It then receives a NDP packet and ignores it because it don't recognise the source IP address:
``` 12:52:54.191262 IP6 fe80::822a:a8ff:fe4d:af90 > 2001:44b8:4112:8a06::d: ICMP6, neighbor solicitation, who has 2001:44b8:4112:8a06::d, length 32 ```
Some NDP packets are sent with the public IPv6 address, and these work:
``` 12:52:41.031477 IP6 2001:44b8:4112:8a06::d > 2001:44b8:4112:8a06::1: ICMP6, neighbor solicitation, who has 2001:44b8:4112:8a06::1, length 32 12:52:41.031653 IP6 2001:44b8:4112:8a06::1 > 2001:44b8:4112:8a06::d: ICMP6, neighbor advertisement, tgt is 2001:44b8:4112:8a06::1, length 24 ```
Now I have IPv6 connectivity unti the NDP entry expires.
The solution seems to be to manually add an fe80:: IP address to the jail. In my case I added fe80::d/64.
Now the NDP works as expected.
``` 12:56:23.316432 IP6 fe80::822a:a8ff:fe4d:af90 > fe80::d: ICMP6, neighbor solicitation, who has fe80::d, length 32 12:56:23.316441 IP6 fe80::d > fe80::822a:a8ff:fe4d:af90: ICMP6, neighbor advertisement, tgt is fe80::d, length 24 ```
Possibly this is because I turned off IPv6 autoconfiguration. Because I want a static IP address. But generally speaking I normally expect the fe80:: address to be automatically configured even if using static configuration.
If this really is a case of me needing to manually configure a fe80:: address, then this probably should be documented somewhere.
But I suspect it is a bug. Also it does the right thing on the TrueNAS interface:
I never manually added the fe80 link local address, it came automatically. Which is what I would expect should happen with jails too.
I wasn't sure what to use for impact. It is rather serious IMHO, but now that I have found a work-around... I marked it low.
Problem/Justification
None
Impact
None
SmartDraw Connector
Katalon Manual Tests (BETA)
Activity
Show:
William Gryzbowski
March 30, 2021 at 4:35 PM
Not much we can do here with our limited resources which may likely be a upstream bug (FreeBSD or iocage).
As said, we will happily accept patches fixing this but we cannot expend resources/time into this in the near future.
Peter Brille
March 28, 2021 at 8:17 PM
(edited)
TrueNAS-12.0-U2.1
I'm also experiencing this phenomenon but currently only for a jail that has a static IPv6 adress assigned. All my other jails getting their IPvs dynamically via radvd. None of those suffer from the problem.
If you need any help getting your lab running with IPv6 I would be glad to help. It's really no big deal though.
I don't experience this problem with iocage 1.2 on a dedicated FreeBSD 12.2p4 host.
Unfortunately we have no IPv6 in our lab yet so reproducing and finding a fix for this would not be so simple.
Putting it in backlog for now. If anyone could provide a PR it would be great.
penguin_brian
January 4, 2021 at 9:45 PM
As attached.
I have a number of jails, this happened with all of them.
Bonnie Follweiler
January 4, 2021 at 4:02 PM
Thank you for the report . Can you please provide what version of FreeNAS/TrueNAS you are currently on, a debug by navigating to System -> Advanced -> click save debug, and upload attachment to this ticket?
I have seen what look like similar reports with no solution:
https://www.truenas.com/community/threads/jail-ipv6-ndp-not-learning-mac.83297/
I used VNET configuration.
Basically the jail ends up with an interface that looks like:
```
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 2e:ea:7f:87:00:b5
hwaddr 02:13:9f:dd:31:0b
inet 192.168.6.13 netmask 0xffffff00 broadcast 192.168.6.255
inet6 2001:44b8:4112:8a06::d prefixlen 64
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>
status: active
nd6 options=1<PERFORMNUD>
```
It then receives a NDP packet and ignores it because it don't recognise the source IP address:
```
12:52:54.191262 IP6 fe80::822a:a8ff:fe4d:af90 > 2001:44b8:4112:8a06::d: ICMP6, neighbor solicitation, who has 2001:44b8:4112:8a06::d, length 32
```
Some NDP packets are sent with the public IPv6 address, and these work:
```
12:52:41.031477 IP6 2001:44b8:4112:8a06::d > 2001:44b8:4112:8a06::1: ICMP6, neighbor solicitation, who has 2001:44b8:4112:8a06::1, length 32
12:52:41.031653 IP6 2001:44b8:4112:8a06::1 > 2001:44b8:4112:8a06::d: ICMP6, neighbor advertisement, tgt is 2001:44b8:4112:8a06::1, length 24
```
Now I have IPv6 connectivity unti the NDP entry expires.
The solution seems to be to manually add an fe80:: IP address to the jail. In my case I added fe80::d/64.
Now the NDP works as expected.
```
12:56:23.316432 IP6 fe80::822a:a8ff:fe4d:af90 > fe80::d: ICMP6, neighbor solicitation, who has fe80::d, length 32
12:56:23.316441 IP6 fe80::d > fe80::822a:a8ff:fe4d:af90: ICMP6, neighbor advertisement, tgt is fe80::d, length 24
```
Possibly this is because I turned off IPv6 autoconfiguration. Because I want a static IP address. But generally speaking I normally expect the fe80:: address to be automatically configured even if using static configuration.
If this really is a case of me needing to manually configure a fe80:: address, then this probably should be documented somewhere.
But I suspect it is a bug. Also it does the right thing on the TrueNAS interface:
```
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
ether 2c:ea:7f:7b:fa:68
inet6 fe80::2eea:7fff:fe7b:fa68%bge0 prefixlen 64 scopeid 0x1
inet6 2001:44b8:4112:8a03::c prefixlen 64
inet 192.168.3.12 netmask 0xffffff00 broadcast 192.168.3.255
media: Ethernet autoselect (1000baseT <full-duplex>
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```
I never manually added the fe80 link local address, it came automatically. Which is what I would expect should happen with jails too.
I wasn't sure what to use for impact. It is rather serious IMHO, but now that I have found a work-around... I marked it low.