IPv6 with VNET jails

Reply: Goran Mekić : "Re: IPv6 with VNET jails"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Goran Mekić <meka_at_tilda.center>
Date: Tue, 21 Dec 2021 16:30:15 UTC
Hello,

I started my research on IPv6 (read: I really don't know anything) and
I'm a bit stuck with VNET jails. I did setup HE tunnel as my ISP is not
providing IPv6 and all devices in my house are happy consumers of rtadvd
config. Router is advertized (rtadvd on my router) and solicitation is
working on laptop/desktop it's all perfect. Now I'm trying to setup IPv6 stack 
for jails. I already have VNET jails through CBSD so that part is done, but
I can't get past the host with ping. On desktop I have the following
configuration.


/etc/rc.conf:
ipv6_gateway_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0_name="cbsd0"
ifconfig_cbsd0="inet 172.16.0.254 netmask 255.255.255.0 description re0"
ifconfig_cbsd0_alias0="inet 172.16.1.254 netmask 255.255.255.0"
ifconfig_cbsd0_ipv6="inet6 -ifdisabled fd7f:ec06:9415:54a0::1 auto_linklocal"
rtadvd_enable="YES"
rtadvd_interfaces="cbsd0"


/etc/rtadvd.conf:
cbsd0:\
    :addrs#1\
    :addr="fd7f:ec06:9415:54a0::"


Inside jail dhcpcd is getting IPv4 and IPv6 addresses
dhcpcd-9.4.1 starting
DUID 00:01:00:01:29:3e:0f:56:00:a0:98:c7:f7:f4
eth0: waiting for carrier
eth0: carrier acquired
eth0: IAID 98:c7:f7:f4
eth0: adding address fe80::ad6b:eea1:3ccb:d886
eth0: rebinding lease of 172.16.0.110
eth0: probing address 172.16.0.110/24
eth0: soliciting an IPv6 router
eth0: Router Advertisement from fe80::5a9c:fcff:fe10:ff90
eth0: adding address fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e/64
eth0: adding route to fd7f:ec06:9415:54a0::/64
eth0: adding default route via fe80::5a9c:fcff:fe10:ff90
eth0: leased 172.16.0.110 for 459 seconds
eth0: adding route to 172.16.0.0/24
eth0: adding default route via 172.16.0.254
forked to background, child pid 14445


Inside jail ifconfig (eth0 is epair device)
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
	groups: pflog
eth0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 00:a0:98:c7:f7:f4
	hwaddr 02:45:96:40:d1:0b
	inet6 fe80::ad6b:eea1:3ccb:d886%eth0 prefixlen 64 scopeid 0x3
	inet6 fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e prefixlen 64 autoconf
	inet 172.16.0.110 netmask 0xffffff00 broadcast 172.16.0.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=1<PERFORMNUD>


Inside jail netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            172.16.0.254       UG         eth0
127.0.0.1          link#1             UH          lo0
172.16.0.0/24      link#3             U          eth0
172.16.0.110       link#3             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
default                           fe80::5a9c:fcff:fe10:ff90%eth0 UG        eth0
::1                               link#1                        UHS         lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fd7f:ec06:9415:54a0::/64          link#3                        U          eth0
fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e link#3                  UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#1                        U           lo0
fe80::1%lo0                       link#1                        UHS         lo0
fe80::%eth0/64                    link#3                        U          eth0
fe80::ad6b:eea1:3ccb:d886%eth0    link#3                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0

Inside jail ping -c 1 fd7f:ec06:9415:54a0::1
PING6(56=40+8+8 bytes) fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e --> fd7f:ec06:9415:54a0::1
16 bytes from fd7f:ec06:9415:54a0::1, icmp_seq=0 hlim=64 time=0.076 ms

--- fd7f:ec06:9415:54a0::1 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.076/0.076/0.076/0.000 ms


Inside jail ping <host's routable IPv6 address>
PING6(56=40+8+8 bytes) fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e --> <host's routable IPv6 address>
16 bytes from <host's routable IPv6 address>, icmp_seq=0 hlim=64 time=0.127 ms

--- <host's routable IPv6 address> ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.127/0.127/0.127/0.000 ms


Inside jail ping -6 -c 1 google.com
PING6(56=40+8+8 bytes) fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e --> 2a00:1450:400d:806::200e

--- google.com ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss


My assumption is that addresses starting with fd are something like
192.168.0.0/24, for example. How wrong am I and what am I doing wrong?

Regards,
meka