I have a shorewall6/shorewall6-lite installation where the router has multiple IPv6 connections to the Internet. Accordingly I have configured the providers file[1].
When I do have the providers file present with the following contents:
CGCO 1 0x100 - eth0.2 -
nohostroute -
DSL 2 0x200 - pppoe-wan1 -
fallback,nohostroute -
Squid 3 0x400 - br-lan fd31:aeb1:48df::2
loose,notrack
HENET 4 0x300 - 6in4-henet 2001:470:1c:6f8::1
fallback,nohostroute -
I see major packet loss on the eth0.2 provider:
Packets Pings
Host Loss% Snt Last Avg Best Wrst
StDev
1. 2001:1970:5256:8900::1 0.0% 1056 0.8 4.8 0.5 1008.
61.6
2. 2001:1970:4000:82::1 41.3% 1056 14.6 1039. 7.1 7529.
2030.
2001:1970:5256:8900::1
3. 2001:1970:0:1a6::1 50.0% 1056 12.7 1692. 10.6 7844.
2223.
2001:1970:5256:8900::1
4. he.ip6.torontointernetxchange.net 41.2% 1056 10.3 929.4 10.0 7362.
1834.
2001:1970:5256:8900::1
5. 100ge14-2.core1.nyc4.he.net 41.4% 1056 30.1 965.3 20.0 7285.
1891.
2001:1970:5256:8900::1
6. 100ge4-1.core1.par2.he.net 41.1% 1056 100.6 1140. 89.7 7395.
1967.
2001:1970:5256:8900::1
7. 100ge13-1.core1.ams1.he.net 40.9% 1056 103.2 1093. 96.4 8170.
1956.
2001:1970:5256:8900::1
8. 2001:7f8:1::a501:4061:2 41.0% 1056 100.5 1139. 96.6 8052.
2025.
2001:1970:5256:8900::1
9. 2604:a880:ffff:4:1::2 40.9% 1056 101.2 1542. 97.5 23010
9400.
2604:a880:ffff:4:1::59
2604:a880:ffff:4:1::53
2604:a880:ffff:4:1::55
2604:a880:ffff:4:1::6
2604:a880:ffff:4:1::4f
2604:a880:ffff:4:1::51
2604:a880:ffff:4:1::57
10. 2604:a880:ffff:d::9 40.9% 1056 104.8 1610. 102.7 26247
10663
2001:1970:5256:8900::1
ae0-2150-bdr01-tor.teksavvy.com
11. 2604:a880:ffff:5::246 80.2% 1056 105.4 1453. 103.9 8487.
2267.
2604:a880:ffff:5::242
2001:19f0:300:1001::1001
2001:1970:5256:8900::1
12. git-01.infra.lede-project.org 41.0% 1055 168.6 1330. 98.7 36625
2822.
2001:1970:5256:8900::1
When I simply remove the provider file and re-install the policy the
(end-to-end) packet loss goes away:
Packets Pings
Host Loss% Snt Last Avg Best Wrst
StDev
1. 2001:1970:5256:8900::1 0.0% 3259 1.4 9.7 0.5 7013.
199.7
2. 2001:1970:4000:82::1 0.0% 3259 13.1 25.5 5.3 7888.
286.1
3. 2001:1970:0:1a6::1 15.4% 3259 13.2 1198. 10.8 13140
1555.
4. he.ip6.torontointernetxchange.net 0.0% 3259 22.4 38.8 7.2 8737.
292.8
5. 100ge14-2.core1.nyc4.he.net 0.0% 3259 41.5 40.0 18.6 8664.
289.7
6. 100ge4-1.core1.par2.he.net 0.1% 3259 103.8 179.5 88.6 8613.
412.5
7. 100ge13-1.core1.ams1.he.net 0.0% 3259 103.9 124.1 94.0 8533.
292.6
8. 2001:7f8:1::a501:4061:2 0.0% 3259 101.2 114.9 96.9 8443.
280.2
9. 2604:a880:ffff:4:1::2 0.0% 3259 100.7 116.8 97.0 8370.
277.7
2604:a880:ffff:4:1::59
2604:a880:ffff:4:1::53
2604:a880:ffff:4:1::55
2604:a880:ffff:4:1::6
2604:a880:ffff:4:1::4f
2604:a880:ffff:4:1::51
2604:a880:ffff:4:1::57
10. 2604:a880:ffff:d::9 0.0% 3258 105.4 118.6 100.8 8288.
269.9
11. 2604:a880:ffff:5::246 66.0% 3258 105.8 1436. 103.7 14621
43923
2604:a880:ffff:5::242
2001:19f0:300:1001::1001
12. git-01.infra.lede-project.org 0.0% 3258 168.9 179.4 99.7 8049.
275.8
Does this ring familiar for anyone?
Cheers,
b.
[1] On reflection and after disabling for testing, I wonder what
benefit I am getting out of the providers file/functionality with IPv6
where, without using NAT, I can't prefer providers anyway.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
