On 03/05/2018 05:18 AM, Udo Schacht-Wiegand wrote: > Hello Tom, > > thanks for the quick reply: > > Be sure that your Kernel is fully patched. This sounds like a problem > that I, along with a number of others, have experienced; it was > corrected in a subsequent kernel update. The problem is that the kernel > ignores NDP who-has requests, which will kills the link. The constant > pinging keeps the upstream router from issuing those requests. I > employed that same workaround until the problem was finally resolved. > > > The Kernel is 4.4.0-112-generic. I was wondering, why the problem does > not occour, when I don't use Shorewall6's providers file. That's why I > believe, that it is not only the kernels fault. So here is the other > solution I just found: Replace the upstream routers gateway address with > the link local one of the router: > > This is how I did it > - Find out the link local address of upstream router on eth0, > where 2001:abcd:1234::1: is the providers gateway: > > # ip -6 neigh sjow dev eth0 > fe80::1ae7:28ff:fe65:fcf2 lladdr 18:e7:28:65:fc:f2 router STALE > 2001:abcd:1234::1 lladdr 18:e7:28:65:fc:f2 router STALE > > - Then in the providers file replace the gateway address with the link > local: > > #NAME NUMBER MARK DUPLICATEINTERFACE GATEWAY > OPTIONS COPY > #mkn 1 - - eth0 > 2001:abcd:1234::1track,primary - > mkn 1 - - eth0 > fe80::1ae7:28ff:fe65:fcf2 track,primary - > htp 2 - - eth1 > fe80::464e:6dff:fe15:789atrack,fallback - > > Now it works almost perfect, packet loss is almost 0 over > 1000 pings. > It's no longer needed to continuosly ping the gateway. >
When it was failing, did you use a packet sniffer to attempt to understand what was happening at the link level? -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users