netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* broken link-local multicast?
@ 2008-02-14 16:28 Marco d'Itri
  2008-02-15  7:31 ` Pekka Savola
  0 siblings, 1 reply; 4+ messages in thread
From: Marco d'Itri @ 2008-02-14 16:28 UTC (permalink / raw)
  To: netdev

Link-local multicast appears to be broken on some interfaces of some of
my firewalls. I think that this started after I configured quagga's
ospf6d (which does not work because of this), but I am not totally sure.

Does anybody have any idea about how to debug this?

root@frwl-5a:~# ping6 -c 1 -I eth1 ff02::1
connect: Network is unreachable

root@frwl-5a:~# ping6 -c 1 -I eth0 ff02::1
PING ff02::1(ff02::1) from fe80::204:23ff:fed8:7dc eth0: 56 data bytes
64 bytes from fe80::204:23ff:fed8:7dc: icmp_seq=1 ttl=64 time=0.032 ms

--- ff02::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.032/0.032/0.032/0.000 ms

root@frwl-5a:~# ip -6 ro | egrep '^fe80:.* eth[01] '
fe80::/64 dev eth0  metric 256  expires 18788161sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 18788161sec mtu 1500 advmss 1440 hoplimit 4294967295

root@frwl-5a:~# uname -a
Linux frwl-5a 2.6.18-3-686 #1 SMP Mon Dec 4 16:41:14 UTC 2006 i686 GNU/Linux

-- 
ciao,
Marco

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: broken link-local multicast?
  2008-02-14 16:28 broken link-local multicast? Marco d'Itri
@ 2008-02-15  7:31 ` Pekka Savola
  2008-02-15  7:58   ` David Stevens
  2008-02-18  1:21   ` Marco d'Itri
  0 siblings, 2 replies; 4+ messages in thread
From: Pekka Savola @ 2008-02-15  7:31 UTC (permalink / raw)
  To: md, netdev

On Thu, 14 Feb 2008, Marco d'Itri wrote:
> Does anybody have any idea about how to debug this?
>
> root@frwl-5a:~# ping6 -c 1 -I eth1 ff02::1
> connect: Network is unreachable

Maybe 'netstat -gn' could give clues, because you should be receiving 
a response at least from the loopback address.  Maybe your loopback 
interface has went down, or ospf6d took it down and back up (at least 
some time ago, kernel's v6 got very confused after that).

You may also want to check out that your link-local address on the 
interface you're pinging is still OK.

# netstat -gn | grep ff02
lo              1      ff02::1
eth0            2      ff02::1:ff7b:259
eth0            1      ff02::1

# ping6 -c 1 -I eth0 ff02::1
PING ff02::1(ff02::1) from fe80::207:e9ff:fe7b:259 eth0: 56 data bytes
64 bytes from ::1: icmp_seq=0 ttl=64 time=0.057 ms

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: broken link-local multicast?
  2008-02-15  7:31 ` Pekka Savola
@ 2008-02-15  7:58   ` David Stevens
  2008-02-18  1:21   ` Marco d'Itri
  1 sibling, 0 replies; 4+ messages in thread
From: David Stevens @ 2008-02-15  7:58 UTC (permalink / raw)
  To: Pekka Savola; +Cc: md, netdev

Pekka,
        I first thought the interface might be down when I saw this
one, except the interface route is present in the route list he shows
later. That's normally deleted when the interface is down.
        And a failure to be in the group just wouldn't answer--
shouldn't cause net unreachable (which is a failure to send it).

Marco,
        You called this a "firewall" -- do you get the same thing
when you have no iptables rules?

                                                +-DLS


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: broken link-local multicast?
  2008-02-15  7:31 ` Pekka Savola
  2008-02-15  7:58   ` David Stevens
@ 2008-02-18  1:21   ` Marco d'Itri
  1 sibling, 0 replies; 4+ messages in thread
From: Marco d'Itri @ 2008-02-18  1:21 UTC (permalink / raw)
  To: Pekka Savola, David Stevens; +Cc: netdev

On Feb 15, Pekka Savola <pekkas@netcore.fi> wrote:

>> root@frwl-5a:~# ping6 -c 1 -I eth1 ff02::1
>> connect: Network is unreachable
>
> Maybe 'netstat -gn' could give clues, because you should be receiving a 
> response at least from the loopback address.  Maybe your loopback  
> interface has went down, or ospf6d took it down and back up (at least  
> some time ago, kernel's v6 got very confused after that).
The loopback is up. ospf6d /may/ have done something to it, but I do not
know how to check this (and I cannot reboot these servers right now).

1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

> You may also want to check out that your link-local address on the  
> interface you're pinging is still OK.
Apparently it is:

root@frwl-5a:~#  netstat -gn | grep eth1
eth1            1      224.0.0.5
eth1            1      224.0.0.1
eth1            1      ff02::6
eth1            1      ff02::5
eth1            2      ff02::1:ff00:0
eth1            1      ff02::2
eth1            1      ff02::1:ff00:89
eth1            1      ff02::1:ffd8:7dd
eth1            1      ff02::1

These (except ff02::1:ffd8:7dd, which is different) are the same
addresses of eth0, which works.

On Feb 15, David Stevens <dlstevens@us.ibm.com> wrote:

> Marco,
>         You called this a "firewall" -- do you get the same thing
> when you have no iptables rules?
Yes, I double checked again and reproduced these results with totally
empty v6 chains.

-- 
ciao,
Marco

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-02-18  1:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-14 16:28 broken link-local multicast? Marco d'Itri
2008-02-15  7:31 ` Pekka Savola
2008-02-15  7:58   ` David Stevens
2008-02-18  1:21   ` Marco d'Itri

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).