neighbor discovery problem

Jeremy Chadwick koitsu at FreeBSD.org
Tue Aug 12 08:34:04 UTC 2008 

On Tue, Aug 12, 2008 at 09:45:48AM +0200, Mathieu Arnold wrote:
> Since I added IPv6 to my network, and started really using it, I'm seeing
> some strange things happening.
> 
> For instance, I'm on machine 2a01:678:1:443::443, and I do :
> 
> $ traceroute6 -n 2a01:678:100:2::
> traceroute6 to 2a01:678:100:2:: (2a01:678:100:2::) from
> 2a01:678:1:443::443, 64 hops max, 12 byte packets
>  1  2a01:678:1:443::  0.636 ms  0.602 ms  0.525 ms
>  2  2a01:678:1:443::  2999.665 ms !A  2999.636 ms !A  2999.680 ms !A
> 
> 2a01:678:1:443:: is it's default gateway, and is also directly connected to
> 2a01:678:100:2::, but it does not seem to be able to contact it.
> 
> If I log onto the gateway, and I :
> 
> $ ping6 -c 1 2a01:678:100:2::
> PING6(56=40+8+8 bytes) 2a01:678:100:: --> 2a01:678:100:2::
> 16 bytes from 2a01:678:100:2::, icmp_seq=0 hlim=64 time=1.146 ms
> 
> --- 2a01:678:100:2:: ping6 statistics ---
> 1 packets transmitted, 1 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 1.146/1.146/1.146/0.000 ms
> 
> It works, and now, I can :
> $ traceroute6 -n 2a01:678:100:2::
> traceroute6 to 2a01:678:100:2:: (2a01:678:100:2::) from
> 2a01:678:1:443::443, 64 hops max, 12 byte packets
>  1  2a01:678:1:443::  0.647 ms  0.671 ms  0.417 ms
>  2  2a01:678:100:2::  0.852 ms  0.790 ms  0.669 ms
> 
> Maybe I'm doing something wrong, but, well, I can't seem to find ou what.
> 
> 2a01:678:1:443::443 is a 7.0
> 2a01:678:1:443::    is a 6.2
> 2a01:678:100:2::    is a 6.0
> 
> Those are not up to date to the latest thing you can get, but they're
> production machines, and I'm not really willing to upgrade them unless I
> really need to :-)

Important note: I know absolutely nothing about IPv6.

Do you have ACLs on any of these machines?  !A in traceroute commonly
means there's an ACL blocking said packets:

!A  (communication with destination network administratively prohibited)

A ping from the other host might cause a stateful firewall to begin
allowing said traffic to/from the machine which previously wasn't
working.

If you use a firewall on these machines (ipfw, pf, etc.), I'd recommend
posting your problem to the freebsd-pf list instead.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list