Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Failing to route IPv6

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
CedBobKing
Posts: 1
Joined: 2021-09-01 13:09

Failing to route IPv6

#1 Post by CedBobKing »

I currently use Debian to route IPv4 traffic at many places. Been doing it for years. Trying to adapt that to also allow IPv6 traffic where the ISP supports the protocol. There is one location where I can start.

Set up a "virtual lab" in both VMware Fusion and VrirtualBox. Get roughly the same result in either environment. Packets do not seem to traverse the router itself. No firewall is even installed. HostA, the "router", has 2 NICs on different networks. HostB, the "client", single NIC. Adapters are named to hint at their purpose. Everything is statically configured in /etc/networking/interfaces.

On HostA

Code: Select all

  hosta $ ip addr
  1: lo
      inet6 ::1/128
  2: isp0
      inet6 2001:db8:f::1/64
      inet6 ff80::.../64
  3: lan0
      inet6 2001:db8:f::2/64
      inet6 ff80::.../64
  hosta # sysctl -w net.ipv6.conf.all.forwarding=1
On HostB

Code: Select all

  hostb $ ip addr
  1: lo
      inet6 ::1/128
  2: lan0
      inet6 2001:db8:f::123/64
      inet6 ff80::.../64
  hostb $ ip -6 route
  2001:db8:f::/64 dev lan0
  defailt via 2001:db8:f::2
  hostb $ ping 2001:db8:f::2
  64 bytes...
  hostb $ ping 2001:db8:f::1
  From .. Address unreachable
  hostb $
On HostA

Code: Select all

  hosta # tcpdump -i isp0
  <nothing>
  hosta # tcpdump -i lan0
  ...ICMP6, neighbor solicitation, who has...
  hosta #
It seems like neighbor discovery, which is like arp, is failing inside HostA.

Everything says that IPv6 is not to be NATted in any way, and the block of Unique Global Addresses are to be used internally and simply routed. I am presuming that I am given a block of 2001:db8f::1/64 for the purposes of testing.

Any help would be greatly appreciated.

User avatar
ralph.ronnquist
Posts: 342
Joined: 2015-12-19 01:07
Location: Melbourne, Australia
Been thanked: 6 times

Re: Failing to route IPv6

#2 Post by ralph.ronnquist »

host A of course "gets confused" about which interface to route 2001:db8:f::/64 packets through, since both lan0 and isp0 are set up for that network. That is the same as if having ipv4 addresses, say, 192.168.1.1/24 and 192.168.1.2/24.

By your setup, the ipv6 routing table has two competing entries; your "ip -6 route" would include the following:

Code: Select all

2001:db8:f::/64 dev isp0 proto kernel ...
2001:db8:f::/64 dev lan0 proto kernel ...
The first step would be to delete the isp0 route entry since you don't want packets for that network to be routed that way.

Secondly you want to handle incoming NDP packets to "isp0" for "2001:db8:f::/64" to be proxied onto "lan0", and responses returned. One way to achieve that is to use ndppd, with a configuration like:

Code: Select all

proxy isp0 {
    rule 2001:db8:f::/64 {
        iface lan0
    }
}
With that, hosta should respond to NDP incoming on isp0 for any 2001:db8:f::/64 address that has a responder host on the its lan0 nework.

However hostb still won't see 2001:db8:f::1/64 but must address that host using 2001:db8:f::2/64. The kernel will respond to hostb's NDP queries for the latter on lan0, but not for the former which is on isp0. In particular, that latter address should be targeted as default gateway for hostb.

A simpler setup could be to add a bridge on host A with isp0 and lan0 as its ports, and then only assign an ipv6 address to the bridge (leave isp0 and lan0 without ipv6 addresses). Then the bridge will take care of joining the two networks at Ethernet level also for the NDP traffic.

Post Reply