nanog mailing list archives

Previous By Date Next
Previous By Thread Next

evil ipv6 bit?

From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Fri, 26 Jan 2018 04:50:49 +0100
Hello
After some apparently unrelated changes, one of my routers stopped routing traffic to a few IPv6 destinations. After a lot of experimentation, including rebooting (did not help), I found this: 

archive.ubuntu.com: 2001:67c:1360:8001::17

"ping6 vrf internet 2001:67c:1360:8001::17" from the router shell works.
ping6/traceroute from a customer connection has the packet dropped by the router. Traceroute gets nothing back at all.
2001:67c:1360:7fff:: is ok. Does not reply to ping because I just made up that address. But I get a valid traceroute all the way to the destination. Anything between 2001:67c:1360:8000:: and 2001:67c:1360:ffff:ffff:ffff:ffff:ffff is dropped. 

My route table looks like this:
albertslund-edge1#show ipv6 forwarding route vrf internet 2001:67c:1360:8001::17 
IPv6 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes  : K: kernel, I1: isis-l1, SFN: sf-nat64, R: ripng, AF: aftr, B: bgp,
D: direct, I2: isis-l2, SLN: sl-nat64, O: ospfv3, D6: dhcp, P: ppp, S: static, N: nd, V: vrrp, A: address, M: multicast, UI: user-ipaddr, 
         GW-FWD: PS-BUSI,GW-UE: PS-USER,LDP-A: LDP-AREA, UN: user-network,
         US: user-special;
Dest                                              Owner    Metric
  Interface                       Pri  Gw
2001:67c:1360::/48                                B 0
  xgei-0/0/0/6                    200  ::ffff:185.24.168.254
::/0                                              B 0
  xgei-0/0/0/6                    200  ::ffff:185.24.168.254
Notice how this is a /48 route and one bit at the /49 level changes how it is routed. That is not right.
I tried adding a /128 static route but that does not do anything. The packet is still dropped. 

I just now discovered this:

google.com: 2a00:1450:400e:807::200e
That address works fine. But then I changed that one bit in the address: 2a00:1450:400e:8807::200e and voila, the router drops the packet.
Now I am stumbled. What could the 49th bit in the destination IPv6 address field in a packet mean to the router, that would make it drop the packet?
Some extra information about the network: We are using MPLS with l3vpn (vrf) and l2vpn (vpls). The traffic is qinq tagged before being transported in a l2vpn towards the router in question. The l2vpn does not transport the outer vlan tag. The l2vpn is then terminated on a loopback cable. On the other end of that loopback cable we receive the traffic as ordinary qinq tagged without MPLS tagging. It is on this interface the router apparently drops the packet. It might conceivably also drop the packet on the way out of the l2vpn.
I have a similar setup, but instead of a loopback cable, the l2vpn is terminated on another MPLS switch, which then connects to a router of the same model. This setup does not have the problem.
The change I introduced was changing from an internal interface called "bvi" to the loopback cable. The bvi interface is a simulated loopback cable construct. We are dropping the bvi interface because it is very buggy. We did not have this problem with the bvi interface however. 

The hardware is ZTE M6000-S V3.00.20(3.40.1).

Thanks,

Baldur
Previous By Date Next
Previous By Thread Next

Current thread: