IPv6 NDP triggering QuaggaLinux problem?

Stefan Bethke stb at lassitu.de
Sat Jan 13 22:49:34 UTC 2018 

Am 13.01.2018 um 23:06 schrieb Stefan Bethke <stb at lassitu.de>:
> 
> Hey guys,
> 
> I’m a bit stumped and are hoping for some helpful pointers.
> 
> I have two machines both running a recent 11-stable (SuperMicro X11SSH-F with a E3-1240v6); each one is connected to one Ethernet switch through igb0, and back-to-back connected to the other box through igb1. igb1 only has IPv4 RFC 1918 addresses configured.
> 
> To make it easier to give bhyve VMs a public IP, igb0 is added as a member to brigde0, and all addresses are configured on bridge0. The hosts run a small number of jails with addresses on bridge0 as well.
> 
> Whenever IPv6 is active on bridge0, my ISPs router (which is some version of Quagga running on Linux) keeps filling up it’s routing table within minutes; then traffic stops, the routing table is cleared and the normal set of entries is installed, and traffic resumes. This pattern then repeats. The router apparent has has full table with ~46000 routes normally, but within minutes, the Linux kernel routing table gets filled up with multiple copies of that.  I believe that is is likely a problem with Quagga on Linux, and ultimately has to be resolved there, but the question lingers what my two systems could be sending that could trigger this.
> 
> The ISP and I have looked at NDP config, tcpdumps of NDP, and general IPv6 config, but we cannot identify why Quagga or the Linux kernel would behave that way.  Other FreeBSD boxes connected to the same router (but different IPv6 /64s) do not trigger this behaviour.
> 
> My systems are not really loaded, and traffic is light. One box gets about 50 packet/s, the other about 400 (this one is in the NTP pool, and running a DNS server).
> 
> I’ve tried switching off NUD, but that doesn’t change the behaviour of the Quagga system.
> 
> Here’s some output of the current configuration:
> # ifconfig igb0; ifconfig bridge0
> igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
> 	options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
> 	ether ac:1f:6b:18:xx:6e
> 	hwaddr ac:1f:6b:18:xx:6e
> 	inet6 fe80::ae1f:6bff:fexx:66e%igb0 prefixlen 64 tentative scopeid 0x1
> 	nd6 options=8<IFDISABLED>
> 	media: Ethernet autoselect (1000baseT <full-duplex>)
> 	status: active
> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> 	description: vm-bridge0
> 	ether 02:3c:9f:37:xx:00
> 	inet 212.12.xx.225 netmask 0xffffffe0 broadcast 212.12.xx.255
> 	inet 212.12.xx.226 netmask 0xffffffff broadcast 212.12.xx.226
> 	inet 212.12.xx.253 netmask 0xffffffff broadcast 212.12.xx.253
> 	inet 212.12.xx.229 netmask 0xffffffff broadcast 212.12.xx.229
> 	inet6 fe80::3c:9fff:fe37:xx00%bridge0 prefixlen 64 scopeid 0x7
> 	inet6 2a00:14b0:4200:32xx::1e1 prefixlen 64
> 	inet6 2a00:14b0:4200:32xx::1e2 prefixlen 128
> 	inet6 2a00:14b0:4200:32xx::1fd prefixlen 128
> 	inet6 2a00:14b0:4200:32xx::1e5 prefixlen 128
> 	nd6 options=8020<AUTO_LINKLOCAL,DEFAULTIF>
> 	groups: bridge
> 	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> 	maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> 	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> 	member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> 	        ifmaxaddr 0 port 1 priority 128 path cost 2000000
> # ndp -an
> Neighbor                             Linklayer Address  Netif Expire    S Flags
> 2a00:14b0:4200:32xx::1e1             02:3c:9f:37:xx:00 bridge0 permanent R
> 2a00:14b0:4200:32xx::1               00:50:56:a1:xx:b5 bridge0 23h59m58s S R
> 2a00:14b0:4200:32xx::1e2             02:3c:9f:37:xx:00 bridge0 permanent R
> 2a00:14b0:4200:32xx::1e5             02:3c:9f:37:xx:00 bridge0 permanent R
> 2a00:14b0:4200:32xx::1e7             02:5a:1d:92:xx:00 bridge0 23h59m16s S
> 2a00:14b0:4200:32xx::1e8             02:5a:1d:92:xx:00 bridge0 23h59m2s  S
> 2a00:14b0:4200:32xx::1eb             02:5a:1d:92:xx:00 bridge0 23h55m7s  S
> 2a00:14b0:4200:32xx::1ea             02:5a:1d:92:xx:00 bridge0 23h2m24s  S
> fe80::3c:9fff:fe37:2500%bridge0      02:3c:9f:37:xx:00 bridge0 permanent R
> fe80::250:56ff:fea1:dfb5%bridge0     00:50:56:a1:xx:b5 bridge0 23h59m57s S R
> 2a00:14b0:4200:32e0::1fd             02:3c:9f:37:xx:00 bridge0 permanent R
> fe80::ae1f:6bff:fe18:xx6f%igb1        ac:1f:6b:18:xx:6f   igb1 permanent R
> fe80::ae1f:6bff:fe18:xx6e%igb0        ac:1f:6b:18:xx:6e   igb0 permanent R
> # ndp -i bridge0
> linkmtu=0, maxmtu=0, curhlim=64, basereachable=30s0ms, reachable=32s, retrans=1s0ms
> Flags: auto_linklocal

One more data point: on the Quagga machine, my ISP is seeing this:
# ip -6 route show | grep 2a00:14b0:4200:32xx
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
2a00:14b0:4200:32xx::/64 dev vlan503  proto kernel  metric 256
^C

This make no sense, does it?  My machines don’t run rtadvd; I believe the bridge is not actively using (R)STP, nor is there any active routing protocol.  Why Quagga would try to (and succeed) install tens of copies of seemingly identical routes is beyond me.


Stefan

--
Stefan Bethke <stb at lassitu.de>   Fon +49 151 14070811


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180113/e0583f4f/attachment.sig>

More information about the freebsd-net mailing list