[SOLVED] IPv6 connectivity issues

[William Edwards]

I have the following setup:

• Traffic from VMs is routed through router VM
• Traffic to VMs is routed through router VM

Two days ago, I started seeing packet loss on IPv6 traffic from VMs to the router VM and the other way around. This started after rebooting the router VM.

It seems like something is wrong with NDP. I only see neighbour solicitations coming in and neighbour advertisements going out after the NDP state changes from REACHABLE to another state.

Demonstration:

21:01:10.1600801270
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 REACHABLE
21:01:11.1600801271
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 DELAY
21:01:12.1600801272
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 DELAY
21:01:13.1600801273
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 DELAY
21:01:14.1600801274
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 DELAY
21:01:15.1600801275
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 DELAY
21:01:16.1600801276
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 PROBE
21:01:17.1600801277
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 PROBE
21:01:18.1600801278
fc00:b6d:cfc:951::8 dev v-cap lladdr 6e:db:28:d6:01:84 PROBE
21:01:19.1600801279
fc00:b6d:cfc:951::8 dev v-cap  FAILED
21:01:20.1600801280
fc00:b6d:cfc:951::8 dev v-cap  INCOMPLETE
21:01:21.1600801281
fc00:b6d:cfc:951::8 dev v-cap  INCOMPLETE
21:01:22.1600801282
fc00:b6d:cfc:951::8 dev v-cap  INCOMPLETE

As you can see, the neighbour changes to 'DELAY' at 21:01:11.1600801271 .

At 21:01:22.577567, I see the first "ICMP6, destination unreachable, unreachable address"'s:

21:01:22.577567 IP6 fc00:b6d:cfc:951::2 > fc00:b6d:980:1::6: ICMP6, destination unreachable, unreachable address fc00:b6d:cfc:951::8, length 112 21:01:22.577590 IP6 fc00:b6d:cfc:951::2 > fc00:b6d:980:1::5: ICMP6, destination unreachable, unreachable address fc00:b6d:cfc:951::8, length 116 21:01:22.577603 IP6 fc00:b6d:cfc:951::2 > fc00:b6d:980:1::5: ICMP6, destination unreachable, unreachable address fc00:b6d:cfc:951::8, length 116


At 21:01:22.619649, a neighbour solicitation is sent:

21:01:22.619649 IP6 fc00:b6d:cfc:951::2 > ff02::1:ff00:8: ICMP6, neighbor solicitation, who has fc00:b6d:cfc:951::8, length 32


At 21:01:22.619965, a neighbour advertisement is sent:

21:01:22.619965 IP6 fc00:b6d:cfc:951::8 > fc00:b6d:cfc:951::2: ICMP6, neighbor advertisement, tgt is fc00:b6d:cfc:951::8, length 32


At 21:01:22.656175, traffic starts being sent and received again:

21:01:22.656175 ethertype IPv6, IP6 fc00:b6d:cfc:951::8 > 2a03:7900:1:3:31:3:104:122: ICMP6, echo request, seq 544, length 64


In summary, the first NS/NA is sent 2 seconds after the NDP state changes to 'FAILED'...

Side note: when I ping the router VM from the destination, the ping suddenly starts working and the NDP state changes to 'REACHABLE'. So it seems like NDP thinks there's no traffic between itself and the neighbour - thus changing NDP state to DELAY - with forwarded traffic... Also, traffic starts working for a few seconds (~5) when either the router VM or the neighbour VM are migrated to another Proxmox node.

I hope someone can help with this obscure issue.

 

[William Edwards]

Issue found! All kinds of strange things started happening when my link local address was in 'dadfailed' state, due to a configuration error.