Routingproblem IPv6 in einigen Meshes

Fortsetzung der Diskussion von Neue »stable« Firmware 1.2.0~56:

Das Problem in Frankfurt liegt an fehlender OSPF-Kommunikation.

Aus unbekannten Gründen »erkennen« sich die OSPF-Daemons von bgp-fra01 und l2tp-fra01 sich nicht, damit fehlen im AS die Informationen, welche Netze über l2tp-fra01 erreichbar sind und l2tp-fra01 die Information über die Default-Route.

root@l2tp-fra01 ~ # birdc show ospf topology upstream | grep '^.router'
	router 87.253.188.193
	router 87.253.188.209
	router 185.133.208.75
	router 192.251.226.140
	router 193.26.120.86
	router 198.18.255.51
	router 198.18.255.52
	router 198.19.255.2
	router 198.19.255.4
	router 198.19.255.5
	router 198.19.255.10
	router 198.19.255.11
	router 198.19.255.12
	router 198.19.255.14
	router 198.19.255.25
	router 198.19.255.26
	router 198.19.255.27
	router 198.19.255.28
	router 213.128.133.185
	router 213.203.194.36
root@l2tp-fra01 ~ # birdc6 show ospf topology upstream | grep '^.router'
	router 198.19.255.10
root@l2tp-fra01 ~ # birdc6 show route export upstream
BIRD 1.6.8 ready.
2001:bf7:1310:160::/64 dev bat02 [direct1 02:38:32] * (240)
2001:bf7:1310:176::/64 dev bat03 [direct1 02:38:32] * (240)
2001:bf7:1310:144::/64 dev bat04 [direct1 02:38:32] * (240)
2001:bf7:1310:128::/64 dev bat01 [direct1 02:38:32] * (240)
2001:bf7:170:192::/64 dev bat05 [direct1 02:38:32] * (240)
2001:bf7:170:64::/64 dev bat06 [direct1 02:38:32] * (240)
root@l2tp-fra01 ~ # birdc6 show route protocol upstream
BIRD 1.6.8 ready.
root@l2tp-fra01 ~ # 

So sollte es in etwa aussehen:

root@l2tp-fra02 ~ # birdc show ospf topology upstream | grep '^.router'
	router 87.253.188.193
	router 87.253.188.209
	router 185.133.208.75
	router 192.251.226.140
	router 193.26.120.86
	router 198.18.255.51
	router 198.18.255.52
	router 198.19.255.2
	router 198.19.255.4
	router 198.19.255.5
	router 198.19.255.10
	router 198.19.255.11
	router 198.19.255.12
	router 198.19.255.14
	router 198.19.255.25
	router 198.19.255.26
	router 198.19.255.27
	router 198.19.255.28
	router 213.128.133.185
	router 213.203.194.36
root@l2tp-fra02 ~ # birdc6 show ospf topology upstream | grep '^.router'
	router 87.253.188.193
	router 87.253.188.209
	router 185.133.208.75
	router 193.26.120.86
	router 198.18.255.51
	router 198.18.255.52
	router 198.19.255.2
	router 198.19.255.5
	router 198.19.255.11
	router 198.19.255.12
	router 198.19.255.14
	router 198.19.255.25
	router 198.19.255.26
	router 198.19.255.27
	router 198.19.255.28
	router 213.128.133.185
	router 213.203.194.36
root@l2tp-fra02 ~ # birdc6 show route export upstream
BIRD 1.6.8 ready.
2001:bf7:1318:1::/64 dev bat07 [direct1 2022-03-28] * (240)
2001:bf7:1310:666::/64 dev bat66 [direct1 2022-03-28] * (240)
root@l2tp-fra02 ~ # birdc6 show route protocol upstream
BIRD 1.6.8 ready.
::/0               via fe80::a481:27ff:fe62:fcbd on ens3 [upstream 01:31:37] E2 (150/110/10000) [213.203.194.36]

Ansatzpunkt insofern gefunden, aber warum es bei l2tp-fra01 nicht klappt: ?!

root@l2tp-fra01 ~ # bird --version
BIRD version 1.6.8
root@l2tp-fra01 ~ # ssh l2tp-fra02.4830.org bird --version
BIRD version 1.6.8

Auch ein Downgrade (von 5.4.0) auf den Kernel von l2tp-fra02 brachte nix.

root@l2tp-fra01 ~ # uname -a
Linux l2tp-fra01 4.15.0-161-generic #169-Ubuntu SMP Fri Oct 15 13:41:54 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@l2tp-fra01 ~ # ssh l2tp-fra02.4830.org uname -a
Linux l2tp-fra02 4.15.0-161-generic #169-Ubuntu SMP Fri Oct 15 13:41:54 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

bgp-fra01 (und der jew. andere l2tp-frx0X) wird als OSPF-Nachbar erkannt …

root@l2tp-fra01 ~ # birdc6 show ospf neighbors upstream 
BIRD 1.6.8 ready.
upstream:
Router ID   	Pri	     State     	DTime	Interface  Router IP   
185.133.208.75	  1	Full/BDR  	00:38	ens3       fe80::a481:27ff:fe62:fcbd              
198.19.255.12	  1	ExStart/DR   	00:36	ens3       fe80::c1ff:fe1a:78eb                   
root@l2tp-fra01 ~ # ssh l2tp-fra02.4830.org birdc6 show ospf neighbors upstream 
BIRD 1.6.8 ready.
upstream:
Router ID   	Pri	     State     	DTime	Interface  Router IP   
185.133.208.75	  1	Full/BDR  	00:34	ens3       fe80::a481:27ff:fe62:fcbd              
198.19.255.10	  1	ExStart/Other	00:35	ens3       fe80::c1ff:fe1a:78e3                   
root@l2tp-fra01 ~ #

… aber in der OSPF-Topologie fehlt er:

root@l2tp-fra01 ~ # birdc6 show ospf topology upstream
BIRD 1.6.8 ready.

area 0.0.0.0

	router 198.19.255.10
		distance 0
root@l2tp-fra01 ~ # ssh l2tp-fra02.4830.org birdc6 show ospf topology upstream
BIRD 1.6.8 ready.

area 0.0.0.0

	router 87.253.188.193
		distance 160
		network [193.26.120.86-59] metric 100
		network [198.18.255.52-2] metric 10
		network [213.128.133.185-61] metric 100

	router 87.253.188.209
		distance 160
		network [198.18.255.52-2] metric 10
		network [193.26.120.86-63] metric 100
		network [213.128.133.185-60] metric 100

	router 185.133.208.75
		distance 10
		network [198.19.255.12-2] metric 10
		network [193.26.120.86-51] metric 100
		network [213.203.194.36-95] metric 100
		network [213.128.133.185-59] metric 100

	router 193.26.120.86
		distance 110
		network [198.19.255.14-2] metric 10
		network [213.128.133.185-32] metric 100
		network [213.203.194.36-81] metric 100
		network [193.26.120.86-51] metric 100
		network [193.26.120.86-59] metric 100
		network [193.26.120.86-63] metric 100

	router 198.18.255.51
		distance 170
		network [198.18.255.52-2] metric 10

	router 198.18.255.52
		distance 170
		network [198.18.255.52-2] metric 10

	router 198.19.255.2
		distance 120
		network [213.128.133.185-27] metric 10

	router 198.19.255.5
		distance 120
		network [213.203.194.36-21] metric 10

	router 198.19.255.11
		distance 120
		network [213.203.194.36-21] metric 10

	router 198.19.255.12
		distance 0
		network [198.19.255.12-2] metric 10

	router 198.19.255.14
		distance 120
		network [198.19.255.14-2] metric 10

	router 198.19.255.25
		distance 170
		network [198.18.255.52-2] metric 10

	router 198.19.255.26
		distance 170
		network [198.18.255.52-2] metric 10

	router 198.19.255.27
		distance 120
		network [213.203.194.36-21] metric 10

	router 198.19.255.28
		distance 120
		network [213.203.194.36-21] metric 10

	router 213.128.133.185
		distance 110
		network [213.128.133.185-27] metric 10
		network [213.128.133.185-32] metric 100
		network [213.203.194.36-93] metric 100
		network [213.128.133.185-59] metric 100
		network [213.128.133.185-60] metric 50
		network [213.128.133.185-61] metric 50

	router 213.203.194.36
		distance 110
		network [213.203.194.36-21] metric 10
		network [213.203.194.36-81] metric 100
		network [213.203.194.36-93] metric 100
		network [213.203.194.36-95] metric 100

	network [193.26.120.86-51]
		distance 110
		router 193.26.120.86
		router 185.133.208.75

	network [193.26.120.86-59]
		distance 210
		router 193.26.120.86
		router 87.253.188.193

	network [193.26.120.86-63]
		distance 210
		router 193.26.120.86
		router 87.253.188.209

	network [198.18.255.52-2]
		distance 170
		router 198.18.255.52
		router 198.18.255.51
		router 87.253.188.193
		router 198.19.255.26
		router 198.19.255.25
		router 87.253.188.209

	network [198.19.255.12-2]
		distance 10
		router 198.19.255.12
		router 185.133.208.75

	network [198.19.255.14-2]
		distance 120
		router 198.19.255.14
		router 193.26.120.86

	network [213.128.133.185-27]
		distance 120
		router 213.128.133.185
		router 198.19.255.2

	network [213.128.133.185-32]
		distance 210
		router 213.128.133.185
		router 193.26.120.86

	network [213.128.133.185-59]
		distance 110
		router 213.128.133.185
		router 185.133.208.75

	network [213.128.133.185-60]
		distance 160
		router 213.128.133.185
		router 87.253.188.209

	network [213.128.133.185-61]
		distance 160
		router 213.128.133.185
		router 87.253.188.193

	network [213.203.194.36-21]
		distance 120
		router 213.203.194.36
		router 198.19.255.28
		router 198.19.255.27
		router 198.19.255.5
		router 198.19.255.11

	network [213.203.194.36-81]
		distance 210
		router 213.203.194.36
		router 193.26.120.86

	network [213.203.194.36-93]
		distance 210
		router 213.203.194.36
		router 213.128.133.185

	network [213.203.194.36-95]
		distance 110
		router 213.203.194.36
		router 185.133.208.75
root@l2tp-fra01 ~ #

Versteh’ ich nicht. WTF passiert da‽

und nun?

Nun ist zu verstehen, warum OSPF über die Bridge teilweise nicht funktioniert — und dann die Ursache abzuszellen …

root@l2tp-dus03 ~ # birdc6 show ospf neighbors backbone | head
BIRD 1.6.8 ready.
backbone:
Router ID   	Pri	     State     	DTime	Interface  Router IP   
198.19.255.5	  1	2-Way/Other	00:39	eth0       fe80::c0ff:fefb:e27e                   
198.19.255.28	  1	2-Way/Other	00:39	eth0       fe80::c0ff:fefb:e262                   
198.19.255.11	  1	ExStart/BDR  	00:39	eth0       fe80::c0ff:fefb:e27d                   
213.203.194.36	  1	Full/DR   	00:40	eth0       fe80::2e44:fdff:fe7a:b2d5              
198.19.255.3	  1	Init/PtP  	00:34	bck-l2-ams01 fe80::200:5efe:c11a:7843               
198.19.255.4	  1	Full/PtP  	00:40	bck-l2-ber01 fe80::200:5efe:c11a:7863               
198.19.255.14	  1	Full/PtP  	00:39	bck-l2-ber02 fe80::200:5efe:c11a:7868

root@l2tp-gut01 ~ # birdc6 show ospf neighbors upstream
BIRD 1.6.8 ready.
upstream:
Router ID   	Pri	     State     	DTime	Interface  Router IP   
198.19.255.27	  1	2-Way/Other	00:37	ens3       fe80::c0ff:fefb:e212                   
213.203.194.36	  1	Full/DR   	00:40	ens3       fe80::2e44:fdff:fe7a:b2d5              
198.19.255.28	  1	2-Way/Other	00:34	ens3       fe80::c0ff:fefb:e262                   
198.19.255.11	  1	ExStart/BDR  	00:33	ens3       fe80::c0ff:fefb:e27d

root@l2tp-fra02 ~ # birdc6 show ospf neighbors upstream
BIRD 1.6.8 ready.
upstream:
Router ID   	Pri	     State     	DTime	Interface  Router IP   
185.133.208.75	  1	Full/BDR  	00:39	ens3       fe80::a481:27ff:fe62:fcbd              
198.19.255.10	  1	ExStart/Other	00:30	ens3       fe80::c1ff:fe1a:78e3

root@l2tp-ham03 ~ # birdc6 show ospf neighbors upstream
BIRD 1.6.8 ready.
upstream:
Router ID   	Pri	     State     	DTime	Interface  Router IP   
198.19.255.26	  1	Exchange/Other	00:39	eth0       fe80::57ff:fefd:bcc4                   
87.253.188.193	  1	Full/Other	00:40	eth0       fe80::1                                
87.253.188.209	  1	ExStart/Other	00:37	eth0       fe80::b6b5:2fff:fe63:8b4e              
198.18.255.51	  1	ExStart/Other	00:36	eth0       fe80::57ff:fefd:bcc3                   
198.18.255.52	  1	Full/DR   	00:40	eth0       fe80::57ff:fefd:bcce

mein zweiter Knoten hat sich inzwischen das Update ziehen können.

Meine 4040 auch. Seit dem ist sie offline. „Ohne Internet verbunden“ sagt mein Telefon.

image729×214 36.5 KB

    root@33332-Buschkoettersweg-63-a86c:~# traceroute firmware.ipv6.4830.org
    traceroute to firmware.ipv6.4830.org (2a06:e881:1700:1:400:c0ff:fefb:e216), 30 hops max, 64 byte 
packets
 1  2001:bf7:1310:128:cece:1eff:fe34:a86c (2001:bf7:1310:128:cece:1eff:fe34:a86c)  3122.784 ms !H  3122.728 ms !H  3115.116 ms !H
root@33332-Buschkoettersweg-63-a86c:~# batctl gwl
[B.A.T.M.A.N. adv openwrt-2018.1-13, MainIF/MAC: primary0/72:ac:8e:b6:27:43 (bat0/cc:ce:1e:34:a8:6c BATMAN_IV)]
  Router            ( TQ) Next Hop          [outgoingIf]  Bandwidth
  02:ca:ff:ee:01:10 (225) 02:ca:ff:ee:01:04 [  mesh-vpn]: 1024.0/1024.0 MBit
  02:ca:ff:ee:01:04 (255) 02:ca:ff:ee:01:04 [  mesh-vpn]: 1024.0/1024.0 MBit
* 02:ca:ff:ee:01:02 (225) 02:ca:ff:ee:01:04 [  mesh-vpn]: 1024.0/1024.0 MBit

Und

root@33332-Buschkoettersweg-63-a86c:~# traceroute www.heise.de
traceroute to www.heise.de (2a02:2e0:3fe:1001:7777:772e:2:85), 30 hops max, 64 byte packets
 1  2001:bf7:1310:128:cece:1eff:fe34:a86c (2001:bf7:1310:128:cece:1eff:fe34:a86c)  3162.337 ms !H  
3108.963 ms !H  3130.499 ms !H

Das ist spannend, lt. Karte ist sie verbunden: https://map03.4830.org/map/#!v:m;n:ccce1e34a86c

Danke für’s batctl; vom L2TP-Tunnelende ist sie auch erreichbar … ( 02:ca:ff:ee:01:04 ⇒ server_id ist 4 ⇒ l2tp-ber01 (nachgeschaut im Repo))

root@l2tp-ber01 ~ # traceroute 2001:bf7:1310:128:cece:1eff:fe34:a86c
traceroute to 2001:bf7:1310:128:cece:1eff:fe34:a86c (2001:bf7:1310:128:cece:1eff:fe34:a86c), 30 hops max, 80 byte packets
 1  2001:bf7:1310:128:cece:1eff:fe34:a86c (2001:bf7:1310:128:cece:1eff:fe34:a86c)  29.960 ms  30.811 ms  31.249 ms
root@l2tp-ber01 ~ # batctl -m bat01 tr cc:ce:1e:34:a8:6c
Warning - option -m was deprecated and will be removed in the future
traceroute to cc:ce:1e:34:a8:6c (72:ac:8e:b6:27:43), 50 hops max, 20 byte packets
 1: 72:ac:8e:b6:27:43  18.395 ms  17.908 ms  18.451 ms

Allerdings nicht vom gewählten Default-GW ( 02:ca:ff:ee:01:02 ⇒ server_id 2 ⇒ l2tp-ham01), wohl aber wieder vom 3. GW für Mesh01 (l2tp-fra01):

root@l2tp-ham01 ~ # traceroute 2001:bf7:1310:128:cece:1eff:fe34:a86c
traceroute to 2001:bf7:1310:128:cece:1eff:fe34:a86c (2001:bf7:1310:128:cece:1eff:fe34:a86c), 30 hops max, 80 byte packets
 1  2001:bf7:1310:128::2 (2001:bf7:1310:128::2)  3074.765 ms !H  3074.740 ms !H  3074.720 ms !H
root@l2tp-ham01 ~ # batctl -m bat01 tr cc:ce:1e:34:a8:6c
Warning - option -m was deprecated and will be removed in the future
traceroute to cc:ce:1e:34:a8:6c (72:ac:8e:b6:27:43), 50 hops max, 20 byte packets
 1: 02:ca:ff:ee:01:04  4.674 ms  4.831 ms  5.124 ms
 2: 72:ac:8e:b6:27:43  21.916 ms  25.434 ms  25.324 ms
root@l2tp-ham01 ~ # 

root@l2tp-fra01 ~ # traceroute 2001:bf7:1310:128:cece:1eff:fe34:a86c
traceroute to 2001:bf7:1310:128:cece:1eff:fe34:a86c (2001:bf7:1310:128:cece:1eff:fe34:a86c), 30 hops max, 80 byte packets
 1  2001:bf7:1310:128:cece:1eff:fe34:a86c (2001:bf7:1310:128:cece:1eff:fe34:a86c)  34.908 ms  36.418 ms  36.363 ms
root@l2tp-fra01 ~ # batctl -m bat01 tr cc:ce:1e:34:a8:6c
Warning - option -m was deprecated and will be removed in the future
traceroute to cc:ce:1e:34:a8:6c (72:ac:8e:b6:27:43), 50 hops max, 20 byte packets
 1: 02:ca:ff:ee:01:04  8.628 ms  8.929 ms  9.075 ms
 2: 72:ac:8e:b6:27:43  27.948 ms  26.549 ms  26.633 ms
root@l2tp-fra01 ~ #

Bitte so lassen, falls nicht zwingend benötigt, dann kann ich nachher weiter debuggen. Falls benötigt: Power-Cyclen und hoffen, daß nicht l2tp-ham01 als Default-GW gewählt wird …

Interessant. 52 Knoten noch auf 1.1.5~41, davon 45 online … und davon 34 auf l2tp-ham01 als Default-GW, wo v6 nicht tut.

Eigenes Testsetup:

root@33332-Test-VM-S07-11c9:~# batctl gwl
[B.A.T.M.A.N. adv openwrt-2018.1-13, MainIF/MAC: primary0/c2:df:96:d6:f1:4b (bat0/02:00:27:3e:11:c9 BATMAN_IV)]
  Router            ( TQ) Next Hop          [outgoingIf]  Bandwidth
  02:ca:ff:ee:01:04 (225) 02:ca:ff:ee:01:02 [  mesh-vpn]: 1024.0/1024.0 MBit
* 02:ca:ff:ee:01:10 (225) 02:ca:ff:ee:01:02 [  mesh-vpn]: 1024.0/1024.0 MBit
  02:ca:ff:ee:01:02 (255) 02:ca:ff:ee:01:02 [  mesh-vpn]: 1024.0/1024.0 MBit
root@33332-Test-VM-S07-11c9:~#

root@debian-test-vm:~# ip -4 route show
default via 10.234.128.10 dev eth1 
10.234.128.0/20 dev eth1 proto kernel scope link src 10.234.142.248 
192.168.5.0/24 via 192.168.175.1 dev eth0 
192.168.175.0/24 dev eth0 proto kernel scope link src 192.168.175.233 
root@debian-test-vm:~# ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
2001:bf7:1310:128::/64 dev eth1 proto kernel metric 256 expires 86389sec pref medium
fd10:ca1:1::/64 dev eth1 proto kernel metric 256 expires 86270sec pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fe80::f0be:efff:fe00:102 dev eth1 proto ra metric 1024 expires 49sec hoplimit 64 pref medium
root@debian-test-vm:~# traceroute -4 one.one.one.one
traceroute to one.one.one.one (1.0.0.1), 30 hops max, 60 byte packets
 1  10.234.128.10 (10.234.128.10)  30.824 ms  37.459 ms  37.449 ms
 2  brick.4830.org (193.26.120.225)  38.205 ms  38.188 ms  38.160 ms
 3  meerfarbig.w19.community-ix.de (185.1.74.60)  38.564 ms  38.518 ms  38.504 ms
 4  ae0.300.mx240.fra1.meerfarbig.net (80.77.16.114)  38.958 ms  38.935 ms  38.904 ms
 5  de-cix-frankfurt.as13335.net (80.81.194.180)  48.190 ms  48.166 ms  48.130 ms
 6  172.70.240.3 (172.70.240.3)  48.070 ms 172.70.244.3 (172.70.244.3)  42.290 ms *
 7  one.one.one.one (1.0.0.1)  47.739 ms  44.429 ms  44.375 ms
root@debian-test-vm:~# traceroute -6 one.one.one.one
traceroute to one.one.one.one (2606:4700:4700::1001), 30 hops max, 80 byte packets
 1  2001:bf7:1310:128:0:27ff:fe3e:11ca (2001:bf7:1310:128:0:27ff:fe3e:11ca)  1006.930 ms !H  1006.909 ms !H  1006.893 ms !H

Der L2TP-Tunnel geht nach l2tp-ham01, Default-GW ist aber l2tp-fra01; was ist das eigentlich für ein Mist, warum wählt Batman nicht den direktesten Weg‽ Meh.

Hmm, wo kommt denn default via fe80::f0be:efff:fe00:102 her?

Ach guck:

root@l2tp-ham01 ~ # ip addr show | grep -B6 fe80::f0be:efff:fe00:102
3: bat01: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-unifi state UNKNOWN group default qlen 1000
    link/ether f2:be:ef:00:01:02 brd ff:ff:ff:ff:ff:ff
    inet 10.234.128.2/20 brd 10.234.143.255 scope global bat01
       valid_lft forever preferred_lft forever
    inet6 2001:bf7:1310:128::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::f0be:efff:fe00:102/64 scope link

Das riecht doch nach … ebtables aka gluon-radv-filterd. Aber auch ohne gluon-radv-filterd tut’s nicht wirklich. Reboot ohne gluon-radv-filterd:

root@33332-Test-VM-S07-11c9:~# batctl gwl
[B.A.T.M.A.N. adv openwrt-2018.1-13, MainIF/MAC: primary0/c2:df:96:d6:f1:4b (bat0/02:00:27:3e:11:c9 BATMAN_IV)]
  Router            ( TQ) Next Hop          [outgoingIf]  Bandwidth
  02:ca:ff:ee:01:04 (225) 02:ca:ff:ee:01:02 [  mesh-vpn]: 1024.0/1024.0 MBit
  02:ca:ff:ee:01:10 (225) 02:ca:ff:ee:01:02 [  mesh-vpn]: 1024.0/1024.0 MBit
* 02:ca:ff:ee:01:02 (255) 02:ca:ff:ee:01:02 [  mesh-vpn]: 1024.0/1024.0 MBit

root@debian-test-vm:~# ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
2001:bf7:1310:128::/64 dev eth1 proto kernel metric 256 expires 86399sec pref medium
fd10:ca1:1::/64 dev eth1 proto kernel metric 256 expires 86295sec pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fe80::f0be:efff:fe00:104 dev eth1 proto ra metric 1024 expires 54sec hoplimit 64 pref medium
default via fe80::f0be:efff:fe00:110 dev eth1 proto ra metric 1024 expires 59sec hoplimit 64 pref medium
default via fe80::f0be:efff:fe00:102 dev eth1 proto ra metric 1024 expires 51sec hoplimit 64 pref medium
root@debian-test-vm:~# ping6 -c 3 fe80::f0be:efff:fe00:104%eth1
PING fe80::f0be:efff:fe00:104%eth1(fe80::f0be:efff:fe00:104%eth1) 56 data bytes
64 bytes from fe80::f0be:efff:fe00:104%eth1: icmp_seq=1 ttl=64 time=29.0 ms
64 bytes from fe80::f0be:efff:fe00:104%eth1: icmp_seq=2 ttl=64 time=60.7 ms
64 bytes from fe80::f0be:efff:fe00:104%eth1: icmp_seq=3 ttl=64 time=29.6 ms

--- fe80::f0be:efff:fe00:104%eth1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 28.953/39.746/60.679/14.805 ms
root@debian-test-vm:~# ping6 -c 3 fe80::f0be:efff:fe00:110%eth1
PING fe80::f0be:efff:fe00:110%eth1(fe80::f0be:efff:fe00:110%eth1) 56 data bytes
64 bytes from fe80::f0be:efff:fe00:110%eth1: icmp_seq=1 ttl=64 time=36.4 ms
64 bytes from fe80::f0be:efff:fe00:110%eth1: icmp_seq=2 ttl=64 time=36.1 ms
64 bytes from fe80::f0be:efff:fe00:110%eth1: icmp_seq=3 ttl=64 time=32.6 ms

--- fe80::f0be:efff:fe00:110%eth1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 32.570/35.024/36.371/1.751 ms
root@debian-test-vm:~# ping6 -c 3 fe80::f0be:efff:fe00:102%eth1
PING fe80::f0be:efff:fe00:102%eth1(fe80::f0be:efff:fe00:102%eth1) 56 data bytes
From fe80::27ff:fe3e:11ca%eth1: icmp_seq=1 Destination unreachable: Address unreachable
From fe80::27ff:fe3e:11ca%eth1: icmp_seq=2 Destination unreachable: Address unreachable
From fe80::27ff:fe3e:11ca%eth1: icmp_seq=3 Destination unreachable: Address unreachable

--- fe80::f0be:efff:fe00:102%eth1 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 47ms
pipe 3
root@debian-test-vm:~#

Hmm. gluon-radv-filterd ist’s nicht (uff), trägt aber durch das Rausfiltern von RAs dazu bei, daß das Problem stärker zu Tage tritt. Nur: warum is l2tp-ham01 IP(v6)-technisch abgeschnitten, wenngleich doch auf Layer 2 es erreichbar ist?

root@l2tp-ham01 ~ # ip addr show bat01 | grep ether
    link/ether f2:be:ef:00:01:02 brd ff:ff:ff:ff:ff:ff

root@l2tp-ber01 ~ # ip addr show bat01 | grep ether
    link/ether f2:be:ef:00:01:04 brd ff:ff:ff:ff:ff:ff

root@l2tp-fra01 ~ # ip addr show bat01 | grep ether
    link/ether f2:be:ef:00:01:10 brd ff:ff:ff:ff:ff:ff

root@33332-Test-VM-S07-11c9:~# batctl tr f2:be:ef:00:01:02
traceroute to f2:be:ef:00:01:02 (02:ca:ff:ee:01:02), 50 hops max, 20 byte packets
 1: 02:ca:ff:ee:01:02  22.650 ms  22.923 ms  27.787 ms
root@33332-Test-VM-S07-11c9:~# batctl tr f2:be:ef:00:01:04
traceroute to f2:be:ef:00:01:04 (02:ca:ff:ee:01:04), 50 hops max, 20 byte packets
 1: 02:ca:ff:ee:01:02  24.743 ms  23.037 ms  20.923 ms
 2: 02:ca:ff:ee:01:04  33.230 ms  28.164 ms  27.751 ms
root@33332-Test-VM-S07-11c9:~# batctl tr f2:be:ef:00:01:10
traceroute to f2:be:ef:00:01:10 (02:ca:ff:ee:01:10), 50 hops max, 20 byte packets
 1: 02:ca:ff:ee:01:02  23.944 ms  24.244 ms  23.264 ms
 2: 02:ca:ff:ee:01:10  31.174 ms  31.201 ms  31.893 ms

Hingegen:

root@l2tp-ham01 ~ # ip addr show bat01 | grep fe80
    inet6 fe80::f0be:efff:fe00:102/64 scope link 

root@l2tp-ber01 ~ # ip addr show bat01 | grep fe80
    inet6 fe80::f0be:efff:fe00:104/64 scope link 

root@l2tp-fra01 ~ # ip addr show bat01 | grep fe80
    inet6 fe80::f0be:efff:fe00:110/64 scope link 

root@33332-Test-VM-S07-11c9:~# ping6 -c 3 fe80::f0be:efff:fe00:102%br-client
PING fe80::f0be:efff:fe00:102%br-client (fe80::f0be:efff:fe00:102%6): 56 data bytes

--- fe80::f0be:efff:fe00:102%br-client ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@33332-Test-VM-S07-11c9:~# ping6 -c 3 fe80::f0be:efff:fe00:104%br-client
PING fe80::f0be:efff:fe00:104%br-client (fe80::f0be:efff:fe00:104%6): 56 data bytes
64 bytes from fe80::f0be:efff:fe00:104: seq=0 ttl=64 time=28.514 ms
64 bytes from fe80::f0be:efff:fe00:104: seq=1 ttl=64 time=28.365 ms
64 bytes from fe80::f0be:efff:fe00:104: seq=2 ttl=64 time=28.068 ms

--- fe80::f0be:efff:fe00:104%br-client ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 28.068/28.315/28.514 ms
root@33332-Test-VM-S07-11c9:~# ping6 -c 3 fe80::f0be:efff:fe00:110%br-client
PING fe80::f0be:efff:fe00:110%br-client (fe80::f0be:efff:fe00:110%6): 56 data bytes
64 bytes from fe80::f0be:efff:fe00:110: seq=0 ttl=64 time=31.563 ms
64 bytes from fe80::f0be:efff:fe00:110: seq=1 ttl=64 time=31.579 ms
64 bytes from fe80::f0be:efff:fe00:110: seq=2 ttl=64 time=32.052 ms

--- fe80::f0be:efff:fe00:110%br-client ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 31.563/31.731/32.052 ms

Würde ja auf ebtables tippen, aber da stehen überall die gleichen Regeln drin:

root@l2tp-ham01 ~ # ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 4, policy: ACCEPT
--logical-in br01 -j DROP 
--logical-in br02 -j DROP 
--logical-in br03 -j DROP 
--logical-in br04 -j DROP 

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
root@l2tp-ham01 ~ # 

root@l2tp-ber01 ~ # ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 7, policy: ACCEPT
--logical-in br01 -j DROP 
--logical-in br02 -j DROP 
--logical-in br03 -j DROP 
--logical-in br04 -j DROP 
--logical-in br05 -j DROP 
--logical-in br06 -j DROP 
--logical-in br09 -j DROP 

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
root@l2tp-ber01 ~ # 

root@l2tp-fra01 ~ # ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 6, policy: ACCEPT
--logical-in br01 -j DROP 
--logical-in br02 -j DROP 
--logical-in br03 -j DROP 
--logical-in br04 -j DROP 
--logical-in br05 -j DROP 
--logical-in br06 -j DROP 

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
root@l2tp-fra01 ~ #

Bin gerade echt etwas ratlos

Dieses Thema wurde automatisch 10 Tage nach der letzten Antwort geschlossen. Es sind keine neuen Antworten mehr erlaubt.