Hello, I got my new Atlas a few days ago and connected it to my network (in a separated VLAN). In this VLAN I'm announcing routing advertisements with autonomous IPv6 addressing enabled. Appearently the probe heard this advertisement and have chosen to communicate over IPv6 - but with a link-local IPv6 address only...?! This leads to "Beyond scope"-Messages from my router which I captured with tcpdump: fe80::280:a3ff:fe91:4070.58730 > 2a01:4f8:161:3281::43:148.443: Flags [S], seq 2585125851, win 5360, options [mss 1340,sackOK,TS val 4294950236 ecr 0,nop,wscale 1] fe80::225:90ff:fe92:2478 > fe80::280:a3ff:fe91:4070: ICMP6, destination unreachable, beyond scope 2a01:4f8:161:3281::43:148, source address fe80::280:a3ff:fe91:4070 My routing advertisements are currently looking like that: fe80::225:90ff:fe92:2478 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 64 hop limit 64, Flags [none], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): 2a02:a00:e000:b:e6::/96, Flags [onlink, auto, router], valid time 86400s, pref. time 14400s mtu option (5), length 8 (1): 1400 source link-address option (1), length 8 (1): 00:25:90:92:24:78 Is there anything I can do to make the probe communicate over IPv6? Manual IP configuration is not possible since the menu item is greyed out (althrough my probe runs on FW 4470). I disabled RA at the moment so the Atlas cube can talk to the RIPEs Atlas servers. Thank you in advance! -- Greetings from Wuppertal, Germany Max Grobecker
On 10/1/12 21:50 , Max Grobecker wrote:
My routing advertisements are currently looking like that:
fe80::225:90ff:fe92:2478 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 64 hop limit 64, Flags [none], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): 2a02:a00:e000:b:e6::/96, Flags [onlink, auto, router], valid time 86400s, pref. time 14400s mtu option (5), length 8 (1): 1400 source link-address option (1), length 8 (1): 00:25:90:92:24:78
A /96 is not according the specs. For SLAAC on ethernet you need to have a /64.
On Tue, Oct 2, 2012 at 4:56 AM, Philip Homburg <philip.homburg@ripe.net>wrote:
fe80::225:90ff:fe92:2478 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 64 hop limit 64, Flags [none], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): 2a02:a00:e000:b:e6::/96, Flags [onlink, auto, router], valid time 86400s, pref. time 14400s mtu option (5), length 8 (1): 1400 source link-address option (1), length 8 (1): 00:25:90:92:24:78
A /96 is not according the specs. For SLAAC on ethernet you need to have a /64.
Agreed. This will not work. That said - why is SSH trying to communicate over IPv6 with a link-local address in the first place? getaddrinfo should be ranking the global IPv4 address above the link-local IPv6 address and thus causing SSH to prefer IPv4...
On 10/2/12 3:14 , Lorenzo Colitti wrote:
That said - why is SSH trying to communicate over IPv6 with a link-local address in the first place? getaddrinfo should be ranking the global IPv4 address above the link-local IPv6 address and thus causing SSH to prefer IPv4...
I have to check, but my guess is that no sorting is being done at all. The probe software is built on top of ucLinux. Large parts of ucLinux are reimplementations with a focus on compactness. I wondered why we never noticed this before. The reason is two fold. One is that dbclient is just about the only part in the Atlas software that can choose between IPv4 and IPv6. All other parts get told to do one or the other. The other reason is that a probe on an IPv4-only LAN will not have an IPv6 default router. So any attempt to use the link local address to connect will remain hidden within the probe.
participants (3)
-
Lorenzo Colitti -
Max Grobecker -
Philip Homburg