IPv6 SLAAC - unable to ping6 other hosts, but inbound ping6 works.

[candunc]

This is a fresh install of FreeBSD 11.2 with essentially default option; IPv4 is enabled over DHCP and IPv6 is enabled over SLAAC. I get an IPv6 address but no outbound routes seem to work, and when I attempt to add default routes it complains that they are already in the routing table. I'm a bit confused on how to progress further, because IPv6 pings to the host work, but not the other way around.

I've faced a similar issue in the past with jails, where the host worked with IPv6 but the jails did not, however I "solved" that issue by forcing the jails to use IPv4 only. I'd rather not do that this time around if possible. Is there any config options I've missed? I've attempted setting ipv6_defaultrouter in /etc/rc.conf to both the fe80::%vtnet0 address and the 2001: address reported by the router, but again route complains that those are already in the table.

ifconfig

vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 08:00:27:73:7f:3a
        hwaddr 08:00:27:73:7f:3a
        inet6 fe80::a00:27ff:fe73:7f3a%vtnet0 prefixlen 64 scopeid 0x1
        inet6 2001:xxxx:xxxx:e300:a00:27ff:fe73:7f3a prefixlen 64 autoconf
        inet 192.168.1.70 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo

ping6 to the host

$ ping [2001:xxxx:xxxx:e300:a00:27ff:fe73:7f3a]

Pinging 2001:xxxx:xxxx:e300:a00:27ff:fe73:7f3a with 32 bytes of data:
Reply from 2001:xxxx:xxxx:e300:a00:27ff:fe73:7f3a: time<1ms

ping6 from the host

PING6(56=40+8+8 bytes) 2001:xxxx:xxxx:e300:a00:27ff:fe73:7f3a --> 2001:xxxx:xxxx:e300:ec75:8914:843e:d4dd
^C
--- 2001:xxxx:xxxx:e300:ec75:8914:843e:d4dd ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss

/etc/rc.conf

ifconfig_vtnet0="DHCP"
ifconfig_vtnet0_ipv6="inet6 accept_rtadv"
rtsold_enable="YES"

netstat -6nr

Routing tables

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
default                           fe80::1278:5bff:fecf:3a60%vtnet0 UG    vtnet0
::1                               link#2                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2001:xxxx:xxxx:e300::/64           link#1                        U        vtnet0
2001:xxxx:xxxx:e300:a00:27ff:fe73:7f3a link#1                    UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%vtnet0/64                  link#1                        U        vtnet0
fe80::a00:27ff:fe73:7f3a%vtnet0   link#1                        UHS         lo0
fe80::%lo0/64                     link#2                        U           lo0
fe80::1%lo0                       link#2                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0

 

[SirDice]

Can you ping the default gateway? Try ping6 fe80::1278:5bff:fecf:3a60%vtnet0.

The vtnet(4) interface implies you're on a VM. How is the host configured?

 

[candunc]

Yes, I am able to ping the default gateway. I played around with it and if I manually set the route to the gateway's non-local IPv6 address (2001:xxxx:xxxx:e300:1278:5bff:fecf:3a60) it works for about 30 seconds before regressing to ping6 not working. Re-running the command does seem to fix the problem, again temporarily.

# route -6 delete default
# route -6 add default 2001:xxxx:xxxx:e300:1278:5bff:fecf:3a60

# ping6 freebsd.org
PING6(56=40+8+8 bytes) 2001:xxxx:xxxx:e300:a00:27ff:fe73:7f3a --> 2610:1c1:1:606c::50:15
16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=0 hlim=56 time=183.146 ms

As for the VM, the network is set up with a network bridge with a virtio-net adapter. I've had identical issues in FreeBSD jails running on metal so I'm doubtful that it is a VM issue.

I've seen you in the various forum posts I consulted prior to posting this thread, so I really appreciate the help SirDice.

 

[SirDice]

Yes, I am able to ping the default gateway. I played around with it and if I manually set the route to the gateway's non-local IPv6 address (2001:xxxx:xxxx:e300:1278:5bff:fecf:3a60) it works for about 30 seconds before regressing to ping6 not working. Re-running the command does seem to fix the problem, again temporarily.

Then I'm leaning towards an issue on the host side of it. There's nothing wrong with the client's network configuration, it's all set the way it's supposed to be. You can even ping the default gateway. That alone is sufficient to rule out any configuration issues on the client. So we need to look at the next step in the chain.

As for the VM, the network is set up with a network bridge with a virtio-net adapter.

Exactly how? And do you have any IP addresses assigned to the bridge itself or any of the physical interfaces that are tied to this bridge?

I've had identical issues in FreeBSD jails running on metal so I'm doubtful that it is a VM issue.

No, not the VM or the virtualization layer. I'm more suspicious of the bridge configuration and is the common factor for both situations. There's some counter-intuitive behavior because of the way it hooks into the network stack.

I've seen you in the various forum posts I consulted prior to posting this thread

With a post count of 30.000+, it's difficult not finding any of my posts