Jail does not respond over IPv6 until it initiates traffic

I am experiencing this odd issue when I restart one of my jails, which operates as the IPv6 router, does not respond to IPv6 packets, even though tcpdump reveals that it receives them. It isn't until it initiates a traffic with other hosts that it starts to respond. IPv4 works just fine.

I have had jail 2 ping the router and receive nothing in response. Then the router jail will ping back and immediately jail 2 will receive packets back. This also seems to happen outside of the jail bridge.

Let me know what I should provide to help debug this issue. Here are some settings:
  • This is FreeBSD 12.0-CURRENT
  • IPv6 works just fine
  • All of these jails are on the same bridge on the same /64 network
  • Each jail has its own epair interface
  • I did was explicitly disabling "inet6 no_dad" because on 11.2 kept giving my epairs matching mac addresses, which 12.0 does not seem to do.
Any ideas?
 
CURRENT isn't supported on this forum because it's a developer snapshot which doesn't even provide guarantees that it'll actually run. Theoretically such bugs could also cause other issues.

One comment though: you say that the jail functions as an IPv6 router? That seems like possible design flaw because a jail cannot control the network stack. Tasks such as routing, firewall, NAT, etc. can only be performed on the host.
 
I'm sorry, I meant to say 12.0-RELEASE. I am not using any firewalls.
I have been using it as a router for a few months now to HE. That has not been a problem.
This seems like an IPv6 or epair issue. The jails cannot communicate between themselves.
 
How did you set up the jails? Can you show us /etc/jails.conf?

IPv6 works differently than IPv4 in the sense that a lot of things are more dynamic, which is also why IPv6 relies much more on the ICMP protocol. I'm not sure from mind but could well imagine that this is also a possible cause for your problems.
 
Back
Top