bridge does not forward neighbor solicitation packets
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | linux (Ubuntu) |
High
|
Unassigned | ||
Bug Description
3 hosts involved here:
kailan is connected to a cisco switch, which is also connected to kurrat (eth3), which is running a bridge with tigernut connected to eth1.
kurrat's controllers are 06:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection, using the e1000e driver (3.13.0-65-generic kernel)
(while kailan is doing a ping6 2601:282:
+kurrat 324 : sudo tcpdump -eni eth3 ip6 and not tcp and not udp
tcpdump: WARNING: eth3: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes
10:39:16.080888 00:1c:c0:83:32:40 > 33:33:ff:99:36:8d, ethertype IPv6 (0x86dd), length 86: 2601:282:
10:39:16.431484 00:1c:c0:83:32:40 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 110: fe80::21c:
10:39:17.077446 00:1c:c0:83:32:40 > 33:33:ff:99:36:8d, ethertype IPv6 (0x86dd), length 86: 2601:282:
10:39:18.077457 00:1c:c0:83:32:40 > 33:33:ff:99:36:8d, ethertype IPv6 (0x86dd), length 86: 2601:282:
10:39:19.095034 00:1c:c0:83:32:40 > 33:33:ff:99:36:8d, ethertype IPv6 (0x86dd), length 86: 2601:282:
10:39:20.093436 00:1c:c0:83:32:40 > 33:33:ff:99:36:8d, ethertype IPv6 (0x86dd), length 86: 2601:282:
10:39:21.093425 00:1c:c0:83:32:40 > 33:33:ff:99:36:8d, ethertype IPv6 (0x86dd), length 86: 2601:282:
10:39:21.430000 00:1c:c0:83:32:40 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 110: fe80::21c:
10:39:22.111042 00:1c:c0:83:32:40 > 33:33:ff:99:36:8d, ethertype IPv6 (0x86dd), length 86: 2601:282:
^C
10 packets captured
11 packets received by filter
0 packets dropped by kernel
+kurrat 325 : sudo tcpdump -eni eth1 ip6 and not tcp and not udp
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
10:39:28.201110 00:1c:c0:83:32:40 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 110: fe80::21c:
10:39:31.552677 00:1c:c0:83:32:40 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 110: fe80::21c:
10:39:38.103919 08:10:78:fc:b3:d2 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 90: fe80::a10:
10:39:39.663357 00:1c:c0:83:32:40 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 110: fe80::21c:
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel
1 packet dropped by interface
+kurrat 326 : uname -a
Linux kurrat 3.13.0-65-generic #105-Ubuntu SMP Mon Sep 21 18:50:58 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Adding a host route for the 2001:: IP via the link IP on kailan works as a workaround, but the neighbor solicitiation packets are clearly not getting through the bridge.
No firewall is configured on kurrat.
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| tags: | added: trusty |
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Triaged |
| Changed in linux (Ubuntu): | |
| importance: | Undecided → High |
| tags: | added: kernel-key |
| Jay Vosburgh (jvosburgh) wrote : | #2 |
I set up a similar configuration locally, and I see the bridge correctly forwarding the IPv6 NS packets. The ping functions as expected. I have different network cards, and used IPv6 ULA addresses (fc00:1234::/64) but I'm not sure how that would affect the bridge forwarding decision.
I'm also not sure what exactly is meant by your statement "Adding a host route for the 2001:: IP via the link IP"; I don't see any other reference to a 2001:: address. Could you clarify what this refers to?
Also, for completeness, can you insure that there are no bridge table rules installed? This would be in the output of
ebtables -t filter -L
ebtables -t nat -L
ebtables -t broute -L
I would also suggest disabling the bridge callouts to arptables, ip6tables and iptables to see if that affects the behavior. This would be done via
sysctl -w net.bridge.
sysctl -w net.bridge.
sysctl -w net.bridge.
(all of the above sysctl and ebtables commands need to be done as root)
| Changed in linux (Ubuntu): | |
| status: | Triaged → Incomplete |
| LaMont Jones (lamont) wrote : | #3 |
the "2001::" IP would be the 2601:... IP address used throughout. Once it is specifically routed to the fe80: IP for the host, then ipv6 connectivity works just fine to the 2601 IP (since no neighbor discovery is involved -- it's a link address for nexthop.
I'll make some time to disable the bridge callouts this week.
as for ebtables, I'm going to say there aren't any:
sudo: ebtables: command not found
| tags: |
added: kernel-da-key removed: kernel-key |
| Launchpad Janitor (janitor) wrote : | #4 |
[Expired for linux (Ubuntu) because there has been no activity for 60 days.]
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Expired |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1502238
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.