IPV6 Routing

[Queued]

I'm sure I'm missing something pretty simple here, so please bear with me. I have both native IPv4 and IPv6 connections to the Internet, which are completely separate, on two separate NIC's. The LAN is connected on a third NIC.

• re0: Internal LAN
• re1: External IPv4
• re2: External IPv6

So, what I'd like to do is have the LAN be able to use IPv4 and IPv6. IPv4 works pretty well, using NAT. IPv6 works up to the Gateway, at least:

[CMD][root@baddomain /]# ping6 www.kame.net[/CMD]
PING6(56=40+8+8 bytes) 2601:d:500:500:225:22ff:fe51:b301 --> 2001:200:dff:fff1:216:3eff:feb1:44d7
16 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7, icmp_seq=0 hlim=50 time=183.637 ms

This is a FreeBSD 9.2 system, so, from my rc.conf:

ifconfig_re2_ipv6="inet6 accept_rtadv"
ipv6_gateway_enable="YES" 
rtadvd_enable="YES"
rtadvd_interfaces="re0"
ipv6_cpe_wanif="re2"

On the LAN, I can ping the gateway box using IPv6 link local addresses, and when I try to ping6 an external address, get a complaint about being a non-routable address; all of this makes sense. So as what seems to me like a fairly straightforward test, I assign static addresses on the LAN (the re0 interface and a machine on the same segment.) They can ping each other, but traffic won't go out.

Am I missing something wonderfully fundamental?

 

[SirDice]

The machines on the LAN should get a global IPv6 address through rtadvd(8). Link-local addresses are non-routable so if that's the only IPv6 address your clients have then routing does indeed not work.

 

[Queued]

Perhaps I wasn't clear enough. I wasn't expecting link local addresses to route, I was only expecting them to show that the re0 address was pingable on the LAN side. Note: it also pings from the other IPv6 address, which I'll note is, at the moment, statically assigned, as I mentioned. This does not route, contrary to my expectations.

In the original post, you'll notice that rtadvd is enabled on the re0 (LAN) interface.

Some additional detail might help:

[root@baddomain /]# ifconfig                       
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:23:cd:b0:3d:c2
	inet 10.168.0.1 netmask 0xff000000 broadcast 10.255.255.255
	inet6 fe80::223:cdff:feb0:3dc2%re0 prefixlen 64 scopeid 0x1 
	inet6 2601:d:500:500:225:22ff:fe51:b30f prefixlen 64 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:23:cd:b0:03:93
	inet 162.17.5.245 netmask 0xfffffffc broadcast 162.17.5.247
	inet6 fe80::223:cdff:feb0:393%re1 prefixlen 64 scopeid 0x2 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
re2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:25:22:51:b3:01
	inet6 fe80::225:22ff:fe51:b301%re2 prefixlen 64 scopeid 0x3 
	inet6 2601:d:500:500:225:22ff:fe51:b301 prefixlen 64 autoconf 
	inet 10.1.10.10 netmask 0xffffff00 broadcast 10.1.10.255
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
	nd6 options=61<PERFORMNUD,AUTO_LINKLOCAL,NO_RADR>

[root@baddomain /etc]# cat rtadvd.conf
re0:\
      :addr="2601:d:500:500::":prefixlen#56:

 

[kpa]

Hmm you have the address 2601:d:500:500:225:22ff:fe51:b30f/64 on re0 and the address 2601:d:500:500:225:22ff:fe51:b301/64 on re2. Those two addresses are from the same /64 subnet yet they are assigned on two different interfaces on the same host. That is not going to work. What you need to do is to get (if you don't already have) a separate routable /64 for your LAN network at re0.

 

[Queued]

:r Wow, it seems painfully obvious now that you've pointed it out. Thanks!