|
Connecting from subnet only works when constantly pinging the router
![[nl]](/s/countries/nl.gif) Carmen Sandiego on Thursday, 23 September 2004 11:08:48
Hello,
My setup
ipv6 tunnel
subnethost -----> router -------> pop
Both the router and the subnet host are running Debian GNU/Linux with a 2.6 kernel. (The router has 3 network cards, all have an ip6 in the same subnet.) The router runs radvd, with the following config:
interface eth2
{
AdvSendAdvert on;
prefix 2001:960:71c:beef::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
I also tried assigning a static address to the subnet host instead of using radvd, but that didn't help. Fiddling with the MTU didn't help either.
Furthermore, the router runs a firewall 'script' (from http://rocky.eld.leidenuniv.nl/page/iptables/iptframe.htm), with IPv6 support enabled, which effectively means it does: iptables -A INPUT -p 41 -j ACCEPT. I've also tried the iptables line from the FAQ about connection tracking, to no avail.
My problem
Most of the time, I can ping6 fine to e.g. sixxs.net and to my router from the host in the subnet. Only when I want to browse IPv6 sites, my browser (Opera 7.60) takes a long time trying to connect to the site, eventually falling back the the IPv4 address (if available), except when I constantly ping6 my router from my subnet host...
Sometimes, it takes a few packets before the router starts responding, but when it does, I have no more problems browsing IPv6 sites.
A typical 'session' may look like this... (captured with ethereal on the subnet host)
No. Time Source Destination Protocol Info
1 0.000000 2001:960:71c:beef:2e0:7dff:fee9:da87 ff02::1:ffae:24da ICMPv6 Neighbor solicitation
2 0.000428 2001:960:71c:beef:250:fcff:feae:24da 2001:960:71c:beef:2e0:7dff:fee9:da87 ICMPv6 Neighbor advertisement
3 0.000442 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
4 0.495063 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:838:1:1:210:dcff:fe20:7c7c TCP 49996 > https [SYN] Seq=0 Ack=0 Win=4880 Len=0 MSS=1220 TSV=1369421251 TSER=0 WS=7
5 0.999017 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
6 1.998847 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
7 2.998697 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
8 4.005279 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
9 4.999571 fe80::250:fcff:feae:24da 2001:960:71c:beef:2e0:7dff:fee9:da87 ICMPv6 Neighbor solicitation
10 4.999605 2001:960:71c:beef:2e0:7dff:fee9:da87 fe80::250:fcff:feae:24da ICMPv6 Neighbor advertisement
11 5.006755 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
12 6.006241 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
13 7.006091 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
14 8.005937 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
17 9.006126 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:960:71c:beef:250:fcff:feae:24da ICMPv6 Echo request
18 9.006387 2001:960:71c:beef:250:fcff:feae:24da 2001:960:71c:beef:2e0:7dff:fee9:da87 ICMPv6 Echo reply
21 9.512437 2001:838:1:1:210:dcff:fe20:7c7c 2001:960:71c:beef:2e0:7dff:fee9:da87 TCP https > 49996 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=3726004793 TSER=1369421251 WS=0
22 9.512470 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:838:1:1:210:dcff:fe20:7c7c TCP 49996 > https [ACK] Seq=1 Ack=1 Win=4992 Len=0 TSV=1369430269 TSER=3726004793
23 9.512930 2001:960:71c:beef:2e0:7dff:fee9:da87 2001:838:1:1:210:dcff:fe20:7c7c TLS Client Hello
I expected it has something to do with the neighbour soliciting / advertising, since that seems to be using mix of global and link addresses. (I couldn't see the pattern, if there is any ;)). However, I don't know how to control that.
I'm kinda lost, since I'm fairly new to all the IPv6 stuff, I have no more ideas where to look for the problem. Hopefully somebody here can fill me in.
Connecting from subnet only works when constantly pinging the router
"The router has 3 network cards, all have an ip6 in the same subnet."
I do not hope you mean to say that they all have the same IP do you...
What kind (brand) of network cards* do you have?
You might want to try "ifconfig eth2 allmulti" this helps on broken cards (including VmWare btw) that don't always see their multicast packets correctly.
*) I do not know the "Netronix" brand ;)
Connecting from subnet only works when constantly pinging the router
Carmen Sandiego on Thursday, 23 September 2004 12:58:08
Hehe, no, they all have a different IP ;)
The router has 2 realteks (8139) and an ne2000 card, the 'netronix' is my subnet host, and is some kind of cheap builtin card that is in fact also a realtek 8139.
The allmulti option didn't help either, unfortunately...
Connecting from subnet only works when constantly pinging the router
Realteks do have the multicast problem sometimes, actually they are one of the worst cards one can get, then again I am a real intel-pro... ;)
Maybe the switch/hub whatever links them is not entirely multicast-capae ?
Anyway, the only thing you can do is tcpdump and check your neighbour caches (ip nei sho) to check if they are also really received and I guess not.
Connecting from subnet only works when constantly pinging the router
Carmen Sandiego on Thursday, 23 September 2004 14:21:43
I found out what was wrong...
ip nei sho correctly showed the right neighbours, only problem was that eth0 got the subnet host as neighbour (which is not possible, since the hosts are not physically connected), which resulted in a failed link.
Disabling the IPv6 of the other network cards fixed this problem. The problem was caused by putting all devices in the same subnet, while that's not what's the (physical) case...
Actively pinging the router made sure the subnet host stayed in the neighbour cache, connected with the right device.
Thank you for your time, hints and help!
Connecting from subnet only works when constantly pinging the router
Thus "I do not hope you mean to say that they all have the same IP do you..." was the case mostly ;)
Guess why you get a /48 as a subnet, you can use it to give 65535 links a /64...
|
![[ch]](/s/countries/ch.gif)
on Thursday, 23 September 2004 11:28:00
Posting is only allowed when you are