7

we have set up a small IPv6 Testing network. The setup looks like this:

    ::/0
+----------+
| Firewall | Router to the public net
+----------+
     |           2001:...::/106
     |       +----------+
     +-------|  SIT GW  | sit Tunnel gatway to the some test users
     |       +----------+
     |
+----------+
| Test Sys |  Testsystem
+----------+

The idea is to advertise the default route from the firewall and the route for the SIT subnets from the sit gateway. The configurations for radvd are:

# Firewall
interface eth0
{
   AdvSendAdvert on;
   route ::/0 
   {
   };
};


# SIT Gatway
interface eth0
{
   AdvSendAdvert on;
   route 2001:...::/106
   {
   };
};

We have captured the adv. packages with tcpdump and the packages looks good. We see a default route from the fw, and the subnet route from the SIT gatway.

But if we look on the testsystem there are two default routes over both gateways. There is no subnet route. The routing does not work of course. Here the routes we get:

2001:.....::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::baac:6fff:fe8e:XXXX dev eth0  proto kernel  metric 1024  expires 0sec mtu 1500 advmss 1440 hoplimit 64
default via fe80::e415:aeff:fe12:XXXX dev eth0  proto kernel  metric 1024  expires 0sec mtu 1500 advmss 1440 hoplimit 64

Any Idea?

Thomas Berger
  • 1,700
  • 12
  • 22
  • Now, what does the network _really_ look like? I don't think you're trying to use some sort of mysterious 3-way cable. And what's with the `/106`? – Michael Hampton Oct 11 '12 at 13:42
  • @MichaelHampton of course there is a switch between the systems. And the /106 is a small subnet used for the sit endpoints. Of course this network could not be used to autoconfigure. – Thomas Berger Oct 11 '12 at 13:52
  • You should probably set static addresses on the tunnel endpoints. I can't really think of any good reason to use radvd there. – Michael Hampton Oct 11 '12 at 13:57
  • @MichaelHampton we USE static addresse there. The problem is within the _routing_ not the address allocation. – Thomas Berger Oct 11 '12 at 13:58
  • `radvd` _advertises_ routes. It does not set them up in the first place. Post your routing table. – Michael Hampton Oct 11 '12 at 14:00
  • @MichaelHampton i *did* post my routing table. At least the resulting table on the test system, after the advertises was received. – Thomas Berger Oct 11 '12 at 14:06

1 Answers1

7

I have found the problem.

Per default, the Linux kernel does only accept default routes via the router advertisement options in icmpv6.

To fix this, the correct kernel parameter must be set:

net.ipv6.conf.all.accept_ra_rt_info_max_plen = 128

From kernel docs:

accept_ra_rt_info_max_plen - INTEGER Maximum prefix length of Route Information in RA.

    Route Information w/ prefix larger than or equal to this
    variable shall be ignored.

    Functional default: 0 if accept_ra_rtr_pref is enabled.
                        -1 if accept_ra_rtr_pref is disabled.
Thomas Berger
  • 1,700
  • 12
  • 22