[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

evil ipv6 bit?


After some apparently unrelated changes, one of my routers stopped 
routing traffic to a few IPv6 destinations. After a lot of 
experimentation, including rebooting (did not help), I found this:

archive.ubuntu.com: 2001:67c:1360:8001::17

"ping6 vrf internet 2001:67c:1360:8001::17" from the router shell works.

ping6/traceroute from a customer connection has the packet dropped by 
the router. Traceroute gets nothing back at all.

2001:67c:1360:7fff:: is ok. Does not reply to ping because I just made 
up that address. But I get a valid traceroute all the way to the 
Anything between 2001:67c:1360:8000:: and 
2001:67c:1360:ffff:ffff:ffff:ffff:ffff is dropped.

My route table looks like this:

albertslund-edge1#show ipv6 forwarding route vrf internet 
IPv6 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes  : K: kernel, I1: isis-l1, SFN: sf-nat64, R: ripng, AF: aftr, B: bgp,
          D: direct, I2: isis-l2, SLN: sl-nat64, O: ospfv3, D6: dhcp, P: 
          S: static, N: nd, V: vrrp, A: address, M: multicast, UI: 
          GW-FWD: PS-BUSI,GW-UE: PS-USER,LDP-A: LDP-AREA, UN: user-network,
          US: user-special;
Dest                                              Owner    Metric
   Interface                       Pri  Gw
2001:67c:1360::/48                                B 0
   xgei-0/0/0/6                    200  ::ffff:
::/0                                              B 0
   xgei-0/0/0/6                    200  ::ffff:

Notice how this is a /48 route and one bit at the /49 level changes how 
it is routed. That is not right.

I tried adding a /128 static route but that does not do anything. The 
packet is still dropped.

I just now discovered this:

google.com: 2a00:1450:400e:807::200e

That address works fine. But then I changed that one bit in the address: 
2a00:1450:400e:8807::200e and voila, the router drops the packet.

Now I am stumbled. What could the 49th bit in the destination IPv6 
address field in a packet mean to the router, that would make it drop 
the packet?

Some extra information about the network: We are using MPLS with l3vpn 
(vrf) and l2vpn (vpls). The traffic is qinq tagged before being 
transported in a l2vpn towards the router in question. The l2vpn does 
not transport the outer vlan tag. The l2vpn is then terminated on a 
loopback cable. On the other end of that loopback cable we receive the 
traffic as ordinary qinq tagged without MPLS tagging. It is on this 
interface the router apparently drops the packet. It might conceivably 
also drop the packet on the way out of the l2vpn.

I have a similar setup, but instead of a loopback cable, the l2vpn is 
terminated on another MPLS switch, which then connects to a router of 
the same model. This setup does not have the problem.

The change I introduced was changing from an internal interface called 
"bvi" to the loopback cable. The bvi interface is a simulated loopback 
cable construct. We are dropping the bvi interface because it is very 
buggy. We did not have this problem with the bvi interface however.

The hardware is ZTE M6000-S V3.00.20(3.40.1).