:14b8:1801::/48 and
defaultrouter should be ::1. So I can't really change that.
Darren> They meant your allocation is 2001:14b8:1801::/48. You can subnet that
Darren> however you like. Subnetting at /64 is BCP for a lot of
Darren> reasons.

Here's what works for my ISP (I'm still on 8.4):

ipv6_enable=YES
ipv6_defaultrouter="fe80::1%em0"
ipv6_ifconfig_em0="fe80::2/64"
ipv6_ifconfig_em0_alias0="2607:f2f8:3080::/64"
ipv6_gateway_enable=YES

I own the /48, but they want their leg to me to be the first /64 of
that. Unlike most ISPs, they're using link-local addresses for that leg
for routing... and they send anything for my /48 to fe80::2 on that leg.

And yes, I'm using the ::0 address as my primary machine address. It
works. :)

$ host red.stonehenge.com
red.stonehenge.com has address 208.79.95.2
red.stonehenge.com has IPv6 address 2607:f2f8:3080::

:-)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<***@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix consulting, Technical writing, Comedy, etc. etc.
Still trying to think of something clever for the fourth line of this .sig
Darren Pilgrim
2014-10-25 17:04:33 UTC
Permalink
Post by Randal L. Schwartz
ipv6_enable=YES
ipv6_defaultrouter="fe80::1%em0"
ipv6_ifconfig_em0="fe80::2/64"
ipv6_ifconfig_em0_alias0="2607:f2f8:3080::/64"
ipv6_gateway_enable=YES
I own the /48, but they want their leg to me to be the first /64 of
that. Unlike most ISPs, they're using link-local addresses for that leg
for routing... and they send anything for my /48 to fe80::2 on that leg.
+1 For correct use of link-local addressing. Seems odd they'd also want
a routable /64 on it, though.
Post by Randal L. Schwartz
And yes, I'm using the ::0 address as my primary machine address. It
works. :)
$ host red.stonehenge.com
red.stonehenge.com has address 208.79.95.2
Those are fun. One of my favourites:

# dig -t AAAA sprint.net +short
2600::
Jon Radel
2014-10-25 18:28:08 UTC
Permalink
Post by pepe
I know it's usually done with /64, but my ISP just said: your block is
2001:14b8:1801::/48 and
defaultrouter should be ::1. So I can't really change that.
Either you have misunderstood what they meant by that, or your ISP is
run by loons. You might wish to determine which and proceed
accordingly, particularly if you are lucky enough to have a choice of ISPs.

--Jon Radel
***@radel.com
pepe
2014-11-23 10:14:16 UTC
Permalink
Hello!

I was on vacation for a while and too busy to do anything about this. But
now we've done testing and we're getting nowhere...

Current config is:
inet6 2001:14b8:1801::2 prefixlen 64
inet6 2001:14b8:1801::c001 prefixlen 64
inet6 2001:14b8:1801::3 prefixlen 64
inet6 2001:14b8:1801::c002 prefixlen 64
inet6 2001:14b8:1801:1:: prefixlen 64
inet6 2001:14b8:1801:1::1 prefixlen 64

And from those addresses only first two are working. I also tried adding
aliases with /128 instead of /64, but it changed nothing.
With /128 it worked just the same way. I've used fe80::1%em0 and
2001:14b8:1801::1 as default gw. Both of those work, but
same thing with either gw, only those two addresses work.

Current rc.conf is:
ipv6_activate_all_interfaces="YES"
#ipv6_defaultrouter="2001:14b8:1801::1"
ipv6_defaultrouter="fe80::1%em0"
ifconfig_em0_ipv6="inet6 2001:14b8:1801::c001 prefixlen 64"
ifconfig_em0_alias59="inet6 2001:14b8:1801::2 prefixlen 64"
ifconfig_em0_alias60="inet6 2001:14b8:1801::c002 prefixlen 64"
ifconfig_em0_alias61="inet6 2001:14b8:1801::3 prefixlen 64"
ifconfig_em0_alias62="inet6 2001:14b8:1801:1:: prefixlen 64"
ifconfig_em0_alias63="inet6 2001:14b8:1801:1::1 prefixlen 64"

alias58 is ipv4, so this starts from 59. As you can see I've tried both
gw:n on rc.conf, it changes nothing. And I've tried aliases
with /128 prefix and it changes nothing.

I'm starting to think it's problem on ISP side and not ours. But just to
sure - anyone have any ideas what more to try?
Post by pepe
I know it's usually done with /64, but my ISP just said: your block is
2001:14b8:1801::/48 and
defaultrouter should be ::1. So I can't really change that.
Either you have misunderstood what they meant by that, or your ISP is
run by loons. You might wish to determine which and proceed accordingly,
particularly if you are lucky enough to have a choice of ISPs.
--Jon Radel
--
pepe
Jon Radel
2014-11-23 21:58:28 UTC
Permalink
Post by pepe
I also tried adding
aliases with /128 instead of /64, but it changed nothing.
With /128 it worked just the same way.
As one of the people mentioning /128s, I'd like to retract that
suggestion; I've been reading the ipv6 related documentation given that
I'm bringing up my first 10.1 box with ipv6.....and things have changed
a bit since 8.4.
Post by pepe
ipv6_activate_all_interfaces="YES"
#ipv6_defaultrouter="2001:14b8:1801::1"
ipv6_defaultrouter="fe80::1%em0"
ifconfig_em0_ipv6="inet6 2001:14b8:1801::c001 prefixlen 64"
ifconfig_em0_alias59="inet6 2001:14b8:1801::2 prefixlen 64"
ifconfig_em0_alias60="inet6 2001:14b8:1801::c002 prefixlen 64"
ifconfig_em0_alias61="inet6 2001:14b8:1801::3 prefixlen 64"
ifconfig_em0_alias62="inet6 2001:14b8:1801:1:: prefixlen 64"
ifconfig_em0_alias63="inet6 2001:14b8:1801:1::1 prefixlen 64"
Just making sure that you realize that if the ISP's equipment is
addressed 2001:14b8:1801::1/64, it wouldn't necessarily do good things
with your address 2001:14b8:1801:1::/64 unless it had a route to that
network. But that's an aside and doesn't appear to be the root issue
you're dealing with.
Post by pepe
I'm starting to think it's problem on ISP side and not ours. But just to
sure - anyone have any ideas what more to try?
I read through this thread, and as far as I can tell, you've told us
almost nothing useful about the topology of your network. Where does
the cable from em0 go? Directly into the ISP's equipment? If so, what
kind of equipment are we talking about? What type of media? I admit
complete ignorance of the industry norms specific to Finland, but around
these parts it makes a world of difference whether you're talking
directly to a cable carrier's "modem" or a point-to-point circuit into a
high-end router.

What I would do, given what little I know about your topology:

1) Run "ndp -an" on your machine. All the addresses you expect to
work should show up as permanent entries in this table.

2) You're not doing any firewalling are you?

3) If you don't run em0 into a switch, insert one (preferably one that
does L3 and port mirroring, if you just happen to have access to one
like that) between the server and your ISP.

4) Attach another ipv6 speaking machine to the switch. Can it ping
all the addresses? Does its ndp table show the proper mac address for
all the addresses?

5) Optional: mirror all the traffic on the switch port attached to the
ISP the test machine you added and using tcpdump or wireshark or
what-have-you look at the traffic between the ISP and your server.

If the test machine in #4 reaches all the server addresses just fine
even though the ISP doesn't, particularly if #5 shows the ISP never
sending the traffic that should be going to the "non-functional"
addresses, my leading suspicion would be that that the ISP's equipment
has very, very limited capacity for a L2 address table, quite possibly
as a matter of deliberate configuration, and after it learns about N
neighbors, where N is a very small number, it simply ignores any
additional addresses. Other than getting your ISP to do something about
that, the only fix I can think of is to put a router (which is where a
L3 switch would be handy) between your ISP and your server. Then, in
theory, your ISP's equipment should have to deal with the only addresses
on the outside of your router in L2 and everything else would be L3
routing. My big concern about that, however, is that the default
address they've given you is actually in your /48, so it's unclear to me
what the heck they're doing with the routing. So you probably have to
talk to them in any case about what the outside interface of your router
should be addressed as.

--Jon Radel
***@radel.com
pepe
2014-11-24 05:51:03 UTC
Permalink
Hello.

Sorry about no information. I just realized that too.
So, server is hosted at isp's server rack. Connected with two gigabit
ethernets (em0 and em1, but currently we're using only em0 until we get
everything working, then we're look into duplicating internet connection).
Server setup is ESXi running two FreeBSD servers. IPv6 problem was very
same on both machines, but currently for testing we're running it on one
server only. em0 is connected to cisco switch that is connected to isps
network with fiber. So, we really can't do any testing or changes with
hardware because of the setup.

We're not doing firewalling, or well of course we are, but when doing ipv6
setup and testing - no ipv6 firewall at all. And actually we tired IPv6
setup with firewall completely off too.

I'm not planning to use those 1::1 addresses that are outside /64 of gw,
but they're in config now for testing purpose.

ndp -an output right now is:
***@eemeli:/home/pepe # ndp -an
Neighbor Linklayer Address Netif Expire S
Flags
2001:14b8:1801::1 00:00:5e:00:02:0a em0 23h59m54s S R
2001:14b8:1801::c001 00:0c:29:b2:57:43 em0 permanent R
fe81::ca01%em0 00:00:5e:00:02:0a em0 2h49m3s S
Post by Jon Radel
Post by pepe
I also tried adding
aliases with /128 instead of /64, but it changed nothing.
With /128 it worked just the same way.
As one of the people mentioning /128s, I'd like to retract that
suggestion; I've been reading the ipv6 related documentation given that I'm
bringing up my first 10.1 box with ipv6.....and things have changed a bit
since 8.4.
Post by pepe
ipv6_activate_all_interfaces="YES"
#ipv6_defaultrouter="2001:14b8:1801::1"
ipv6_defaultrouter="fe80::1%em0"
ifconfig_em0_ipv6="inet6 2001:14b8:1801::c001 prefixlen 64"
ifconfig_em0_alias59="inet6 2001:14b8:1801::2 prefixlen 64"
ifconfig_em0_alias60="inet6 2001:14b8:1801::c002 prefixlen 64"
ifconfig_em0_alias61="inet6 2001:14b8:1801::3 prefixlen 64"
ifconfig_em0_alias62="inet6 2001:14b8:1801:1:: prefixlen 64"
ifconfig_em0_alias63="inet6 2001:14b8:1801:1::1 prefixlen 64"
Just making sure that you realize that if the ISP's equipment is
addressed 2001:14b8:1801::1/64, it wouldn't necessarily do good things with
your address 2001:14b8:1801:1::/64 unless it had a route to that network.
But that's an aside and doesn't appear to be the root issue you're dealing
with.
Post by pepe
I'm starting to think it's problem on ISP side and not ours. But just to
sure - anyone have any ideas what more to try?
I read through this thread, and as far as I can tell, you've told us
almost nothing useful about the topology of your network. Where does the
cable from em0 go? Directly into the ISP's equipment? If so, what kind of
equipment are we talking about? What type of media? I admit complete
ignorance of the industry norms specific to Finland, but around these parts
it makes a world of difference whether you're talking directly to a cable
carrier's "modem" or a point-to-point circuit into a high-end router.
1) Run "ndp -an" on your machine. All the addresses you expect to work
should show up as permanent entries in this table.
2) You're not doing any firewalling are you?
3) If you don't run em0 into a switch, insert one (preferably one that
does L3 and port mirroring, if you just happen to have access to one like
that) between the server and your ISP.
4) Attach another ipv6 speaking machine to the switch. Can it ping all
the addresses? Does its ndp table show the proper mac address for all the
addresses?
5) Optional: mirror all the traffic on the switch port attached to the
ISP the test machine you added and using tcpdump or wireshark or
what-have-you look at the traffic between the ISP and your server.
If the test machine in #4 reaches all the server addresses just fine even
though the ISP doesn't, particularly if #5 shows the ISP never sending the
traffic that should be going to the "non-functional" addresses, my leading
suspicion would be that that the ISP's equipment has very, very limited
capacity for a L2 address table, quite possibly as a matter of deliberate
configuration, and after it learns about N neighbors, where N is a very
small number, it simply ignores any additional addresses. Other than
getting your ISP to do something about that, the only fix I can think of is
to put a router (which is where a L3 switch would be handy) between your
ISP and your server. Then, in theory, your ISP's equipment should have to
deal with the only addresses on the outside of your router in L2 and
everything else would be L3 routing. My big concern about that, however,
is that the default address they've given you is actually in your /48, so
it's unclear to me what the heck they're doing with the routing. So you
probably have to talk to them in any case about what the outside interface
of your router should be addressed as.
--Jon Radel
--
pepe
pepe
2014-11-26 13:43:19 UTC
Permalink
So, we finally got some answers from isp. They said it seems to be problem
on isps routers.
Now we just need to wait and see if they do something about it.
Thank's for suggestions and help anyways
Post by pepe
Hello.
Sorry about no information. I just realized that too.
So, server is hosted at isp's server rack. Connected with two gigabit
ethernets (em0 and em1, but currently we're using only em0 until we get
everything working, then we're look into duplicating internet connection).
Server setup is ESXi running two FreeBSD servers. IPv6 problem was very
same on both machines, but currently for testing we're running it on one
server only. em0 is connected to cisco switch that is connected to isps
network with fiber. So, we really can't do any testing or changes with
hardware because of the setup.
We're not doing firewalling, or well of course we are, but when doing ipv6
setup and testing - no ipv6 firewall at all. And actually we tired IPv6
setup with firewall completely off too.
I'm not planning to use those 1::1 addresses that are outside /64 of gw,
but they're in config now for testing purpose.
Neighbor Linklayer Address Netif Expire S
Flags
2001:14b8:1801::1 00:00:5e:00:02:0a em0 23h59m54s S R
2001:14b8:1801::c001 00:0c:29:b2:57:43 em0 permanent R
fe81::ca01%em0 00:00:5e:00:02:0a em0 2h49m3s S
Post by Jon Radel
Post by pepe
I also tried adding
aliases with /128 instead of /64, but it changed nothing.
With /128 it worked just the same way.
As one of the people mentioning /128s, I'd like to retract that
suggestion; I've been reading the ipv6 related documentation given that I'm
bringing up my first 10.1 box with ipv6.....and things have changed a bit
since 8.4.
Post by pepe
ipv6_activate_all_interfaces="YES"
#ipv6_defaultrouter="2001:14b8:1801::1"
ipv6_defaultrouter="fe80::1%em0"
ifconfig_em0_ipv6="inet6 2001:14b8:1801::c001 prefixlen 64"
ifconfig_em0_alias59="inet6 2001:14b8:1801::2 prefixlen 64"
ifconfig_em0_alias60="inet6 2001:14b8:1801::c002 prefixlen 64"
ifconfig_em0_alias61="inet6 2001:14b8:1801::3 prefixlen 64"
ifconfig_em0_alias62="inet6 2001:14b8:1801:1:: prefixlen 64"
ifconfig_em0_alias63="inet6 2001:14b8:1801:1::1 prefixlen 64"
Just making sure that you realize that if the ISP's equipment is
addressed 2001:14b8:1801::1/64, it wouldn't necessarily do good things with
your address 2001:14b8:1801:1::/64 unless it had a route to that network.
But that's an aside and doesn't appear to be the root issue you're dealing
with.
Post by pepe
I'm starting to think it's problem on ISP side and not ours. But just to
sure - anyone have any ideas what more to try?
I read through this thread, and as far as I can tell, you've told us
almost nothing useful about the topology of your network. Where does the
cable from em0 go? Directly into the ISP's equipment? If so, what kind of
equipment are we talking about? What type of media? I admit complete
ignorance of the industry norms specific to Finland, but around these parts
it makes a world of difference whether you're talking directly to a cable
carrier's "modem" or a point-to-point circuit into a high-end router.
1) Run "ndp -an" on your machine. All the addresses you expect to work
should show up as permanent entries in this table.
2) You're not doing any firewalling are you?
3) If you don't run em0 into a switch, insert one (preferably one that
does L3 and port mirroring, if you just happen to have access to one like
that) between the server and your ISP.
4) Attach another ipv6 speaking machine to the switch. Can it ping
all the addresses? Does its ndp table show the proper mac address for all
the addresses?
5) Optional: mirror all the traffic on the switch port attached to the
ISP the test machine you added and using tcpdump or wireshark or
what-have-you look at the traffic between the ISP and your server.
If the test machine in #4 reaches all the server addresses just fine even
though the ISP doesn't, particularly if #5 shows the ISP never sending the
traffic that should be going to the "non-functional" addresses, my leading
suspicion would be that that the ISP's equipment has very, very limited
capacity for a L2 address table, quite possibly as a matter of deliberate
configuration, and after it learns about N neighbors, where N is a very
small number, it simply ignores any additional addresses. Other than
getting your ISP to do something about that, the only fix I can think of is
to put a router (which is where a L3 switch would be handy) between your
ISP and your server. Then, in theory, your ISP's equipment should have to
deal with the only addresses on the outside of your router in L2 and
everything else would be L3 routing. My big concern about that, however,
is that the default address they've given you is actually in your /48, so
it's unclear to me what the heck they're doing with the routing. So you
probably have to talk to them in any case about what the outside interface
of your router should be addressed as.
--Jon Radel
--
pepe
--
pepe
pepe
2014-11-28 16:12:05 UTC
Permalink
Just to let you people know, it was problem on ISP side. They made config
changes
and now all ipv6 addresses are working just fine.
Post by pepe
So, we finally got some answers from isp. They said it seems to be problem
on isps routers.
Now we just need to wait and see if they do something about it.
Thank's for suggestions and help anyways
Post by pepe
Hello.
Sorry about no information. I just realized that too.
So, server is hosted at isp's server rack. Connected with two gigabit
ethernets (em0 and em1, but currently we're using only em0 until we get
everything working, then we're look into duplicating internet connection).
Server setup is ESXi running two FreeBSD servers. IPv6 problem was very
same on both machines, but currently for testing we're running it on one
server only. em0 is connected to cisco switch that is connected to isps
network with fiber. So, we really can't do any testing or changes with
hardware because of the setup.
We're not doing firewalling, or well of course we are, but when doing
ipv6 setup and testing - no ipv6 firewall at all. And actually we tired
IPv6 setup with firewall completely off too.
I'm not planning to use those 1::1 addresses that are outside /64 of gw,
but they're in config now for testing purpose.
Neighbor Linklayer Address Netif Expire S
Flags
2001:14b8:1801::1 00:00:5e:00:02:0a em0 23h59m54s S R
2001:14b8:1801::c001 00:0c:29:b2:57:43 em0 permanent R
fe81::ca01%em0 00:00:5e:00:02:0a em0 2h49m3s S
Post by Jon Radel
Post by pepe
I also tried adding
aliases with /128 instead of /64, but it changed nothing.
With /128 it worked just the same way.
As one of the people mentioning /128s, I'd like to retract that
suggestion; I've been reading the ipv6 related documentation given that I'm
bringing up my first 10.1 box with ipv6.....and things have changed a bit
since 8.4.
Post by pepe
ipv6_activate_all_interfaces="YES"
#ipv6_defaultrouter="2001:14b8:1801::1"
ipv6_defaultrouter="fe80::1%em0"
ifconfig_em0_ipv6="inet6 2001:14b8:1801::c001 prefixlen 64"
ifconfig_em0_alias59="inet6 2001:14b8:1801::2 prefixlen 64"
ifconfig_em0_alias60="inet6 2001:14b8:1801::c002 prefixlen 64"
ifconfig_em0_alias61="inet6 2001:14b8:1801::3 prefixlen 64"
ifconfig_em0_alias62="inet6 2001:14b8:1801:1:: prefixlen 64"
ifconfig_em0_alias63="inet6 2001:14b8:1801:1::1 prefixlen 64"
Just making sure that you realize that if the ISP's equipment is
addressed 2001:14b8:1801::1/64, it wouldn't necessarily do good things with
your address 2001:14b8:1801:1::/64 unless it had a route to that network.
But that's an aside and doesn't appear to be the root issue you're dealing
with.
Post by pepe
I'm starting to think it's problem on ISP side and not ours. But just to
sure - anyone have any ideas what more to try?
I read through this thread, and as far as I can tell, you've told us
almost nothing useful about the topology of your network. Where does the
cable from em0 go? Directly into the ISP's equipment? If so, what kind of
equipment are we talking about? What type of media? I admit complete
ignorance of the industry norms specific to Finland, but around these parts
it makes a world of difference whether you're talking directly to a cable
carrier's "modem" or a point-to-point circuit into a high-end router.
1) Run "ndp -an" on your machine. All the addresses you expect to
work should show up as permanent entries in this table.
2) You're not doing any firewalling are you?
3) If you don't run em0 into a switch, insert one (preferably one that
does L3 and port mirroring, if you just happen to have access to one like
that) between the server and your ISP.
4) Attach another ipv6 speaking machine to the switch. Can it ping
all the addresses? Does its ndp table show the proper mac address for all
the addresses?
5) Optional: mirror all the traffic on the switch port attached to the
ISP the test machine you added and using tcpdump or wireshark or
what-have-you look at the traffic between the ISP and your server.
If the test machine in #4 reaches all the server addresses just fine
even though the ISP doesn't, particularly if #5 shows the ISP never sending
the traffic that should be going to the "non-functional" addresses, my
leading suspicion would be that that the ISP's equipment has very, very
limited capacity for a L2 address table, quite possibly as a matter of
deliberate configuration, and after it learns about N neighbors, where N is
a very small number, it simply ignores any additional addresses. Other
than getting your ISP to do something about that, the only fix I can think
of is to put a router (which is where a L3 switch would be handy) between
your ISP and your server. Then, in theory, your ISP's equipment should
have to deal with the only addresses on the outside of your router in L2
and everything else would be L3 routing. My big concern about that,
however, is that the default address they've given you is actually in your
/48, so it's unclear to me what the heck they're doing with the routing.
So you probably have to talk to them in any case about what the outside
interface of your router should be addressed as.
--Jon Radel
--
pepe
--
pepe
--
pepe
Loading...