User avatar
elkberry
Posts: 167
Joined: Wed Dec 28, 2016 9:21 pm

[SOLVED]IPv6 forwarding traffic is lost w/o ICMPv6 notice

Fri May 12, 2017 1:28 pm

(Notice to mods: I've asked in troubleshooting, but got no replies, so I hope that asking in networking might be better, without falling to cross-posting; in any case, this is my last attempt here...)

Setup: Raspberry Pi 3B with recent Jessie, updated as of today. Upstream IPv6 "Enterprise" network at eth1, downstream eth0 shall offer IPv6 "Enterprise" connectivity to its local IPv6 nodes. eth0 and eth1 are autoconfigured by SLAAC. dhcpcd for IPv6 requests a prefix block from the upstream router that is reached through eth1, then assigns a /64 from this prefix block to downstream eth0. radvd gets autoconfigured to properly announce the downstream prefix via eth0, as well as more specific routes to the prefix block on the upstream eth1 LAN. So far, so good, works as required. Pings from the RPi to upstream and downstream nodes work correctly.

A "net.ipv6.conf.all.forwarding=1" in /etc/sysctl.conf switches on IPv6 forwarding. I've also setup netifilter-persistent to load a default rule set from /etc/iptables/rules.ipv6 that sets INPUT, FORWARD, OUTPUT all to ACCEPT policy (because this is an "inner" routing node, not a border router). ip6tables -L confirms this setting.

Now, when I try to ping6 any upstream node from a downstream IPv6 node, I never get any ping responses. But I also don't get any ICMPv6 not reachable indications. Traceroute shows that my RPi IPv6 router correctly responds, but anything beyond upstream cannot be seen. Wireshark on "any" (eth0, eth1) shows that the IPv6 pings arrive on eth0, but never get forwarded to eth1.

A cross-check by adding a broken upstream route to the IPv6 RPi router causes the router to correctly reply with ICMPv6 not reachable to its downstream nodes on the eth0 LAN.

But removing this route the traffic from downstream eth1 to be destined for upstream eth0 completely disappears "inside" the RPi router without any indication.

Any idea what might be borked and what I'm missing here...?
Last edited by elkberry on Fri May 12, 2017 6:23 pm, edited 1 time in total.
From ZX81 to Raspberry Pi, but wait ... where's the 7805 gone?

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26673
Joined: Sat Jul 30, 2011 7:41 pm

Re: IPv6 forwarding: enabled, traffic is lost w/o ICMPv6 not

Fri May 12, 2017 1:59 pm

How recent is the Jessie? There have been a few networking fixes in the last couple of weeks, and we have moved to 4.9 kernel, which also has a load of fixes.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

User avatar
elkberry
Posts: 167
Joined: Wed Dec 28, 2016 9:21 pm

Re: IPv6 forwarding: enabled, traffic is lost w/o ICMPv6 not

Fri May 12, 2017 2:08 pm

kernel is 4.9.24-v7+ #993

I've just noticed while trying to hunt down the cause that my RPi actually does forward the ICMPv6 pings, something I missed before in my wireshark traces (shame on me). So this actually is a problem in my router hierarchy, as I'm noticing seemingly circling ICMPv6 packets higher up.

Sorry for the noise, I should have noticed that earlier; must have been raspberries on my eyes... ;)
From ZX81 to Raspberry Pi, but wait ... where's the 7805 gone?

Return to “Networking and servers”