Home / server / Questions / 659773
Accepted
Penegal
Asked: 2015-01-16 06:28:03 +0800 CST

Debian Wheezy doesn't answer to ICMPv6 neighbor solicitations

  • 772

Hello, there.

I manage some Wheezy servers with IPv6 enabled on all of them. They all have a global IPv6 /64 block using the first address in the block as the primary, i.e.:

root@Host /h/david# ifconfig
eth0      Link encap:Ethernet  HWaddr 4c:72:b9:56:03:6e  
          […]
          adr inet6: fe80::4e72:b9ff:fe56:36e/64 Scope:Lien
          adr inet6: 2001:1234:1234:1234::1/64 Scope:Global
          […]

I recently saw that, even if the whole block is configured on the interface, only the one in the block definition, here 2001:1234:1234:1234::1, answers to IPv6 requests. For example, if I ping 2001:1234:1234:1234::2 or 2001:1234:1234:1234::42, I get no answer. I already checked the firewall, which lets all ICMPv6 requests passing through, including NDP ones, but NDP is still a problem to me: Wheezy doesn't answer to Neighbor solicitations. Here is what I get from tcpdump when I listen while pinging:

root@Host /h/david# tcpdump icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode                                            
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes                                              
10:55:23.224447 IP6 fe80::264:40ff:fe3a:fac0 > ff02::1:ff00:55: ICMP6, neighbor solicitation, who has 2001:1234:1234:1234::55, length 32                                                                                                       
10:55:24.311669 IP6 fe80::264:40ff:fe3a:fac0 > ff02::1:ff00:55: ICMP6, neighbor solicitation, who has 2001:1234:1234:1234::55, length 32                                                                                                       
10:55:25.392511 IP6 fe80::264:40ff:fe3a:fac0 > ff02::1:ff00:55: ICMP6, neighbor solicitation, who has 2001:1234:1234:1234::55, length 32                                                                                                       
^C

As you can see, Wheezy doesn't answer to Neighbor solicitations. I thought about kernel parameters, but I didn't change any of them, and I can't see why the default config would ignore NDP packets, which are, from what I read, critical. In addition, I tried changing the following parameters :

root@Host /h/david# sysctl -w net.ipv6.conf.all.accept_ra=1     
net.ipv6.conf.all.accept_ra = 1                                   
root@Host /h/david# sysctl -w net.ipv6.conf.default.accept_ra=1 
net.ipv6.conf.default.accept_ra = 1                               
root@Host /h/david# sysctl -w net.ipv6.conf.eth0.accept_ra=1    
net.ipv6.conf.eth0.accept_ra = 1

This didn't work either. Does somebody see why Wheezy doesn't answer to Neighbor solicitations?

Hoping to understand where the problem is,

Regards.

ipv6

1 Answers

  1. Best Answer

    You don't configure a whole block of addresses on your interface. In your example you only configured one address from a /64 subnet.

    When you configure for example 192.168.1.1/24 (which is 192.168.1.1/255.255.255.0 in pre-CIDR notation) you configure one address (192.168.1.1) in a subnet (192.168.1.0/24). IPv6 works in exactly the same way.

    Wheezy is doing the right thing here.

    • 0