[support] Destination unreachable from HA on BU???
Mattias Blomqvist
mattias.blomqvist at gmail.com
Wed Mar 25 17:01:15 JST 2009
Hi.
Nothing about xfrm in that pdf... Maybe you sent the wrong link?
/Mattias
On Tue, Mar 24, 2009 at 6:22 PM, manish Jamwal <manish.jamwal at gmail.com> wrote:
> Hi
>
> The xfrm policy for BU is set in kernel from mip6d code. You can see the
> policy by below command
> # ip xfrm policy show
> src ::/0 dst ::/0 proto 135 sport 5
> dir in priority 9
> tmpl src :: dst ::
> proto ipv6-opts spi 0x00000000 reqid 0 mode 2
> level use
>
> Read this pdf, it will help u understand xfrm architecture better.
>
> http://ols.fedoraproject.org/OLS/Reprints-2006/schopp-reprint.pdf
>
> Regards
> Manish Jamwal
>
> On Tue, Mar 24, 2009 at 10:01 PM, Mattias Blomqvist
> <mattias.blomqvist at gmail.com> wrote:
>>
>> Hi
>>
>> I've done some more research.
>>
>> I can't get it to work with either of the mip6d from nautilus6.org or
>> from natisbad.org on either debian 4.0 or debian 5.0 with a variety of
>> kernels. I'm currently on debian 5.0 and kernel 2.6.29. The kernel is
>> before compiling checked with set_mip6_ipsec_fw_kernel_options.sh from
>> natisbad.org to make sure all the correct options are set.
>> Kernel 2.6.29 doesn't send destination unreachable as a patched 2.6.24
>> did.
>>
>> I'm currently investigating the xfrm setup and I have a question. A HA
>> does both xfrm_ha_init() and xfrm_cn_init(). xfrm_ha_init() only sets
>> up ipsec which I have turned off. xfrm_cn_init() says in its comments:
>> /* Create policy for all BUs with home flag NOT set to
>> use home address option */
>>
>> So where is the xfrm policy for BUs with home flag set ? Or isn't that
>> policy needed for the HA?
>>
>> Just trying to understand things...
>>
>> Would it be a good or bad idea to cross-post this to usagi-users?
>>
>> BR,
>> Mattias Blomqvist
>>
>> On Mon, Mar 23, 2009 at 11:44 PM, Romain KUNTZ <kuntz at lsiit.u-strasbg.fr>
>> wrote:
>> > Hi Mattias,
>> >
>> > On 2009/03/23, at 15:02, Mattias Blomqvist wrote:
>> >> libc6 is standard debian 5.0 which is 2.7-18 (afaik).
>> >> I also came to think of libc problems so I recompiled from the source
>> >> package from nautilus6 but with exactly the same result.
>> >>
>> >> I've tracked the issue down to mh_recv() in mh_listen() in mh.c never
>> >> returning any data. This in turn is because recvmsg() in mh_recv()
>> >> never returns any data.
>> >> This seems to be in line with the destination unreachable being sent.
>> >> It seems like the kernel or some lib doesn't think that any process is
>> >> interested in the BU.
>> >
>> > I don't have any clue so far, but if you happen to find the cause of
>> > the problem and/or a solution, please advertise it on this list and
>> > I'll add an entry in the howto FAQ.
>> >
>> > Cheers,
>> > romain
>> >
>> >
>> >> On Mon, Mar 23, 2009 at 2:17 PM, Romain KUNTZ <kuntz at lsiit.u-strasbg.fr
>> >> > wrote:
>> >>> Seems also OK to me. That is odd, it's the first time I hear about
>> >>> such
>> >>> issue.
>> >>> I've got the sane configuration here (2.6.24-1 kernel & mip6d from
>> >>> nautilus6) running fine.
>> >>>
>> >>> Which libc6 version are you using? Mine is 2.7-18.
>> >>>
>> >>> Cheers,
>> >>> romain
>> >>>
>> >>> On 2009/03/23, at 13:18, Mattias Blomqvist wrote:
>> >>>
>> >>>> Hi,
>> >>>>
>> >>>> Good question. Missed that one. It says the following with mip6d and
>> >>>> radvd running:
>> >>>>
>> >>>> HA:~# netstat -6 -a
>> >>>> Active Internet connections (servers and established)
>> >>>> Proto Recv-Q Send-Q Local Address Foreign
>> >>>> Address State
>> >>>> tcp6 0 0 localhost:7777
>> >>>> [::]:* LISTEN
>> >>>> tcp6 0 0 [::]:ssh
>> >>>> [::]:* LISTEN
>> >>>> tcp6 0 0 localhost:6010
>> >>>> [::]:* LISTEN
>> >>>> raw6 0 0 [::]:ipv6-icmp
>> >>>> [::]:* 7
>> >>>> raw6 0 0 [::]:ipv6-icmp
>> >>>> [::]:* 7
>> >>>> raw6 0 0 [::]:135
>> >>>> [::]:* 7
>> >>>>
>> >>>> After stopping mip6d and radvd it says:
>> >>>> HA:~# netstat -6 -a
>> >>>> Active Internet connections (servers and established)
>> >>>> Proto Recv-Q Send-Q Local Address Foreign
>> >>>> Address State
>> >>>> tcp6 0 0 [::]:ssh
>> >>>> [::]:* LISTEN
>> >>>> tcp6 0 0 localhost:6010
>> >>>> [::]:* LISTEN
>> >>>>
>> >>>>
>> >>>> Looks ok to me. Or?
>> >>>>
>> >>>> BR,
>> >>>> Mattias
>> >>>>
>> >>>> On Mon, Mar 23, 2009 at 1:06 PM, Romain KUNTZ
>> >>>> <kuntz at lsiit.u-strasbg.fr
>> >>>> >
>> >>>> wrote:
>> >>>>>
>> >>>>> Hi,
>> >>>>>
>> >>>>> What does netstat tells you?
>> >>>>>
>> >>>>> Cheers,
>> >>>>> romain
>> >>>>>
>> >>>>> On 2009/03/23, at 11:26, Mattias Blomqvist wrote:
>> >>>>>
>> >>>>>> Hello
>> >>>>>>
>> >>>>>> I'm getting destination unreachable icmp errors with code set to
>> >>>>>> "port
>> >>>>>> unreachable" (4) from the HA with mip6d running (and without of
>> >>>>>> course).
>> >>>>>> This is under Debian 5.0 but with the kernel and mip6d from
>> >>>>>> nautilus6.org.
>> >>>>>>
>> >>>>>> HA:~# uname -a
>> >>>>>> Linux HA 2.6.24-1-mip6-686 #1 SMP Tue Feb 26 03:20:31 UTC 2008
>> >>>>>> i686
>> >>>>>> GNU/Linux
>> >>>>>>
>> >>>>>> If I run mip6d in the foreground it says the following:
>> >>>>>> HA:~# mip6d
>> >>>>>> mip6d[2497]: MIPL Mobile IPv6 for Linux v2.0.2-umip-0.4 started
>> >>>>>> (Home
>> >>>>>> Agent)
>> >>>>>> Mon Mar 23 11:41:16 main: MIPL Mobile IPv6 for Linux started in
>> >>>>>> debug
>> >>>>>> mode, not detaching from terminal
>> >>>>>> Mon Mar 23 11:41:16 conf_show: config_file = /etc/mip6d.conf
>> >>>>>> Mon Mar 23 11:41:16 conf_show: vt_hostname = localhost
>> >>>>>> Mon Mar 23 11:41:16 conf_show: vt_service = 7777
>> >>>>>> Mon Mar 23 11:41:16 conf_show: mip6_entity = 2
>> >>>>>> Mon Mar 23 11:41:16 conf_show: debug_level = 10
>> >>>>>> Mon Mar 23 11:41:16 conf_show: debug_log_file = stderr
>> >>>>>> Mon Mar 23 11:41:16 conf_show: PolicyModulePath = [internal]
>> >>>>>> Mon Mar 23 11:41:16 conf_show: DefaultBindingAclPolicy = 0
>> >>>>>> Mon Mar 23 11:41:16 conf_show: NonVolatileBindingCache = disabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: KeyMngMobCapability = disabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: UseMnHaIPsec = disabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MnMaxHaBindingLife = 262140
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MnMaxCnBindingLife = 420
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MnRouterProbes = 0
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MnRouterProbeTimeout = 0.000000
>> >>>>>> Mon Mar 23 11:41:16 conf_show: InitialBindackTimeoutFirstReg =
>> >>>>>> 1.500000
>> >>>>>> Mon Mar 23 11:41:16 conf_show: InitialBindackTimeoutReReg =
>> >>>>>> 1.000000
>> >>>>>> Mon Mar 23 11:41:16 conf_show: UseCnBuAck = disabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: DoRouteOptimizationMN = enabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MnUseAllInterfaces = disabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MnDiscardHaParamProb = disabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: SendMobPfxSols = enabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: OptimisticHandoff = disabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MobRtrUseExplicitMode = enabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: SendMobPfxAdvs = enabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: SendUnsolMobPfxAdvs = enabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MaxMobPfxAdvInterval = 86400
>> >>>>>> Mon Mar 23 11:41:16 conf_show: MinMobPfxAdvInterval = 600
>> >>>>>> Mon Mar 23 11:41:16 conf_show: HaMaxBindingLife = 262140
>> >>>>>> Mon Mar 23 11:41:16 conf_show: HaAcceptMobRtr = disabled
>> >>>>>> Mon Mar 23 11:41:16 conf_show: DoRouteOptimizationCN = disabled
>> >>>>>> Mon Mar 23 11:41:16 xfrm_cn_init: Adding policies and states for
>> >>>>>> CN
>> >>>>>> Mon Mar 23 11:41:16 xfrm_ha_init: Adding policies and states for
>> >>>>>> HA
>> >>>>>> Mon Mar 23 11:41:16 ha_if_addr_setup: Joined anycast group
>> >>>>>> 2a03:a0a:ffff:ffff:ffff:ffff:ffff:fffe on iface 3
>> >>>>>>
>> >>>>>>
>> >>>>>> iface 3 is correct since:
>> >>>>>> HA:~# ip link
>> >>>>>> ........
>> >>>>>> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> >>>>>> pfifo_fast
>> >>>>>> state UNKNOWN qlen 1000
>> >>>>>> link/ether 08:00:27:99:49:45 brd ff:ff:ff:ff:ff:ff
>> >>>>>>
>> >>>>>> tcpdump on HA gives:
>> >>>>>> HA:~# tcpdump -vvv -i eth0 -s 200 host yyyy:yyyy::1
>> >>>>>> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture
>> >>>>>> size
>> >>>>>> 200
>> >>>>>> bytes
>> >>>>>>
>> >>>>>> 11:50:33.221717 IP6 (hlim 64, next-header IPv6 (41) payload
>> >>>>>> length:
>> >>>>>> 72) xxxx:xxxx::13 > yyyy:yyyy::1: IP6 (hlim 64, next-header
>> >>>>>> Mobility
>> >>>>>> (135) payload length: 32) yyyy:yyyy:0:1300::1 > yyyy:yyyy::1:
>> >>>>>> mobility: BU seq#=26817 AH lifetime=262140(padn)(alt-CoA:
>> >>>>>> xxxx:xxxx::13)
>> >>>>>>
>> >>>>>> 11:50:33.319495 IP6 (hlim 64, next-header ICMPv6 (58) payload
>> >>>>>> length:
>> >>>>>> 120) yyyy:yyyy::1 > xxxx:xxxx::13: [icmp6 sum ok] ICMP6,
>> >>>>>> destination
>> >>>>>> unreachable, length 120, unreachable port[|icmp6]
>> >>>>>>
>> >>>>>> radvd is running on HA with the following config:
>> >>>>>> interface eth0
>> >>>>>> {
>> >>>>>> AdvSendAdvert on;
>> >>>>>> MinRtrAdvInterval 3;
>> >>>>>> MaxRtrAdvInterval 10;
>> >>>>>> AdvIntervalOpt on;
>> >>>>>> AdvHomeAgentFlag on;
>> >>>>>> AdvHomeAgentInfo on;
>> >>>>>> HomeAgentLifetime 1800;
>> >>>>>> HomeAgentPreference 10;
>> >>>>>> AdvMobRtrSupportFlag off;
>> >>>>>> prefix xxxx:xxxx::1/32
>> >>>>>> {
>> >>>>>> AdvRouterAddr on;
>> >>>>>> AdvOnLink on;
>> >>>>>> AdvAutonomous off;
>> >>>>>> };
>> >>>>>> };
>> >>>>>>
>> >>>>>> I have tried with prefix xxxx:xxxx::1/64 and AdvAutonomous on
>> >>>>>> but the
>> >>>>>> result is still the same. And yes, radvd was restarted after
>> >>>>>> mip6d was
>> >>>>>> started.
>> >>>>>>
>> >>>>>> I assume that the BU's reach the HA but doesn't reach mip6d
>> >>>>>> running on
>> >>>>>> it since the icmp code says "unreachable port". Correct?
>> >>>>>> What can cause it?
>> >>>>>>
>> >>>>>> I've also tried with a recompiled debian 5.0 kernel and mip6d from
>> >>>>>> natisbad.org with the same result.
>> >>>>>>
>> >>>>>> BR,
>> >>>>>> Mattias
>> >>>>>> _______________________________________________
>> >>>>>> Support mailing list
>> >>>>>> Support at ml.nautilus6.org
>> >>>>>> http://ml.nautilus6.org/mailman/listinfo/support
>> >>>>>>
>> >>>>>
>> >>>>> _______________________________________________
>> >>>>> Support mailing list
>> >>>>> Support at ml.nautilus6.org
>> >>>>> http://ml.nautilus6.org/mailman/listinfo/support
>> >>>>>
>> >>>> _______________________________________________
>> >>>> Support mailing list
>> >>>> Support at ml.nautilus6.org
>> >>>> http://ml.nautilus6.org/mailman/listinfo/support
>> >>>>
>> >>>
>> >>> _______________________________________________
>> >>> Support mailing list
>> >>> Support at ml.nautilus6.org
>> >>> http://ml.nautilus6.org/mailman/listinfo/support
>> >>>
>> >> _______________________________________________
>> >> Support mailing list
>> >> Support at ml.nautilus6.org
>> >> http://ml.nautilus6.org/mailman/listinfo/support
>> >>
>> >
>> > _______________________________________________
>> > Support mailing list
>> > Support at ml.nautilus6.org
>> > http://ml.nautilus6.org/mailman/listinfo/support
>> >
>> _______________________________________________
>> Support mailing list
>> Support at ml.nautilus6.org
>> http://ml.nautilus6.org/mailman/listinfo/support
>
>
More information about the Support
mailing list