Project

General

Profile

Actions

Bug #13423

open

IPv6 neighbor discovery protocol (NDP) fails in some cases

Added by Chris Linstruth about 1 month ago. Updated 5 days ago.

Status:
New
Priority:
Normal
Assignee:
Category:
IPv6 Router Advertisements (RADVD)
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

This is proving fairly difficult to pin down a set of "steps to duplicate." In some cases an IPv6 interface seems to ignore received Neighbor Solicitation packets for an address on that interface and not respond.

If traffic is generated from this non-responding host, causing NDP to be performed in the other direction, communication is possible until the NDP entry expires. Connections are then impossible if originated from the other host.

This looks to be something in FreeBSD upstream.

Actions #1

Updated by Jim Pingle about 1 month ago

A few other details:

This seems to only affect GUA (and possibly ULA) addresses, Link Local addresses always respond to NDP. I first noticed this as some of my lab VMs failing to ping their gateway when the gateway was configured as a static GUA address. Change it to use the LL address of the same host and it responds.

Packet capture shows the ND packet arrive, no response is generated.

Firewall rules are passing the ND packets, nothing is dropped by pf.

We haven't yet managed to figure out the exact circumstances around when/why it starts and have not yet been able to reproduce it on demand.

Actions #4

Updated by Jim Pingle about 1 month ago

Pim Pish wrote in #note-3:

Here's a similar case.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263288

We saw that and considered it but in this case the "bad neighbor solicitation messages" counter is still 0 and there are no logged errors as there are on that FreeBSD issue. The NS messages aren't spoofed and are from the prefix configured on both neighbors.

Actions #5

Updated by David Durrleman 5 days ago

I confirm that I experience and can reproduce this bug reliably on my local setup (pfsense 22.05-RELEASE on Netgate 1100).
When trying to access ipv6 from my TrueNAS autoconfigured address on the network advertised by pfsense, no route is found. If I ping6 the TrueNAS ip from pfsense, I get a response, and this does indeed enable ipv6 communication in the other direction for a while. It was working on 22.01, and broken after upgrading to 22.05.

I had asked for help on this issue in a forum post (https://forum.netgate.com/topic/173508/lost-ipv6-connectivity-on-truenas-core-after-upgrade-from-22-01-to-22-05) which gathers feedback from other users similarly affected, and also believe this was previously described in #12663
Let me know if I can help troubleshoot further.

Actions #6

Updated by Flole Systems 5 days ago

Might be this issue: https://www.mail-archive.com/freebsd-net@freebsd.org/msg63838.html

There's also some info on how to attempt to reproduce it in the thread.

Actions

Also available in: Atom PDF