Discussion:
6relayd
(too old to reply)
cb.list6
2014-01-03 05:18:53 UTC
Permalink
Hi,

I have been using CeroWRT on Comcast with a 3800 for about 6 month. The
DHCP-PD config has always been a little unstable for me, but working.

I recently upgraded to:

***@cerowrt:/etc/config# uname -a
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux

My WAN gets a /128, but i cannot get DHCP-PD to work to get addresses on
the rest of my interfaces. The router does seem to have good IPv6 access.


I fiddled with the 6relayd config and came up with this, but it does not
work. Any pointers on how to get this back on track? The result of the
below config is that the /128 from the WAN interfaces is now present on all
the interfaces but my attached computers get no addresses.


config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'

***@cerowrt:/etc/config# uname -a
Dave Taht
2014-01-03 16:40:58 UTC
Permalink
At one level I am happy to figure out this is a recently introduced bug.

On the other hand I am not sure if it is 6relayd.

What version of cero was working for you?
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month. The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get addresses on
the rest of my interfaces. The router does seem to have good IPv6 access.
I fiddled with the 6relayd config and came up with this, but it does not
work. Any pointers on how to get this back on track? The result of the
below config is that the /128 from the WAN interfaces is now present on all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
cb.list6
2014-01-03 16:50:42 UTC
Permalink
Post by Dave Taht
At one level I am happy to figure out this is a recently introduced bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.

CB
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month. The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get addresses on
the rest of my interfaces. The router does seem to have good IPv6 access.
I fiddled with the 6relayd config and came up with this, but it does not
work. Any pointers on how to get this back on track? The result of the
below config is that the /128 from the WAN interfaces is now present on all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
Dave Taht
2014-01-03 17:31:05 UTC
Permalink
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently introduced bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).

I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month. The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get addresses on
the rest of my interfaces. The router does seem to have good IPv6 access.
I fiddled with the 6relayd config and came up with this, but it does not
work. Any pointers on how to get this back on track? The result of the
below config is that the /128 from the WAN interfaces is now present on all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
Steven Barth
2014-01-03 18:15:24 UTC
Permalink
Hi,

I haven't really touched 6relayd since October so not sure what is wrong
atm.
There was a problem with its init script recently due to some shell
script change in OpenWrt which I hopefully fixed yesterday (couldn't
verify the issue or fix yet though).

Feel free to provide me with some debugging information of the system
while PD fails for you so I can have a look at the probable cause:

* "ifstatus ge00" (replace ge00 with your IPv6 upstream interface)
* "ip addr list dev ge01" (replace ge01 with the interface your
downstream router is connected)
* "ps | grep 6relayd"

Anyway I will migrate all the stuff to odhcpd soon (it's successor which
shares a good part of the codebase but is a bit better integrated with
the rest of the environment).


Regards,

Steven
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently introduced bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month. The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get addresses on
the rest of my interfaces. The router does seem to have good IPv6 access.
I fiddled with the 6relayd config and came up with this, but it does not
work. Any pointers on how to get this back on track? The result of the
below config is that the /128 from the WAN interfaces is now present on all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
Dave Taht
2014-01-03 18:43:14 UTC
Permalink
cb.list, please put

https://raw.github.com/dtaht/cerowrt-next/master/package/network/ipv6/6relayd/files/6relayd.init

into /etc/init.d/6relayd

and see what happens.
Post by Steven Barth
Hi,
I haven't really touched 6relayd since October so not sure what is wrong
atm.
There was a problem with its init script recently due to some shell script
change in OpenWrt which I hopefully fixed yesterday (couldn't verify the
issue or fix yet though).
I was also experiencing a race condition with dnsmasq, while I had it enabling
ra and dhcpv6 via dnsmasq. At the moment that's turned off by default, but
I did rather prefer having dns names for my ipv6 addresses...

is there a good way for 6relayd and dnsmasq-dhcpv6 to co-exist?
Post by Steven Barth
Feel free to provide me with some debugging information of the system while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream interface)
* "ip addr list dev ge01" (replace ge01 with the interface your downstream
router is connected)
* "ps | grep 6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's successor which
shares a good part of the codebase but is a bit better integrated with the
rest of the environment).
same question re dnsmasq.
Post by Steven Barth
Regards,
Steven
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently introduced bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month.
The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get addresses on
the rest of my interfaces. The router does seem to have good IPv6 access.
I fiddled with the 6relayd config and came up with this, but it does not
work. Any pointers on how to get this back on track? The result of the
below config is that the /128 from the WAN interfaces is now present on all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
Steven Barth
2014-01-04 09:30:50 UTC
Permalink
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I had it enabling
ra and dhcpv6 via dnsmasq. At the moment that's turned off by default, but
I did rather prefer having dns names for my ipv6 addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired via
stateful DHCPv6 and export them to dnsmasq in an additional hostfiles.
At least that seemed to work when I last tried it a few months ago. The
only disadvantage is that there is no "ra-names" feature there.
Post by Dave Taht
is there a good way for 6relayd and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you could select dnsmasq and /
or odhcpd for different interfaces on the same machine. odhcpd supports
that but dnsmasq the last time I've looked seemed to use a single socket
binding to all interfaces for DHCP/v6 which prevents coexistance from
working correctly because odhcpd / 6relayd can't bind the socket after
dnsmasq did and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of the system while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream interface)
* "ip addr list dev ge01" (replace ge01 with the interface your downstream
router is connected)
* "ps | grep 6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's successor which
shares a good part of the codebase but is a bit better integrated with the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets. odhcpd
will bring the functionality of dynamically enabling / disabling
DHCPv4/v6 on interfaces without restarting the daemon and loosing state.
This is one of the main reasons for the change and very much eases
things for high-level protocols that do dynamic wan/lan detection.


Cheers,

Steven
Post by Dave Taht
Post by Steven Barth
Regards,
Steven
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently introduced bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month.
The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get addresses on
the rest of my interfaces. The router does seem to have good IPv6 access.
I fiddled with the 6relayd config and came up with this, but it does not
work. Any pointers on how to get this back on track? The result of the
below config is that the /128 from the WAN interfaces is now present on all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
Matt Mathis
2014-01-06 00:42:41 UTC
Permalink
Background: some time earlier this year Comcast started allocating IPv6
addresses, and everything magically all worked (I know that real magic
requires wizards to work very hard behind the scenes.)

I was running the WNDR 3700, that we flashed at your (Dave's) place this
summer (3.10.7-1).

Sometime during the holidays IPv6 stopped working. I didn't notice it
immediately, so I don't know if there should have been any obvious
triggers. Note that both Comcast and my remotely managed clients
(Android, etc) probably received updates in this window. LuCI
status->overview indicates a /128 on the upstream interface but no /60 or
/64 (although I now see that even with a global address block, this pages
cb.list6
2014-01-06 00:48:25 UTC
Permalink
Confirmed. My issue is a Comcast issue. Enabling debug on odhcp6 shows
comcast dhcpv6 is not allocating a prefix to me in Seattle.

JJB at Comcast acknowledged the issue and it is being worked. That is all
know.

My issue is not a cerowrt issue, sorry for the noise

CB
Post by Matt Mathis
Background: some time earlier this year Comcast started allocating IPv6
addresses, and everything magically all worked (I know that real magic
requires wizards to work very hard behind the scenes.)
I was running the WNDR 3700, that we flashed at your (Dave's) place this
summer (3.10.7-1).
Sometime during the holidays IPv6 stopped working. I didn't notice it
immediately, so I don't know if there should have been any obvious
triggers. Note that both Comcast and my remotely managed clients
(Android, etc) probably received updates in this window. LuCI
status->overview indicates a /128 on the upstream interface but no /60 or
/64 (although I now see that even with a global address block, this pages
Dave Taht
2014-01-06 03:15:20 UTC
Permalink
Post by Matt Mathis
Background: some time earlier this year Comcast started allocating IPv6
addresses, and everything magically all worked (I know that real magic
requires wizards to work very hard behind the scenes.)
We'd got it up and running in comcast's lab in feburary or so.
Post by Matt Mathis
I was running the WNDR 3700, that we flashed at your (Dave's) place this
summer (3.10.7-1).
Sometime during the holidays IPv6 stopped working. I didn't notice it
immediately, so I don't know if there should have been any obvious triggers.
Note that both Comcast and my remotely managed clients (Android, etc)
probably received updates in this window. LuCI status->overview indicates a
/128 on the upstream interface but no /60 or /64 (although I now see that
even with a global address block, this pages does not show it).
Dave Taht
2014-01-06 03:48:59 UTC
Permalink
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I had it enabling
ra and dhcpv6 via dnsmasq. At the moment that's turned off by default, but
I did rather prefer having dns names for my ipv6 addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired via stateful
DHCPv6 and export them to dnsmasq in an additional hostfiles. At least that
seemed to work when I last tried it a few months ago. The only disadvantage
is that there is no "ra-names" feature there.
Getting to names from dhcpv4 to slaac was a neat hack and a potential
RFC. So i figure spending the time to add the same functionality into
into something other than dnsmasq would be useful towards writing that
rfc.
Post by Dave Taht
is there a good way for 6relayd and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you could select dnsmasq and / or
odhcpd for different interfaces on the same machine. odhcpd supports that
but dnsmasq the last time I've looked seemed to use a single socket binding
to all interfaces for DHCP/v6 which prevents coexistance from working
correctly because odhcpd / 6relayd can't bind the socket after dnsmasq did
and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of the system while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream interface)
* "ip addr list dev ge01" (replace ge01 with the interface your downstream
router is connected)
* "ps | grep 6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's successor which
shares a good part of the codebase but is a bit better integrated with the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets. odhcpd will
bring the functionality of dynamically enabling / disabling DHCPv4/v6 on
interfaces without restarting the daemon and loosing state. This is one of
the main reasons for the change and very much eases things for high-level
protocols that do dynamic wan/lan detection.
Cheers,
Steven
Post by Dave Taht
Post by Steven Barth
Regards,
Steven
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently introduced bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month.
The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get addresses on
the rest of my interfaces. The router does seem to have good IPv6 access.
I fiddled with the 6relayd config and came up with this, but it does not
work. Any pointers on how to get this back on track? The result of the
below config is that the /128 from the WAN interfaces is now present
on
all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
Matt Mathis
2014-01-17 06:52:35 UTC
Permalink
I'm finally getting back to this.

Hmm. if you uncomment everything in /etc/dnsmasq.conf and restart
dnsmasq what happens? If you have got /64s you would end up doing
slaac and ra announcements via dnsmasq in this case.
That was on by default before (and what was tested in feburary). Later
on 6relayd started having a race with it and seemed to be "the
future", so I disabled the dnsmasq version, thinking that 6relayd was
the answer. It's entirely possible that's
merely configured wrong.
Now I get global /64's on my LAN interfaces, but I am still not answering
dhcp6 for attached hosts. I retried both version of the 6relayd init
script....

dnsmasq.conf contains:
enable-ra

dhcp-range=::1,::400,constructor:se00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw10,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw10,ra-names,ra-stateless


I am running: Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013.....
which might be just a bit too fresh.... Would you suggest another?

I have a spare 3700, so I think I will try some alternate vintages.

Thanks,
--MM--
The best way to predict the future is to create it. - Alan Kay

Privacy matters! We know from recent events that people are using our
services to speak in defiance of unjust governments. We treat privacy and
security as matters of life and death, because for some users, they are.
Post by Steven Barth
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I had it enabling
ra and dhcpv6 via dnsmasq. At the moment that's turned off by default,
but
Post by Steven Barth
Post by Dave Taht
I did rather prefer having dns names for my ipv6 addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired via
stateful
Post by Steven Barth
DHCPv6 and export them to dnsmasq in an additional hostfiles. At least
that
Post by Steven Barth
seemed to work when I last tried it a few months ago. The only
disadvantage
Post by Steven Barth
is that there is no "ra-names" feature there.
Getting to names from dhcpv4 to slaac was a neat hack and a potential
RFC. So i figure spending the time to add the same functionality into
into something other than dnsmasq would be useful towards writing that
rfc.
Post by Steven Barth
Post by Dave Taht
is there a good way for 6relayd and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you could select dnsmasq and /
or
Post by Steven Barth
odhcpd for different interfaces on the same machine. odhcpd supports that
but dnsmasq the last time I've looked seemed to use a single socket
binding
Post by Steven Barth
to all interfaces for DHCP/v6 which prevents coexistance from working
correctly because odhcpd / 6relayd can't bind the socket after dnsmasq
did
Post by Steven Barth
and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of the system while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream interface)
* "ip addr list dev ge01" (replace ge01 with the interface your downstream
router is connected)
* "ps | grep 6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's successor
which
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
shares a good part of the codebase but is a bit better integrated with the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets. odhcpd
will
Post by Steven Barth
bring the functionality of dynamically enabling / disabling DHCPv4/v6 on
interfaces without restarting the daemon and loosing state. This is one
of
Post by Steven Barth
the main reasons for the change and very much eases things for high-level
protocols that do dynamic wan/lan detection.
Cheers,
Steven
Post by Dave Taht
Post by Steven Barth
Regards,
Steven
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently introduced bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month.
The
DHCP-PD config has always been a little unstable for me, but
working.
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips
GNU/Linux
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
Post by cb.list6
My WAN gets a /128, but i cannot get DHCP-PD to work to get
addresses
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
Post by cb.list6
on
the rest of my interfaces. The router does seem to have good IPv6 access.
I fiddled with the 6relayd config and came up with this, but it
does
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
Post by cb.list6
not
work. Any pointers on how to get this back on track? The result
of
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
Post by cb.list6
the
below config is that the /128 from the WAN interfaces is now
present
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
Post by cb.list6
on
all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
Dave Taht
2014-01-17 12:58:05 UTC
Permalink
Post by Matt Mathis
I'm finally getting back to this.
Post by Matt Mathis
Hmm. if you uncomment everything in /etc/dnsmasq.conf and restart
dnsmasq what happens? If you have got /64s you would end up doing
slaac and ra announcements via dnsmasq in this case.
That was on by default before (and what was tested in feburary). Later
on 6relayd started having a race with it and seemed to be "the
future", so I disabled the dnsmasq version, thinking that 6relayd was
the answer. It's entirely possible that's
merely configured wrong.
Now I get global /64's on my LAN interfaces, but I am still not answering
dhcp6 for attached hosts. I retried both version of the 6relayd init
script....
enable-ra
dhcp-range=::1,::400,constructor:se00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw10,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw10,ra-names,ra-stateless
I am running: Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013.....
which might be just a bit too fresh.... Would you suggest another?
You are not getting slaac either?

An ifconfig on an interface and a packet dump of ipv6 packets would be
helpful.
Post by Matt Mathis
I have a spare 3700, so I think I will try some alternate vintages.
Thanks,
--MM--
The best way to predict the future is to create it. - Alan Kay
Privacy matters! We know from recent events that people are using our
services to speak in defiance of unjust governments. We treat privacy and
security as matters of life and death, because for some users, they are.
Post by Matt Mathis
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I had it enabling
ra and dhcpv6 via dnsmasq. At the moment that's turned off by default, but
I did rather prefer having dns names for my ipv6 addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired via stateful
DHCPv6 and export them to dnsmasq in an additional hostfiles. At least that
seemed to work when I last tried it a few months ago. The only disadvantage
is that there is no "ra-names" feature there.
Getting to names from dhcpv4 to slaac was a neat hack and a potential
RFC. So i figure spending the time to add the same functionality into
into something other than dnsmasq would be useful towards writing that
rfc.
Post by Dave Taht
is there a good way for 6relayd and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you could select dnsmasq and / or
odhcpd for different interfaces on the same machine. odhcpd supports that
but dnsmasq the last time I've looked seemed to use a single socket binding
to all interfaces for DHCP/v6 which prevents coexistance from working
correctly because odhcpd / 6relayd can't bind the socket after dnsmasq did
and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of the system while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream interface)
* "ip addr list dev ge01" (replace ge01 with the interface your downstream
router is connected)
* "ps | grep 6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's successor which
shares a good part of the codebase but is a bit better integrated with the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets. odhcpd will
bring the functionality of dynamically enabling / disabling DHCPv4/v6 on
interfaces without restarting the daemon and loosing state. This is one of
the main reasons for the change and very much eases things for high-level
protocols that do dynamic wan/lan detection.
Cheers,
Steven
Post by Dave Taht
Post by Steven Barth
Regards,
Steven
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently introduced bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month.
The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get
addresses
on
the rest of my interfaces. The router does seem to have good IPv6
access.
I fiddled with the 6relayd config and came up with this, but it
does
not
work. Any pointers on how to get this back on track? The result
of
the
below config is that the /128 from the WAN interfaces is now present
on
all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
Steven Barth
2014-01-18 14:23:12 UTC
Permalink
Fyi as stated earlier i made the switch to odhcpd yesterday. With that i also switched routing from individual tables to source-constrained routes in the maintable.

Cheers,
Steven
Post by Matt Mathis
Post by Matt Mathis
I'm finally getting back to this.
Post by Matt Mathis
Hmm. if you uncomment everything in /etc/dnsmasq.conf and restart
dnsmasq what happens? If you have got /64s you would end up doing
slaac and ra announcements via dnsmasq in this case.
That was on by default before (and what was tested in feburary).
Later
Post by Matt Mathis
Post by Matt Mathis
on 6relayd started having a race with it and seemed to be "the
future", so I disabled the dnsmasq version, thinking that 6relayd
was
Post by Matt Mathis
Post by Matt Mathis
the answer. It's entirely possible that's
merely configured wrong.
Now I get global /64's on my LAN interfaces, but I am still not
answering
Post by Matt Mathis
dhcp6 for attached hosts. I retried both version of the 6relayd init
script....
enable-ra
dhcp-range=::1,::400,constructor:se00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw10,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw10,ra-names,ra-stateless
I am running: Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST
2013.....
Post by Matt Mathis
which might be just a bit too fresh.... Would you suggest another?
You are not getting slaac either?
An ifconfig on an interface and a packet dump of ipv6 packets would be
helpful.
Post by Matt Mathis
I have a spare 3700, so I think I will try some alternate vintages.
Thanks,
--MM--
The best way to predict the future is to create it. - Alan Kay
Privacy matters! We know from recent events that people are using
our
Post by Matt Mathis
services to speak in defiance of unjust governments. We treat
privacy and
Post by Matt Mathis
security as matters of life and death, because for some users, they
are.
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I
had it
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
enabling
ra and dhcpv6 via dnsmasq. At the moment that's turned off by
default,
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
but
I did rather prefer having dns names for my ipv6 addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired via stateful
DHCPv6 and export them to dnsmasq in an additional hostfiles. At
least
Post by Matt Mathis
Post by Matt Mathis
that
seemed to work when I last tried it a few months ago. The only disadvantage
is that there is no "ra-names" feature there.
Getting to names from dhcpv4 to slaac was a neat hack and a
potential
Post by Matt Mathis
Post by Matt Mathis
RFC. So i figure spending the time to add the same functionality
into
Post by Matt Mathis
Post by Matt Mathis
into something other than dnsmasq would be useful towards writing
that
Post by Matt Mathis
Post by Matt Mathis
rfc.
Post by Dave Taht
is there a good way for 6relayd and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you could select dnsmasq
and /
Post by Matt Mathis
Post by Matt Mathis
or
odhcpd for different interfaces on the same machine. odhcpd
supports
Post by Matt Mathis
Post by Matt Mathis
that
but dnsmasq the last time I've looked seemed to use a single
socket
Post by Matt Mathis
Post by Matt Mathis
binding
to all interfaces for DHCP/v6 which prevents coexistance from
working
Post by Matt Mathis
Post by Matt Mathis
correctly because odhcpd / 6relayd can't bind the socket after
dnsmasq
Post by Matt Mathis
Post by Matt Mathis
did
and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of the
system
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream
interface)
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
* "ip addr list dev ge01" (replace ge01 with the interface your downstream
router is connected)
* "ps | grep 6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's
successor
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
which
shares a good part of the codebase but is a bit better
integrated with
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets.
odhcpd
Post by Matt Mathis
Post by Matt Mathis
will
bring the functionality of dynamically enabling / disabling
DHCPv4/v6 on
Post by Matt Mathis
Post by Matt Mathis
interfaces without restarting the daemon and loosing state. This
is one
Post by Matt Mathis
Post by Matt Mathis
of
the main reasons for the change and very much eases things for high-level
protocols that do dynamic wan/lan detection.
Cheers,
Steven
Post by Dave Taht
Post by Steven Barth
Regards,
Steven
Post by Dave Taht
On Fri, Jan 3, 2014 at 8:40 AM, Dave Taht
Post by Dave Taht
At one level I am happy to figure out this is a recently
introduced
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd
server
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
and
see what I can see.
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month.
The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013 mips GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get
addresses
on
the rest of my interfaces. The router does seem to have
good IPv6
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
access.
I fiddled with the 6relayd config and came up with this, but
it
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
does
not
work. Any pointers on how to get this back on track? The
result
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
of
the
below config is that the /128 from the WAN interfaces is now present
on
all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
Dave Taht
2014-01-18 14:38:03 UTC
Permalink
I just filed bug http://www.bufferbloat.net/issues/438 on this issue
after working with matt until the wee hours.

I have to take a couple packet captures next.

To copy from the bug report:

On the plus side:

comcast ipv6 had been working fine between august and december on
cerowrt 3.10.7 (?)

we do get an external IPv6 address AND /60 dhcpv6-pd delegation from
comcast, and distribute the /64s to each of the subnets on cero. The
resulting native ipv6 connection works for getting into the router
itself and stays up all night...

On the minus side(s)

1) The AAAA record on the wan interface (ge00) is withdrawn and
renewed every minute or two. This triggers reloading the firewall,
which really isn't something you want happening every minute or two.
The delegation seems to persist longer than that, but...

2) We do not get dnsmasq distributing that /64 on any interface.
Interestingly if you manually add a new IPv6 address from that range
(say, whatever::2/64) dnsmasq picks it up and starts serving ipv6
addresses. (theory: we don't have that ipv6 delegation long enough for
dnsmasq to see it before they are withdrawn)

3) We get plenty of instruction traps IF you delegate to the wireless
and use it.
(there may be other factors on the instruction traps so don't take the
above as canon), but Running all night with just the ::2 manually
inserted on ethernet results in no instruction traps (but there was no
traffic either). running with with the manual ::2/64 inserted does
result in routable, working, ipv6 subnet addresses that dnsmasq sees
and distributes from.

4) tweak: ge01 needs to be added to the firewall rules for wan. maybe.

The net result is unusable native ipv6 on comcast. (comcast6.net is
also reporting unusable ipv6 on wireless on the xbox 1, and I don't
know if that's related)

Working theories: A) is we have an endianess problem on parsing
dhcpv6-pd from comcast for the timeout, B) comcast has an endianess
problem C) we are not keeping properly track of the ipv6 address
assignment and/or lease length. D) Comcast isn't assigning ipv6
external addresses and subnets for more than a minute. E) we have some
problem on the wireless side in particular (but that seems independent
of the problem)

We have all generally been running fine with ipv6 tunneled through hurricane, so
my assumption is that this is something specific to the directly connected ge00
interface, in negotiating something with the upstream dhcpv6 and
dhcpv6-pd stuff.

So here's one of the symptoms. I have some packet captures and straces to do:

Sat Jan 18 13:18:55 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:19:57 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:21:01 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:22:02 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:23:02 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:24:04 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:25:04 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:25:45 2014 daemon.info dnsmasq-dhcp3318:
RTR-ADVERT 2601:9:8580:c32::
Sat Jan 18 13:26:07 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:27:09 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:28:11 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Post by Steven Barth
Fyi as stated earlier i made the switch to odhcpd yesterday. With that i
also switched routing from individual tables to source-constrained routes in
the maintable.
Cheers,
Steven
Post by Dave Taht
Post by Matt Mathis
I'm finally getting back to this.
Post by Matt Mathis
Hmm. if you uncomment everything in /etc/dnsmasq.conf and restart
dnsmasq what happens? If you have got /64s you would end up doing
slaac and ra announcements via dnsmasq in this case.
That was on by default before (and what was tested in feburary). Later
on 6relayd started having a race with it and seemed to be "the
future", so I disabled the dnsmasq version, thinking that 6relayd was
the answer. It's entirely possible that's
merely configured wrong.
Now I get global /64's on my LAN interfaces, but I am still not answering
dh
cp6 for
attached hosts. I retried both version of the 6relayd init
script....
enable-ra
dhcp-range=::1,::400,constructor:se00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw10,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw10,ra-names,ra-stateless
I am running: Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013.....
which might be just a bit too fresh.... Would you suggest another?
You are not getting slaac either?
An ifconfig on an interface and a packet dump of ipv6 packets would be
helpful.
Post by Matt Mathis
I have a spare 3700, so I think I will try some alternate vintages.
Thanks,
--MM--
The
best way to predict the future is to create it. - Alan Kay
Privacy matters! We know from recent events that people are using our
services to speak in defiance of unjust governments. We treat privacy and
security as matters of life and death, because for some users, they are.
Post by Matt Mathis
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I had it enabling
ra
and
dhcpv6 via dnsmasq. At the moment that's turned off by default,
but
I did rather prefer having dns names for my ipv6 addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired via stateful
DHCPv6 and export them to dnsmasq in an additional hostfiles. At least that
seemed to work when I last tried it a few months ago. The only disadvantage
is that there is no "ra-names" feature there.
Getting to names from dhcpv4 to slaac was a neat hack and a potential
RFC. So i figure spending the time to add the same functionality into
into something other than dnsmasq would be useful towards writing that
rfc.
Post by Dave Taht
is there a good way for 6re
layd
and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you could select dnsmasq and / or
odhcpd for different interfaces on the same machine. odhcpd supports that
but dnsmasq the last time I've looked seemed to use a single socket binding
to all interfaces for DHCP/v6 which prevents coexistance from working
correctly because odhcpd / 6relayd can't bind the socket after dnsmasq did
and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of the system while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream interface)
* "ip addr list dev
ge01"
(replace ge01 with the interface your
downstream
router is connected)
* "ps | grep 6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's successor which
shares a good part of the codebase but is a bit better integrated with
the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets. odhcpd will
bring the functionality of dynamically enabling / disabling DHCPv4/v6 on
interfaces without restarting the daemon and loosing state. This is one of
the main reasons for the change and very much eases things for high-level
protocols that do dynamic wan/lan detection.
Cheers,
Steven
Post by Dave Taht
Post by Steven Barth
Regards,
Steven
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently
introduced
bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month.
The
DHCP-PD config has always been a little unstable for me, but working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 1
0:50:15
PST 2013 mips
GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get
addresses
on
the rest of my interfaces. The router does seem to have good IPv6
access.
I fiddled with the 6relayd config and came up with this, but it
does
not
work. Any pointers on how to get this back on track? The result
of
the
below config is that the /128 from the WAN interfaces is now present
on
all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
ame
-a
________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave Täht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
Steven Barth
2014-01-18 14:46:50 UTC
Permalink
That firewall reloading is due to comcast unnecessarily spamming ras every 3 seconds. We already filter it down to one reload per minute. I prepared another filter yesterday which will filter out updates that dont change anything but adress / route timers. So expect some solution for this reload spam in the coming days.
Post by Dave Taht
I just filed bug http://www.bufferbloat.net/issues/438 on this issue
after working with matt until the wee hours.
I have to take a couple packet captures next.
comcast ipv6 had been working fine between august and december on
cerowrt 3.10.7 (?)
we do get an external IPv6 address AND /60 dhcpv6-pd delegation from
comcast, and distribute the /64s to each of the subnets on cero. The
resulting native ipv6 connection works for getting into the router
itself and stays up all night...
On the minus side(s)
1) The AAAA record on the wan interface (ge00) is withdrawn and
renewed every minute or two. This triggers reloading the firewall,
which really isn't something you want happening every minute or two.
The delegation seems to persist longer than that, but...
2) We do not get dnsmasq distributing that /64 on any interface.
Interestingly if you manually add a new IPv6 address from that range
(say, whatever::2/64) dnsmasq picks it up and starts serving ipv6
addresses. (theory: we don't have that ipv6 delegation long enough for
dnsmasq to see it before they are withdrawn)
3) We get plenty of instruction traps IF you delegate to the wireless
and use it.
(there may be other factors on the instruction traps so don't take the
above as canon), but Running all night with just the ::2 manually
inserted on ethernet results in no instruction traps (but there was no
traffic either). running with with the manual ::2/64 inserted does
result in routable, working, ipv6 subnet addresses that dnsmasq sees
and distributes from.
4) tweak: ge01 needs to be added to the firewall rules for wan. maybe.
The net result is unusable native ipv6 on comcast. (comcast6.net is
also reporting unusable ipv6 on wireless on the xbox 1, and I don't
know if that's related)
Working theories: A) is we have an endianess problem on parsing
dhcpv6-pd from comcast for the timeout, B) comcast has an endianess
problem C) we are not keeping properly track of the ipv6 address
assignment and/or lease length. D) Comcast isn't assigning ipv6
external addresses and subnets for more than a minute. E) we have some
problem on the wireless side in particular (but that seems independent
of the problem)
We have all generally been running fine with ipv6 tunneled through hurricane, so
my assumption is that this is something specific to the directly connected ge00
interface, in negotiating something with the upstream dhcpv6 and
dhcpv6-pd stuff.
Sat Jan 18 13:18:55 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:19:57 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:21:01 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:22:02 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:23:02 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:24:04 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:25:04 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:26:07 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:27:09 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:28:11 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Post by Steven Barth
Fyi as stated earlier i made the switch to odhcpd yesterday. With
that i
Post by Steven Barth
also switched routing from individual tables to source-constrained
routes in
Post by Steven Barth
the maintable.
Cheers,
Steven
Post by Dave Taht
Post by Matt Mathis
I'm finally getting back to this.
Post by Matt Mathis
Hmm. if you uncomment everything in /etc/dnsmasq.conf and restart
dnsmasq what happens? If you have got /64s you would end up doing
slaac and ra announcements via dnsmasq in this case.
That was on by default before (and what was tested in feburary).
Later
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
on 6relayd started having a race with it and seemed to be "the
future", so I disabled the dnsmasq version, thinking that 6relayd
was
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
the answer. It's entirely possible that's
merely configured wrong.
Now I get global /64's on my LAN interfaces, but I am still not
answering
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
dh
cp6 for
attached hosts. I retried both version of the 6relayd init
script....
enable-ra
dhcp-range=::1,::400,constructor:se00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw10,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw10,ra-names,ra-stateless
I am running: Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST
2013.....
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
which might be just a bit too fresh.... Would you suggest another?
You are not getting slaac either?
An ifconfig on an interface and a packet dump of ipv6 packets would
be
Post by Steven Barth
Post by Dave Taht
helpful.
Post by Matt Mathis
I have a spare 3700, so I think I will try some alternate vintages.
Thanks,
--MM--
The
best way to predict the future is to create it. - Alan Kay
Privacy matters! We know from recent events that people are using
our
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
services to speak in defiance of unjust governments. We treat
privacy
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
and
security as matters of life and death, because for some users, they
are.
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I
had it
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
enabling
ra
and
dhcpv6 via dnsmasq. At the moment that's turned off by default,
but
I did rather prefer having dns names for my ipv6 addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired via stateful
DHCPv6 and export them to dnsmasq in an additional hostfiles. At
least
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
that
seemed to work when I last tried it a few months ago. The only disadvantage
is that there is no "ra-names" feature there.
Getting to names from dhcpv4 to slaac was a neat hack and a
potential
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
RFC. So i figure spending the time to add the same functionality
into
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
into something other than dnsmasq would be useful towards writing
that
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
rfc.
Post by Dave Taht
is there a good way for 6re
layd
and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you could select dnsmasq
and /
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
or
odhcpd for different interfaces on the same machine. odhcpd
supports
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
that
but dnsmasq the last time I've looked seemed to use a single
socket
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
binding
to all interfaces for DHCP/v6 which prevents coexistance from
working
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
correctly because odhcpd / 6relayd can't bind the socket after
dnsmasq
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
did
and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of the
system
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream
interface)
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
* "ip addr list dev
ge01"
(replace ge01 with the interface your
downstream
router is connected)
* "ps | grep 6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's
successor
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
which
shares a good part of the codebase but is a bit better
integrated
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
with
the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets.
odhcpd
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
will
bring the functionality of dynamically enabling / disabling
DHCPv4/v6
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
on
interfaces without restarting the daemon and loosing state. This
is one
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
of
the main reasons for the change and very much eases things for high-level
protocols that do dynamic wan/lan detection.
Cheers,
Steven
Post by Dave Taht
Post by Steven Barth
Regards,
Steven
Post by Dave Taht
On Fri, Jan 3, 2014 at 8:40 AM, Dave Taht
Post by Dave Taht
At one level I am happy to figure out this is a recently
introduced
bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to debug the breakage in ipv6 dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd
server
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
and
see what I can see.
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about
6
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
month.
The
DHCP-PD config has always been a little unstable for me,
but
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 1
0:50:15
PST 2013 mips
GNU/Linux
My WAN gets a /128, but i cannot get DHCP-PD to work to get
addresses
on
the rest of my interfaces. The router does seem to have
good
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
IPv6
access.
I fiddled with the 6relayd config and came up with this,
but it
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
does
not
work. Any pointers on how to get this back on track? The
result
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
of
the
below config is that the /128 from the WAN interfaces is
now
Post by Steven Barth
Post by Dave Taht
Post by Matt Mathis
Post by Matt Mathis
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by Dave Taht
Post by cb.list6
present
on
all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
ame
-a
________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
Dave Taht
2014-01-18 16:22:47 UTC
Permalink
Post by Steven Barth
That firewall reloading is due to comcast unnecessarily spamming ras every 3
seconds. We already filter it down to one reload per minute. I prepared
another filter yesterday which will filter out updates that dont change
anything but adress / route timers. So expect some solution for this reload
spam in the coming days.
Wow, policy routing has really sprouted wings. No visible default route...


***@cerowrt:~# ip -6 route
2601:mynet:c30::/64 dev gw00 proto kernel metric 256 expires 300345sec
2601:mynet:c31::/64 dev gw10 proto kernel metric 256 expires 300345sec
2601:mynet:c32::/64 dev se00 proto kernel metric 256
2601:mynet:c33::/64 dev sw00 proto kernel metric 256 expires 300345sec
2601:mynet:c34::/64 dev sw10 proto kernel metric 256 expires 300345sec
unreachable 2601:9:8580:c30::/60 dev lo proto static metric
2147483647 error -128
(the above is trick to reject stuff going to subnets you have but have
not delegated)

and the actual routing is all done via the rule table.

Can this already co-exist with 6in4 or 6rd running at the same time?

***@cerowrt:~# ip -6 rule
0: from all lookup local
32766: from all lookup main
80000: from 2001:558:mywanaddr lookup 1004
90000: from 2001:558:mywanaddr lookup 1004
90000: from 2601:mynet:c32::1/64 iif se00 lookup 1004
90000: from 2601:mynet:c33::1/64 iif sw00 lookup 1004
90000: from 2601:mynet:c30::1/64 iif gw00 lookup 1004

but I'm confused, how do I get from mynet:c30 to mynet:c32

90000: from 2601:mynet:c34::1/64 iif sw10 lookup 1004
90000: from 2601:mynet:c31::1/64 iif gw10 lookup 1004
90001: from all iif lo lookup 1001
90002: from all iif lo lookup 1002
90003: from all iif lo lookup 1003
90003: from all iif lo lookup 1004
90013: from all iif lo lookup 1010
90014: from all iif lo lookup 1009
90015: from all iif lo lookup 1006
90016: from all iif lo lookup 1005
90017: from all iif lo lookup 1007
90018: from all iif lo lookup 1008
4200000000: from 2601:mynet:c32::1/64 iif se00 unreachable
4200000000: from 2601:mynet:c33::1/64 iif sw00 unreachable
4200000000: from 2601:mynet:c30::1/64 iif gw00 unreachable
4200000000: from 2601:mynet:c34::1/64 iif sw10 unreachable
4200000000: from 2601:mynet:c31::1/64 iif gw10 unreachable
4200000001: from all iif lo failed_policy
4200000002: from all iif se00 failed_policy
4200000003: from all iif ge00 failed_policy
4200000003: from all iif ge00 failed_policy
4200000013: from all iif gw11 failed_policy
4200000014: from all iif gw01 failed_policy
4200000015: from all iif sw10 failed_policy
4200000016: from all iif sw00 failed_policy
4200000017: from all iif gw00 failed_policy
4200000018: from all iif gw10 failed_policy
***@cerowrt:~# ip -6 route show table 1004
default via fe80::201:5cff:fe62:4e46 dev ge00 proto static metric 1024
Post by Steven Barth
Post by Dave Taht
I just filed bug http://www.bufferbloat.net/issues/438 on this issue
after working with matt until the wee hours.
I have to take a couple packet captures next.
comcast ipv6 had been working fine between august and december on
cerowrt 3.10.7 (?)
we do get an external IPv6 address AND /60 dhcpv6-pd delegation from
comcast, and distribute the /64s to each of the subnets on cero. The
resulting native ipv6 connection works for getting into the router
itself and stays up all night...
On the minus side(s)
1) The AAAA record on the wan interface (ge00) is withdrawn and
renewed every minute or two. This triggers reloading the firewall,
which really isn't something you want happening every minute or two.
The delegation seems to persist longer than that,
but...
2) We do not get dnsmasq distributing that /64 on any interface.
Interestingly if you manually add a new IPv6 address from that range
(say, whatever::2/64) dnsmasq picks it up and starts serving ipv6
addresses. (theory: we don't have that ipv6 delegation long enough for
dnsmasq to see it before they are withdrawn)
3) We get plenty of instruction traps IF you delegate to the wireless
and use it.
(there may be other factors on the instruction traps so don't take the
above as canon), but Running all night with just the ::2 manually
inserted on ethernet results in no instruction traps (but there was no
traffic either). running with with the manual ::2/64 inserted does
result in routable, working, ipv6 subnet addresses that dnsmasq sees
and distributes from.
4) tweak: ge01 needs to be added to the firewall rules for wan. maybe.
The net result is unusable native ipv6 on comcast
. (comcast6.net is
also reporting unusable ipv6 on wireless on the xbox 1, and I don't
know if that's related)
Working theories: A) is we have an endianess problem on parsing
dhcpv6-pd from comcast for the timeout, B) comcast has an endianess
problem C) we are not keeping properly track of the ipv6 address
assignment and/or lease length. D) Comcast isn't assigning ipv6
external addresses and subnets for more than a minute. E) we have some
problem on the wireless side in particular (but that seems independent
of the problem)
We have all generally been running fine with ipv6 tunneled through hurricane, so
my assumption is that this is something specific to the directly connected ge00
interface, in negotiating something with the upstream dhcpv6 and
dhcpv6-pd stuff.
Sat Jan 18 1
3:18:55
2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:19:57 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:21:01 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:22:02 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:23:02 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:24:04 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:25:04 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:26:07 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:27:09 2014 user.notice firewall: Reloading fi
rewall
due
to ifupdate of ge01 ()
Sat Jan 18 13:28:11 2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Post by Steven Barth
Fyi as stated earlier i made the switch to odhcpd yesterday. With that i
also switched routing from individual tables to source-constrained routes in
the maintable.
Cheers,
Steven
Post by Dave Taht
Post by Matt Mathis
I'm final
ly
getting back to this.
Post by Matt Mathis
Hmm. if you uncomment everything in /etc/dnsmasq.conf and restart
dnsmasq what happens? If you have got /64s you would end up doing
slaac and ra announcements via dnsmasq in this case.
That was on by default before (and what was tested in feburary). Later
on 6relayd started having a race with it and seemed to be "the
future", so I disabled the dnsmasq version, thinking that 6relayd was
the answer. It's entirely possible that's
merely configured wrong.
Now I get global /64's on my LAN interfaces, but I am still not answering
dh
cp6 for
attached hosts. I retried both version of the 6relayd init
script....
enable-ra
dhcp-range=::1,::400,constructor:se00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw10,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw10,ra-names,ra-stateless
I am running: Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013.....
which might be just a bit too fresh.... Would you suggest another?
You are not getting slaac either?
An ifconfig on an interface and a packet dump of ipv6 packets would be
helpful.
Post by Matt Mathis
I have a spare 3700, so I think I will try some alternate vintages.
Thanks,
--MM--
The
best way to predict the future is to create it. - Alan Kay
Privacy matters! We know from recent events that people are using our
services to speak in
defiance of unjust governments. We treat privacy
and
security as matters of life and death, because for some users, they are.
Post by Matt Mathis
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I had
it
enabling
ra
and
dhcpv6 via dnsmasq. At the moment that's turned off by default,
but
I did rather prefer having dns names for my ipv6
addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired via stateful
DHCPv6 and export them to dnsmasq in an additional hostfiles. At least
that
seemed to work when I last tried it a few months ago. The only disadvantage
is that there is no "ra-names" feature there.
Getting to names from dhcpv4 to slaac was a neat hack and a potential
RFC. So i figure spending the time to add the same functionality into
into something other than dnsmasq would be useful towards writing that
rfc.
Post by Dave Taht
is there a good way for 6re
layd
and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you c
ould
select dnsmasq and /
or
odhcpd for different interfaces on the same machine. odhcpd supports that
but dnsmasq the last time I've looked seemed to use a single socket binding
to all interfaces for DHCP/v6 which prevents coexistance from working
correctly because odhcpd / 6relayd can't bind the socket after dnsmasq
did
and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of the system
while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream interface)
* "ip addr list dev
ge01"
(replace ge01 with the interface your
downstream
router is connected)
* "ps
| grep
6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's successor which
shares a good part of the codebase but is a bit better integrated with
the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets. odhcpd
will
bring the functionality of dynamically enabling / disabling DHCPv4/v6 on
interfaces without restarting the daemon and loosing state. This is one
of
the main reasons for the change and very much eases things for high-level
protocols that do dynamic wan/lan detection.
Cheers,
Steven
Post by Dave Taht
Post by Steven Barth
Regard
s,
Steven
Post by Dave Taht
Post by cb.list6
Post by Dave Taht
At one level I am happy to figure out this is a recently
introduced
bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to d
ebug
the breakage in ipv6
dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd server and
see what I can see.
Post by cb.list6
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for about 6 month.
The
DHCP-PD config has always been a little unstable for me, but
working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 1
0:50:15
PST 2013 mips
GNU/Linux
My WAN
gets a
/128, but i cannot get DHCP-PD to work to get
addresses
on
the rest of my interfaces. The router does seem to have good IPv6
access.
I fiddled with the 6relayd config and came up with this, but it
does
not
work. Any pointers on how to get this back on track? The result
of
the
below config is that the /128 from the WAN interfaces is now
present
on
all
the interfaces but my attached computers get no addresses.
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
ame
-a
________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave Täht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave Täht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
Steven Barth
2014-01-18 16:34:20 UTC
Permalink
C30 to c32 should run through main table only which has no restrictions. In the new version from today we dont use policy rules that much any more and use source-routes instead. These can get picked up by babels as well and dont cause that much confusion ala "where is my default route".
Post by Steven Barth
Post by Steven Barth
That firewall reloading is due to comcast unnecessarily spamming ras
every 3
Post by Steven Barth
seconds. We already filter it down to one reload per minute. I
prepared
Post by Steven Barth
another filter yesterday which will filter out updates that dont
change
Post by Steven Barth
anything but adress / route timers. So expect some solution for this
reload
Post by Steven Barth
spam in the coming days.
Wow, policy routing has really sprouted wings. No visible default route...
2601:mynet:c30::/64 dev gw00 proto kernel metric 256 expires
300345sec
2601:mynet:c31::/64 dev gw10 proto kernel metric 256 expires
300345sec
2601:mynet:c32::/64 dev se00 proto kernel metric 256
2601:mynet:c33::/64 dev sw00 proto kernel metric 256 expires
300345sec
2601:mynet:c34::/64 dev sw10 proto kernel metric 256 expires
300345sec
unreachable 2601:9:8580:c30::/60 dev lo proto static metric
2147483647 error -128
(the above is trick to reject stuff going to subnets you have but have
not delegated)
and the actual routing is all done via the rule table.
Can this already co-exist with 6in4 or 6rd running at the same time?
0: from all lookup local
32766: from all lookup main
80000: from 2001:558:mywanaddr lookup 1004
90000: from 2001:558:mywanaddr lookup 1004
90000: from 2601:mynet:c32::1/64 iif se00 lookup 1004
90000: from 2601:mynet:c33::1/64 iif sw00 lookup 1004
90000: from 2601:mynet:c30::1/64 iif gw00 lookup 1004
but I'm confused, how do I get from mynet:c30 to mynet:c32
90000: from 2601:mynet:c34::1/64 iif sw10 lookup 1004
90000: from 2601:mynet:c31::1/64 iif gw10 lookup 1004
90001: from all iif lo lookup 1001
90002: from all iif lo lookup 1002
90003: from all iif lo lookup 1003
90003: from all iif lo lookup 1004
90013: from all iif lo lookup 1010
90014: from all iif lo lookup 1009
90015: from all iif lo lookup 1006
90016: from all iif lo lookup 1005
90017: from all iif lo lookup 1007
90018: from all iif lo lookup 1008
4200000000: from 2601:mynet:c32::1/64 iif se00 unreachable
4200000000: from 2601:mynet:c33::1/64 iif sw00 unreachable
4200000000: from 2601:mynet:c30::1/64 iif gw00 unreachable
4200000000: from 2601:mynet:c34::1/64 iif sw10 unreachable
4200000000: from 2601:mynet:c31::1/64 iif gw10 unreachable
4200000001: from all iif lo failed_policy
4200000002: from all iif se00 failed_policy
4200000003: from all iif ge00 failed_policy
4200000003: from all iif ge00 failed_policy
4200000013: from all iif gw11 failed_policy
4200000014: from all iif gw01 failed_policy
4200000015: from all iif sw10 failed_policy
4200000016: from all iif sw00 failed_policy
4200000017: from all iif gw00 failed_policy
4200000018: from all iif gw10 failed_policy
default via fe80::201:5cff:fe62:4e46 dev ge00 proto static metric 1024
Post by Steven Barth
Post by Dave Taht
I just filed bug http://www.bufferbloat.net/issues/438 on this issue
after working with matt until the wee hours.
I have to take a couple packet captures next.
comcast ipv6 had been working fine between august and december on
cerowrt 3.10.7 (?)
we do get an external IPv6 address AND /60 dhcpv6-pd delegation from
comcast, and distribute the /64s to each of the subnets on cero. The
resulting native ipv6 connection works for getting into the router
itself and stays up all night...
On the minus side(s)
1) The AAAA record on the wan interface (ge00) is withdrawn and
renewed every minute or two. This triggers reloading the firewall,
which really isn't something you want happening every minute or two.
The delegation seems to persist longer than that,
but...
2) We do not get dnsmasq distributing that /64 on any interface.
Interestingly if you manually add a new IPv6 address from that range
(say, whatever::2/64) dnsmasq picks it up and starts serving ipv6
addresses. (theory: we don't have that ipv6 delegation long enough
for
Post by Steven Barth
Post by Dave Taht
dnsmasq to see it before they are withdrawn)
3) We get plenty of instruction traps IF you delegate to the
wireless
Post by Steven Barth
Post by Dave Taht
and use it.
(there may be other factors on the instruction traps so don't take
the
Post by Steven Barth
Post by Dave Taht
above as canon), but Running all night with just the ::2 manually
inserted on ethernet results in no instruction traps (but there was
no
Post by Steven Barth
Post by Dave Taht
traffic either). running with with the manual ::2/64 inserted does
result in routable, working, ipv6 subnet addresses that dnsmasq sees
and distributes from.
4) tweak: ge01 needs to be added to the firewall rules for wan.
maybe.
Post by Steven Barth
Post by Dave Taht
The net result is unusable native ipv6 on comcast
. (comcast6.net is
also reporting unusable ipv6 on wireless on the xbox 1, and I don't
know if that's related)
Working theories: A) is we have an endianess problem on parsing
dhcpv6-pd from comcast for the timeout, B) comcast has an endianess
problem C) we are not keeping properly track of the ipv6 address
assignment and/or lease length. D) Comcast isn't assigning ipv6
external addresses and subnets for more than a minute. E) we have
some
Post by Steven Barth
Post by Dave Taht
problem on the wireless side in particular (but that seems
independent
Post by Steven Barth
Post by Dave Taht
of the problem)
We have all generally been running fine with ipv6 tunneled through hurricane, so
my assumption is that this is something specific to the directly
connected
Post by Steven Barth
Post by Dave Taht
ge00
interface, in negotiating something with the upstream dhcpv6 and
dhcpv6-pd stuff.
So here's one of the symptoms. I have some packet captures and
straces to
Post by Steven Barth
Post by Dave Taht
Sat Jan 18 1
3:18:55
2014 user.notice firewall: Reloading firewall due
to ifupdate of ge01 ()
Sat Jan 18 13:19:57 2014 user.notice firewall: Reloading firewall
due
Post by Steven Barth
Post by Dave Taht
to ifupdate of ge01 ()
Sat Jan 18 13:21:01 2014 user.notice firewall: Reloading firewall
due
Post by Steven Barth
Post by Dave Taht
to ifupdate of ge01 ()
Sat Jan 18 13:22:02 2014 user.notice firewall: Reloading firewall
due
Post by Steven Barth
Post by Dave Taht
to ifupdate of ge01 ()
Sat Jan 18 13:23:02 2014 user.notice firewall: Reloading firewall
due
Post by Steven Barth
Post by Dave Taht
to ifupdate of ge01 ()
Sat Jan 18 13:24:04 2014 user.notice firewall: Reloading firewall
due
Post by Steven Barth
Post by Dave Taht
to ifupdate of ge01 ()
Sat Jan 18 13:25:04 2014 user.notice firewall: Reloading firewall
due
Post by Steven Barth
Post by Dave Taht
to ifupdate of ge01 ()
Sat Jan 18 13:26:07 2014 user.notice firewall: Reloading firewall
due
Post by Steven Barth
Post by Dave Taht
to ifupdate of ge01 ()
Sat Jan 18 13:27:09 2014 user.notice firewall: Reloading fi
rewall
due
to ifupdate of ge01 ()
Sat Jan 18 13:28:11 2014 user.notice firewall: Reloading firewall
due
Post by Steven Barth
Post by Dave Taht
to ifupdate of ge01 ()
Post by Steven Barth
Fyi as stated earlier i made the switch to odhcpd yesterday. With
that i
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
also switched routing from individual tables to source-constrained
routes
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
in
the maintable.
Cheers,
Steven
On Fri, Jan 17, 2014 at 1:52 AM, Matt Mathis
Post by Matt Mathis
I'm final
ly
getting back to this.
Post by Matt Mathis
Hmm. if you uncomment everything in /etc/dnsmasq.conf and
restart
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
dnsmasq what happens? If you have got /64s you would end up
doing
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
slaac and ra announcements via dnsmasq in this case.
That was on by default before (and what was tested in feburary).
Later
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
on 6relayd started having a race with it and seemed to be "the
future", so I disabled the dnsmasq version, thinking that
6relayd was
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
the answer. It's entirely possible that's
merely configured wrong.
Now I get global /64's on my LAN interfaces, but I am still not answering
dh
cp6 for
attached hosts. I retried both version of the 6relayd init
script....
enable-ra
dhcp-range=::1,::400,constructor:se00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw00,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:sw10,ra-names,ra-stateless
dhcp-range=::1,::400,constructor:gw10,ra-names,ra-stateless
I am running: Linux cerowrt 3.10.24 #1 Tue Dec 24 10:50:15 PST 2013.....
which might be just a bit too fresh.... Would you suggest
another?
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
You are not getting slaac either?
An ifconfig on an interface and a packet dump of ipv6 packets
would be
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
helpful.
Post by Matt Mathis
I have a spare 3700, so I think I will try some alternate
vintages.
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Thanks,
--MM--
The
best way to predict the future is to create it. - Alan Kay
Privacy matters! We know from recent events that people are
using our
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
services to speak in
defiance of unjust governments. We treat privacy
and
security as matters of life and death, because for some users,
they
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
are.
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
I was also experiencing a race condition with dnsmasq, while I
had
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
it
enabling
ra
and
dhcpv6 via dnsmasq. At the moment that's turned off by
default,
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
but
I did rather prefer having dns names for my ipv6
addresses...
Well 6relayd and odhcpd collect hostnames of clients acquired
via
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
stateful
DHCPv6 and export them to dnsmasq in an additional hostfiles.
At
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
least
that
seemed to work when I last tried it a few months ago. The only disadvantage
is that there is no "ra-names" feature there.
Getting to names from dhcpv4 to slaac was a neat hack and a
potential
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
RFC. So i figure spending the time to add the same functionality
into
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
into something other than dnsmasq would be useful towards
writing that
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
rfc.
Post by Steven Barth
Post by Dave Taht
is there a good way for 6re
layd
and dnsmasq-dhcpv6 to co-exist?
Ideally they could coexist in a way that you c
ould
select dnsmasq and /
or
odhcpd for different interfaces on the same machine. odhcpd
supports
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
that
but dnsmasq the last time I've looked seemed to use a single
socket
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
binding
to all interfaces for DHCP/v6 which prevents coexistance from
working
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
correctly because odhcpd / 6relayd can't bind the socket after dnsmasq
did
and vice versa.
Post by Dave Taht
Post by Steven Barth
Feel free to provide me with some debugging information of
the
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
system
while
* "ifstatus ge00" (replace ge00 with your IPv6 upstream
interface)
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
* "ip addr list dev
ge01"
(replace ge01 with the interface your
downstream
router is connected)
* "ps
| grep
6relayd"
Anyway I will migrate all the stuff to odhcpd soon (it's
successor
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
which
shares a good part of the codebase but is a bit better
integrated
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
with
the
rest of the environment).
same question re dnsmasq.
Yeah as pointed out coexistence is a matter of binding sockets. odhcpd
will
bring the functionality of dynamically enabling / disabling
DHCPv4/v6
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
on
interfaces without restarting the daemon and loosing state.
This is
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
one
of
the main reasons for the change and very much eases things for high-level
protocols that do dynamic wan/lan detection.
Cheers,
Steven
Post by Dave Taht
Post by Steven Barth
Regard
s,
Steven
On Fri, Jan 3, 2014 at 11:50 AM, cb.list6
On Fri, Jan 3, 2014 at 8:40 AM, Dave Taht
Post by Dave Taht
At one level I am happy to figure out this is a recently
introduced
bug.
On the other hand I am not sure if it is 6relayd.
What version of cero was working for you?
I am not entirely sure, but i think it was from September.
CB
At the moment I lack the ability to d
ebug
the breakage in ipv6
dhcp-pd
(which is odhcpd) (I am travelling).
I will on my next stop next week (tuesday) setup a dhcpv6pd
server
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
and
see what I can see.
Post by Dave Taht
Post by cb.list6
Hi,
I have been using CeroWRT on Comcast with a 3800 for
about 6
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
month.
The
DHCP-PD config has always been a little unstable for me,
but
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
working.
Linux cerowrt 3.10.24 #1 Tue Dec 24 1
0:50:15
PST 2013 mips
GNU/Linux
My WAN
gets a
/128, but i cannot get DHCP-PD to work to get
addresses
on
the rest of my interfaces. The router does seem to have
good
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
IPv6
access.
I fiddled with the 6relayd config and came up with this,
but it
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
does
not
work. Any pointers on how to get this back on track?
The
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
result
of
the
below config is that the /128 from the WAN interfaces is
now
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
present
on
all
the interfaces but my attached computers get no
addresses.
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Matt Mathis
Post by Matt Mathis
Post by Steven Barth
Post by Dave Taht
Post by Steven Barth
Post by Dave Taht
Post by cb.list6
config server 'default'
option rd 'server'
option dhcpv6 'server'
option management_level '1'
list network 'ge01'
list network 'gw00'
list network 'gw01'
list network 'gw10'
list network 'gw11'
list network 'se00'
list network 'sw00'
list network 'sw10'
option fallback_relay 'rd dhcpv6 ndp'
option master 'ge00'
ame
-a
________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
--
Dave TÀht
http://www.teklibre.com/cerowrt/subscribe.html
Continue reading on narkive:
Loading...