Distro is Ubuntu 16.04 LTS. I will try to use a packet sniffer if I find
the time to do so, but this is unlikely to happen before the end of next
week.
Udo
Tom Eastep <teas...@shorewall.net> schrieb am Di., 6. März 2018 um
00:33 Uhr:
> On 03/05/2018 05:18 AM, Udo Schacht-Wiegand wrote:
> > Hello Tom,
> >
> > thanks for the quick reply:
> >
> > Be sure that your Kernel is fully patched. This sounds like a problem
> > that I, along with a number of others, have experienced; it was
> > corrected in a subsequent kernel update. The problem is that the
> kernel
> > ignores NDP who-has requests, which will kills the link. The constant
> > pinging keeps the upstream router from issuing those requests. I
> > employed that same workaround until the problem was finally resolved.
> >
> >
> > The Kernel is 4.4.0-112-generic.
>
> Which distribution.
>
> > I was wondering, why the problem does
> > not occour, when I don't use Shorewall6's providers file. That's why I
> > believe, that it is not only the kernels fault.
>
> When I experienced the problem, it was on Debian 8 with a 3.16.36
> kernel, but I don't recall when it was corrected. I saw it when using
> multiple providers, but I don't recall if I tried without that part of
> the configuration.
>
> > So here is the other
> > solution I just found: Replace the upstream routers gateway address with
> > the link local one of the router:
> >
> > This is how I did it
> > - Find out the link local address of upstream router on eth0,
> > where 2001:abcd:1234::1: is the providers gateway:
> >
> > # ip -6 neigh sjow dev eth0
> > fe80::1ae7:28ff:fe65:fcf2 lladdr 18:e7:28:65:fc:f2 router STALE
> > 2001:abcd:1234::1 lladdr 18:e7:28:65:fc:f2 router STALE
> >
> > - Then in the providers file replace the gateway address with the link
> > local:
> >
> > #NAME NUMBER MARK DUPLICATEINTERFACE GATEWAY
> > OPTIONS COPY
> > #mkn 1 - - eth0
> > 2001:abcd:1234::1track,primary -
> > mkn 1 - - eth0
> > fe80::1ae7:28ff:fe65:fcf2 track,primary -
> > htp 2 - - eth1
> > fe80::464e:6dff:fe15:789atrack,fallback -
> >
> > Now it works almost perfect, packet loss is almost 0 over > 1000 pings.
> > It's no longer needed to continuosly ping the gateway.
> >
>
> My own configuration (http://www.shorewall.org/SharedConfig.html) used
> the link level IP address as the gateway out of eth0. I switched it to
> use the global address, and I'm still not seeing any packet loss out of
> that interface. Without knowing what is happening at the link level on
> your system, I really can't guess what the issue cause might be.
>
> -Tom
> --
> Tom Eastep \ Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \ understand
> \_______________________________________________
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
--
Udo Schacht-Wiegand
cantamen support team
--
cantamen :: Am Hohen Ufer 3A :: 30159 Hannover :: GERMANY
Phone: +49-511-270424-20 :: Fax: +49-511-5902-6264
http://www.cantamen.de
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
