• IPv6 neighbor discovery in a router

    From Andrew Gideon@110:110/2002 to All on Mon Mar 31 22:33:41 2014
    I am using CeontOS6 on three machines as IPv6 routers. Two are working normally. One is not. The one that is not is the machine I've been
    using longest for testing, so I've probably done something to break it.
    If I'm correct, a reboot would likely fix it.

    But I want to understand this before I do that. It's interesting. So
    I'm curious if anyone has a suggest as to what I might have done.

    The problem is what occurs when a packet "from outside" destined to a
    machine M reaches the final router R before M (that is: R is M's
    gateway). Both that router R and M have IPs on the same subnet. So what
    I think should happen - and what appears to happen when I try this on two
    of the three test routers - is that "neighbor discovery" should occur (assuming that M is not in the listing of "nei -6 show" on R).

    As I wrote, this seems to happen on two of the three test routers. I've looked through sysctl -a for something that I might have done that
    "broke" this behavior on the third machine, but I don't see the
    difference.

    I've eavesdropped on "the wire". I see the ICMP Type=135 messages when I
    am using one of the working machines as the gateway for M. I don't see
    them when I am using the non-working machine.

    Note that on any of the three test routers, if M is already in "nei -6
    show" then attempts to reach M from outside work. Even on the "bad" R,
    for example, if I ping M first from R (which works) then a packet from "outside" will successfully reach M.

    I'm switching between routers by adding/removing the IP that is the
    default gateway for M.

    Anyone have any thoughts as to what I might have done to break (or
    disable) neighbor discovery for routed packets (but not locally
    originated packets)?

    Thanks...

    Andrew

    --- MBSE BBS v1.0.1 (GNU/Linux-i386)
    * Origin: UsenetServer - www.usenetserver.com (110:110/2002@linuxnet)
  • From Pascal Hambourg@110:110/2002 to All on Mon Mar 31 22:51:39 2014
    Reply-To: pascal.news@plouf.fr.eu.org

    Andrew Gideon a ‚crit :

    Anyone have any thoughts as to what I might have done to break (or
    disable) neighbor discovery for routed packets (but not locally
    originated packets)?

    Any ip6tables rules ?

    --- MBSE BBS v1.0.1 (GNU/Linux-i386)
    * Origin: Plouf ! (110:110/2002@linuxnet)
  • From Andrew Gideon@110:110/2002 to All on Mon Mar 31 23:22:17 2014
    On Tue, 01 Apr 2014 00:51:39 +0200, Pascal Hambourg wrote:

    Any ip6tables rules ?

    Yes, but the same on all the routers (excluding short term changes before
    they get distributed).

    However, this question caused me to consider adding to the OUTPUT chain logging of ICMP type 135. The non-working router doesn't sent one of
    these to the network on which M may be reached. A working router does.

    I already knew that the ICMP packet wasn't reaching at least my
    monitoring point on the network. I was assuming that this was because
    the packet wasn't being sent, and this seems to confirm that.

    Interesting problem, eh?

    Thanks...

    - Andrew

    --- MBSE BBS v1.0.1 (GNU/Linux-i386)
    * Origin: UsenetServer - www.usenetserver.com (110:110/2002@linuxnet)