On 03/05/2018 05:18 AM, Udo Schacht-Wiegand wrote:
> Hello Tom,
> 
> thanks for the quick reply:
> 
>     Be sure that your Kernel is fully patched. This sounds like a problem
>     that I, along with a number of others, have experienced; it was
>     corrected in a subsequent kernel update. The problem is that the kernel
>     ignores NDP who-has requests, which will kills the link. The constant
>     pinging keeps the upstream router from issuing those requests. I
>     employed that same workaround until the problem was finally resolved.
> 
> 
> The Kernel is 4.4.0-112-generic. I was wondering, why the problem does
> not occour, when I don't use Shorewall6's providers file. That's why I
> believe, that it is not only the kernels fault. So here is the other
> solution I just found: Replace the upstream routers gateway address with
> the link local one of the router:
> 
> This is how I did it
> - Find out the link local address of upstream router on eth0,
> where 2001:abcd:1234::1: is the providers gateway:
> 
> # ip -6 neigh sjow dev eth0
> fe80::1ae7:28ff:fe65:fcf2 lladdr 18:e7:28:65:fc:f2 router STALE
> 2001:abcd:1234::1 lladdr 18:e7:28:65:fc:f2 router STALE
> 
> - Then in the providers file replace the gateway address with the link
> local:
> 
> #NAME   NUMBER  MARK    DUPLICATEINTERFACE       GATEWAY       
>  OPTIONS      COPY
> #mkn    1       -       -               eth0           
> 2001:abcd:1234::1track,primary   -
> mkn     1       -       -               eth0           
> fe80::1ae7:28ff:fe65:fcf2 track,primary   -
> htp     2       -       -               eth1         
> fe80::464e:6dff:fe15:789atrack,fallback  -
> 
> Now it works almost perfect, packet loss is almost 0 over > 1000 pings.
> It's no longer needed to continuosly ping the gateway.
> 

When it was failing, did you use a packet sniffer to attempt to
understand what was happening at the link level?

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to