Re: ipv6 gateway on different subnet

[Greg Troxel <gdt%lexort.com@localhost>]

Peter Miller <feurry%gmail.com@localhost> writes:

> On Wed, Jan 22, 2025 at 6:30 AM Greg Troxel <gdt%lexort.com@localhost> wrote:
>
>> See netinet6/nd6_nbr.c and netinet6/nd6_rtr.c which might be
>> enlightening.
>>
>> Use "ndp -a" and "netstat -nr" to see what's in the routing table.
>>
>> Do "netstat -s", wait, and do it again, saving both results, and diff
>> -U0 to see all changed counters, including ones you aren't expecting.
>
> Am I supposed to have a ping from outside going while I do the
> "netstat -s" or just run it a couple of times?

I'm not entirely sure what you are doing network wise, but I am assuming
that you are trying to understand the behavior.   So I meant to run it
once, do an experiment that shows bad behavior, and then again, and
diff.  This may not be useful.  But it has at various times turned up
unexpected counter increments.

> On first login today, ndp is empty, but ping worked, and after that
> ndp had entries
>
> ndp -a
> Neighbor                                Linklayer Address  Netif Expire    S Fl
>
> ping6 google.com
> PING6(56=40+8+8 bytes) 2602:fed2:7116:d82c::1 --> 2607:f8b0:4023:1000::8b
> 16 bytes from 2607:f8b0:4023:1000::8b, icmp_seq=0 hlim=109 time=5.459 ms
> 16 bytes from 2607:f8b0:4023:1000::8b, icmp_seq=1 hlim=109 time=2.514 ms
> ^C
> --- google.com ping6 statistics ---
> 2 packets transmitted, 2 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 2.514/3.986/5.459/2.082 ms
>
> ndp -a
> Neighbor                                Linklayer Address  Netif Expire    S Fl
> fe80::da67:d9ff:fe58:3d1b%vioif0        d8:67:d9:58:3d:1b vioif0 1s        D
> 2602:fed2:7116::1                       d8:67:d9:58:3d:1b vioif0 27s       R
>
> 2nd address did not work
> ping6 -S 2602:fed2:7116:d82c::6 google.com
> PING6(56=40+8+8 bytes) 2602:fed2:7116:d82c::6 --> 2607:f8b0:4023:1000::64
> ^C
> --- google.com ping6 statistics ---
> 4 packets transmitted, 0 packets received, 100.0% packet loss

I would suggest using "route -inet6 get" and trying to understand the
components of the operations you are requesting.   And, to run tcpdump
on the interface, -w to a file, and then look at it afterwards, during
these experiments.

Also, you didn't test -S with the first address.

> ifconfig
> vioif0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>     ec_capabilities=0x1<VLAN_MTU>
>     ec_enabled=0
>     address: 00:16:3e:d7:cf:50
>     status: active
>     inet6 fe80::216:3eff:fed7:cf50%vioif0/64 flags 0 scopeid 0x1
>     inet6 2602:fed2:7116:d82c::1/64 flags 0
>     inet6 2602:fed2:7116:d82c::6/64 flags 0
>     inet 23.173.152.249/24 broadcast 23.173.152.255 flags 0
> lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
>     status: active
>     inet6 ::1/128 flags 0x20<NODAD>
>     inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
>     inet 127.0.0.1/8 flags 0

Your routing tables are line wrapped.  I don't know what MUA you are
using, but please figure out how to not mangle debug output.  It's much
harder to read (so I'm not going to).
1