Re: routing to a directly attached subnet without an address in this subnet

Mon, 25 Apr 2011 15:06:12 -0700 

On Mon, Apr 25, 2011 at 10:17:40PM +1000, Daniel Marsh wrote:

What you need to verify is the default routes on the client hosts. It's very
likely your packets and your initial route add commands on your dual host
machine are correct, yet the return route on the other clients are
incorrect.



I have checked that. Actually, I can ping the router from the clients. 
What does not work is initiating a packet exchange from the router's side.


Short reminder:
 em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1
 em1 has address fe80::1234:56ff:fe78:9abd
 default route is to em0

 2001:db8:0:1::/64 is router to em1 
  (route add -inet6 2001:db8:0:1::/64 -iface em1)
 clients connected to em1 have addresses in 2001:db8:0:1::/64 and default 
  route to fe80::1234:56ff:fe78:9abd



If I reboot the router, then try to ping a client in 2001:db8:0:1::/64, 
directly connected to em1, ping6 fails with "sendmsg: Operation not 
permitted". tcpdump does not show anything being sent to this client. The 
client's MAC does not show up in "ndp -a".



If I ping the router from the client, I get answers. The client's MAC 
show up in the NDP table, and I can ping the client from the router as 
long as it is still listed in the NDP table. If I clear the table with 
"ndp -c", I can't ping from the router any more. If I reboot and add 
a static entry for the client in the NDP table, I can ping this client.



All this seems to point to NDP as the root of the problem: it looks like 
it is not aware of the addition of 2001:db8:0:1::/64 to the routing 
table. I do not see any way to give the missing information to NDP 
other than adding an address to em1. (Adding static entries for all the 
clients would not be manageable in the long run).



Google seems to turn up some mentions of "cloning routes" that look like 
a way to solve this (I'm not quite sure), but this was apparently 
removed in a recent reimplementation of ARP+NDP (arp-v2). Maybe some 
functionality was lost in the process, but I don't know about this.


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"






















					Reply via email to