Hi Reinier, First question: does the router A see the response coming from router B and then drop it or does the router B drop the packet? Second question: why don't you configure router A to go through router B as a prefered route to access the internet and use VlanY as a fallback in case router B gets down?
Anayway, as far as I understand your problem, the packet would be returned to router A on a different interface from where it was sent. So the interface of your router A will receive a packet from router B but destination IP address is the one of VlanY which is not matching the interface getting it and causes the DROP. You can probably setup an NDP proxy to solve this but it is an ugly solution . I don't have enough knowledge in routing protocols and network architecture but I am pretty sure that the design itself should be modified. All networking options (including NDP proxy, rpfilter etc.) can be find here http://kernel.org/doc/Documentation/networking/ip-sysctl.txt You can also get it with: aptitude install linux-doc Sorry I can't help you more, Igor. On Thu, Aug 9, 2012 at 9:01 AM, Reinier Boon <[email protected]> wrote: > Dear list, > > I am new to this list, I have searched the list and googled for a long > time now, read the kernel source as far as I can understand, but excuse me > if I have missed something more or less obvious... I hope someone can help > me out with this problem: > > Setup: > I have a redundant router setup, where both routers are connected to each > other via vlanX. Both routers are connected to the internet with BGP > (quagga) over vlanY. > > Test: > I setup an IPv6 TCP connection from router A to host C on the internet > over vlanY. Since the default route of router A is the BGP route over > vlanY, the first packet with the SYN is sent there to the connected BGP > router on the internet. The BGP cloud has as default route to our IPv6 > space router B, so the SYN/ACK packet reply comes back over BGP using vlanY > to router B, which routes it back to router A over vlanX. > > Problem: > Router A silently drops the SYN/ACK packet coming in over vlanX, and no > connection is established. Ping6 to host C works flawlessly however. I have > disabled the firewall already (temporary), flushing all ip6tables rules and > setting the default policies to accept, but that has no effect. > I can setup the TCP connection from router B without a problem. If I make > the BGP cloud switch to using router A as default router for our IPv6 > space, I can setup the connection from router A, but not from router B. > > I am familiar with the net.ipv4.conf.all.rp_filter sysctl setting (with is > set to 0), but I cannot find something similar for IPv6. > > Can anyone point me in the right direction? How can I get these > connections right? > > -- > Best regards, > Reinier Boon > > > Reinier Boon | Senior software engineer | Telecats bv | > KvK Enschede 06069106 | Tel: +31 53 488 99 26 | Fax: +31 53 488 99 10 | E > mail: [email protected] > >
