On 20/03/17 23:54, Claudio Jeker wrote: > On Sat, Mar 18, 2017 at 01:47:27PM +0200, Kapetanakis Giannis wrote: >> Hi, >> >> I have working setup of both ospf/ospf6. Nothing fancy. >> >> Cisco <---> [OBSD firewalls] <---> Cisco >> >> The inet6 interfaces on OBSD are setup with -autoconf >> >> All routers prefers to set next-hop routes via the link-local addresses, >> which apart from making my life harder (cannot easily tell who is who) >> it creates a minor problem with mtr/traceroute -6 -I replies. >> >> The active OBSD firewall prefers to reply through it's link-local address >> and not it's global address. >> >> 13:20:30.403197 2001:648:xxxx:x::2 > 2001:648:yyyy:y::2: icmp6: echo request >> [hlim 1] >> 13:20:30.403224 fe80::92e2:baff:feb8:715d > 2001:648:xxxx:x::2: icmp6: time >> exceeded in-transit for 2001:648:yyyy:y::2 >> >> This is probably because of the link-local routes: >> default fe80::2a94:fff:fe4a:5a00%vlan123 UG 0 105920403 - 32 vlan123 >> fe80::%vlan123/64 fe80::92e2:baff:feb8:715d%vlan123 UCn 1 0 >> - 4 vlan123 >> fe80::2a94:fff:fe4a:5a00%vlan123 28:94:0f:4a:5a:00 UHLch 13 8594 >> - 4 vlan123 >> fe80::92e2:baff:feb8:715d%vlan123 90:e2:ba:b8:71:5d UHLl 0 2156 >> - 1 vlan123 >> >> vlan123: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 >> lladdr 90:e2:ba:b8:71:5d >> description: External-10G-ipv6 >> index 11 priority 0 llprio 3 >> vlan: 123 parent interface: ix1 >> vnetid: 123 >> parent: ix1 >> groups: vlan egress >> status: active >> inet6 fe80::92e2:baff:feb8:715d%vlan123 prefixlen 64 scopeid 0xb >> inet6 2001:648:yyyy:a::2 prefixlen 126 >> >> This might be normal but is there any way to change this behavior? > > Could you try a prefixlen 64 route for 2001:648:yyyy:a::2? The non > standard prefixlens can cause problems. I'm not sure if that may help but > the IPv6 source address selection is way to complex and error prone. So > lets see if that helps...
I cannot do that on the external side, since that /126 has been given to me by my upstream... However since on the inside I also use a /126, I've changed it to /64. No change. It also replied from it's internal link-local address. the setup was pc <-> cisco <-> obsd G
