Solved IPv6: no response to neighbor solicitation for address on bridge

I can't get IPv6 on bridge interface to work. Configuration is simple:

/etc/rc.conf
Code:
ifconfig_em0_ipv6="inet6 accept_rtadv"
ifconfig_em0_ipv6="inet6 xxx::123:111 prefixlen 64"
ifconfig_bridge0_ipv6="inet6 accept_rtadv"
ifconfig_bridge0_ipv6="inet6 xxx::123:222 prefixlen 64"
rtsold_enable="YES"
ipv6_defaultrouter="xxx::1"

Code:
#ifconfig
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 08:00:27:75:29:06
        inet6 fe80::a00:27ff:fe75:2906%em0 prefixlen 64 scopeid 0x1
        inet6 xxx::123:111 prefixlen 64
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: EXT
        ether 02:04:08:08:04:04
        inet6 xxx::123:222 prefixlen 64
        nd6 options=1<PERFORMNUD>
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000

I can reach the address on physical interface from internet:

Code:
# tcpdump -ni em0 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:08:34.602722 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff23:111: ICMP6, neighbor solicitation, who has xxx::123:111, length 32
11:08:34.602799 IP6 fe80::a00:27ff:fe75:2906 > fe80::20c:42ff:fe9c:704f: ICMP6, neighbor advertisement, tgt is xxx::123:111, length 32
11:08:34.603016 IP6 yyy::215 > xxx::123:111: ICMP6, echo request, seq 0, length 16
11:08:34.603049 IP6 xxx::123:111 > yyy::215: ICMP6, echo reply, seq 0, length 16

But there is no response to the neighbor solicitation from the router for the address on the bridge interface:

Code:
# tcpdump -ni em0 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:12:03.601488 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff23:222: ICMP6, neighbor solicitation, who has xxx::123:222, length 32
11:12:04.597720 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff23:222: ICMP6, neighbor solicitation, who has xxx::123:222, length 32
11:12:05.597753 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff23:222: ICMP6, neighbor solicitation, who has xxx::123:222, length 32

Does please anyone know what I am doing wrong?
 
Don't assign addresses to em0 if you're going to bridge it. Besides that, use either static or SLAAC, not both.

Code:
ifconfig_bridge0_ipv6="inet6 accept_rtadv"
ifconfig_bridge0_ipv6="inet6 xxx::123:222 prefixlen 64"
This is a failure too, these are variables, not commands, so the last setting overrules the first.

Code:
#!/bin/sh

var1="foo"
var1="bar"
echo $var1
 
  • Thanks
Reactions: pbd
Code:
ifconfig_bridge0_ipv6="inet6 accept_rtadv"
ifconfig_bridge0_ipv6="inet6 xxx::123:222 prefixlen 64"
This is a failure too, these are variables, not commands, so the last setting overrules the first.

Of course :oops:

Don't assign addresses to em0 if you're going to bridge it. Besides that, use either static or SLAAC, not both.

So I removed the address from em0 a left only static address for bridge0:

/etc/rc.conf
Code:
ifconfig_bridge0_ipv6="inet6 xxx::123:222 prefixlen 64"
ipv6_defaultrouter="xxx::1"
#rtsold_enable="YES"

Code:
# ifconfig em0
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 08:00:27:75:29:06
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
# ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:04:08:08:04:04
        inet6 xxx::123:222 prefixlen 64
        nd6 options=1<PERFORMNUD>
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000

But still no answer:

Code:
# tcpdump -ni em0 ip6
tcpdump: WARNING: em0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:58:40.084074 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff23:222: ICMP6, neighbor solicitation, who has 2a02:e98:40:303::123:222, length 32
12:58:41.074979 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff23:222: ICMP6, neighbor solicitation, who has 2a02:e98:40:303::123:222, length 32
12:58:42.070007 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff23:222: ICMP6, neighbor solicitation, who has 2a02:e98:40:303::123:222, length 32

When I move the address from bridge0 to em0 everything works.
 
Had to double check my server at home, I'm preparing it to move to a datacenter.

I have this in rc.conf:
Code:
cloned_interfaces="bridge0"
ifconfig_igb0="up"
ifconfig_igb0="up"
ifconfig_bridge0="addm igb0 addm igb1 192.168.10.180 netmask 255.255.255.0"
ifconfig_bridge0_ipv6="inet6 aaa:bbb:ccc:ddd::180/64"
ipv6_defaultrouter="aaa:bbb:ccc:ddd::1"

I obviously changed the IPv6 address but it works:
Code:
dice@hosaka:~ % ping6 -c 4 molly
PING6(56=40+8+8 bytes) aaa:bbb:ccc:ddd::180 --> aaa:bbb:ccc:ddd::190
16 bytes from aaa:bbb:ccc:ddd::190, icmp_seq=0 hlim=64 time=0.297 ms
16 bytes from aaa:bbb:ccc:ddd::190, icmp_seq=1 hlim=64 time=0.217 ms
16 bytes from aaa:bbb:ccc:ddd::190, icmp_seq=2 hlim=64 time=0.304 ms
16 bytes from aaa:bbb:ccc:ddd::190, icmp_seq=3 hlim=64 time=0.284 ms

--- molly.dicelan.home ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.217/0.276/0.304/0.035 ms

Note the total lack of configuration of the bridge members. And I'm using static addresses, not SLAAC.
 
Solved. I previosly used this configuration:

Code:
# uname -a
FreeBSD  11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016
root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
# cat /etc/rc.conf
cloned_interfaces="bridge0"
ifconfig_bce0="up"
ifconfig_bridge0="addm bce0"
ifconfig_bridge0_ipv6="inet6 a:b::dada prefixlen 64"
ipv6_defaultrouter="a:b::1"
sshd_enable="YES"

It worked when communicating with hosts on same network but not when I tried to reach the IP on the bridge from internet. The reason was in source address of ICMP6 neighbor solicitation packets. In case of local network, the neighbor host send neighbor solicitation packet with source address from the public network a:b::/64, but whem trying it from internet, my gateway router send the neighbor solicitation from link-local address fe80::/64 which was unknown to destination machine as this network is not configured on bridge interface by default:

Code:
# ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:cc:63:66:1e:00
        inet6 a:b::dada prefixlen 64
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: bce0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 55

Tcpdump when trying to ping from host on same network:

Code:
# tcpdump -ni bce0 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bce0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:00:39.584363 IP6 a:b::cece > ff02::1:ff00:dada: ICMP6, neighbor solicitation, who has a:b::dada, length 32
15:00:39.584394 IP6 a:b::dada > a:b::cece: ICMP6, neighbor advertisement, tgt is a:b::dada, length 32
15:00:39.584610 IP6 a:b::cece > a:b::dada: ICMP6, echo request, seq 0, length 16
15:00:39.584631 IP6 a:b::dada > a:b::cece: ICMP6, echo reply, seq 0, length 16

Tcpdump when trying to ping from host on internet:

Code:
root@:~ # tcpdump -ni bce0 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bce0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:02:52.289424 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff00:dada: ICMP6, neighbor solicitation, who has a:b::dada, length 32
15:02:53.287972 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff00:dada: ICMP6, neighbor solicitation, who has a:b::dada, length 32
15:02:54.287927 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff00:dada: ICMP6, neighbor solicitation, who has a:b::dada, length 32

Configuring link-local address on the bridge solved it. I added auto_linklocal to ipv6 config of bridge in rc.conf:

Code:
# cat /etc/rc.conf
cloned_interfaces="bridge0"
ifconfig_bce0="up"
ifconfig_bridge0="addm bce0"
ifconfig_bridge0_ipv6="inet6 a:b::dada prefixlen 64 auto_linklocal"
ipv6_defaultrouter="a:b::1"
sshd_enable="YES"

# ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:cc:63:66:1e:00
        inet6 fe80::cc:63ff:fe66:1e00%bridge0 prefixlen 64 scopeid 0x4
        inet6 a:b::dada prefixlen 64
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: bce0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 55

# tcpdump -ni bce0 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bce0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:37:26.633797 IP6 fe80::20c:42ff:fe9c:704f > ff02::1:ff00:dada: ICMP6, neighbor solicitation, who has a:b::dada, length 32
15:37:26.633831 IP6 fe80::cc:63ff:fe66:1e00 > fe80::20c:42ff:fe9c:704f: ICMP6, neighbor advertisement, tgt is a:b::dada, length 32
15:37:26.633985 IP6 c:d::215 > a:b::dada: ICMP6, echo request, seq 0, length 16
15:37:26.634004 IP6 a:b::dada > c:d::215: ICMP6, echo reply, seq 0, length 16
 
And I thought setting up FreeBSD networking might be easy, well it's not. Actually it took me several hours just to setup bridging with IPv6 connectivity.
Thanks to this thread my pain is gone now. Very unfortunate that this howto doesn't even mention auto_linklocal.
 
Back
Top