On Sat, Mar 18, 2017 at 01:47:27PM +0200, Kapetanakis Giannis wrote: > Hi, > > I have working setup of both ospf/ospf6. Nothing fancy. > > Cisco <---> [OBSD firewalls] <---> Cisco > > The inet6 interfaces on OBSD are setup with -autoconf > > All routers prefers to set next-hop routes via the link-local addresses, > which apart from making my life harder (cannot easily tell who is who) > it creates a minor problem with mtr/traceroute -6 -I replies. > > The active OBSD firewall prefers to reply through it's link-local address > and not it's global address. > > 13:20:30.403197 2001:648:xxxx:x::2 > 2001:648:yyyy:y::2: icmp6: echo request > [hlim 1] > 13:20:30.403224 fe80::92e2:baff:feb8:715d > 2001:648:xxxx:x::2: icmp6: time > exceeded in-transit for 2001:648:yyyy:y::2 > > This is probably because of the link-local routes: > default fe80::2a94:fff:fe4a:5a00%vlan123 UG 0 105920403 - 32 vlan123 > fe80::%vlan123/64 fe80::92e2:baff:feb8:715d%vlan123 UCn 1 0 > - 4 vlan123 > fe80::2a94:fff:fe4a:5a00%vlan123 28:94:0f:4a:5a:00 UHLch 13 8594 > - 4 vlan123 > fe80::92e2:baff:feb8:715d%vlan123 90:e2:ba:b8:71:5d UHLl 0 2156 > - 1 vlan123 > > vlan123: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 90:e2:ba:b8:71:5d > description: External-10G-ipv6 > index 11 priority 0 llprio 3 > vlan: 123 parent interface: ix1 > vnetid: 123 > parent: ix1 > groups: vlan egress > status: active > inet6 fe80::92e2:baff:feb8:715d%vlan123 prefixlen 64 scopeid 0xb > inet6 2001:648:yyyy:a::2 prefixlen 126 > > This might be normal but is there any way to change this behavior?
Could you try a prefixlen 64 route for 2001:648:yyyy:a::2? The non standard prefixlens can cause problems. I'm not sure if that may help but the IPv6 source address selection is way to complex and error prone. So lets see if that helps... -- :wq Claudio
