[support] Destination unreachable from HA on BU???
manish Jamwal
manish.jamwal at gmail.com
Wed Mar 25 17:18:48 JST 2009
Hi
Check this one, hope this opens :)
http://ols.fedoraproject.org/OLS/Reprints-2004/Reprint-Miyazawa-OLS2004.pdf
Regards
Manish Jamwal
On Wed, Mar 25, 2009 at 1:31 PM, Mattias Blomqvist <
mattias.blomqvist at gmail.com> wrote:
> Hi.
>
> Nothing about xfrm in that pdf... Maybe you sent the wrong link?
>
> /Mattias
>
> On Tue, Mar 24, 2009 at 6:22 PM, manish Jamwal <manish.jamwal at gmail.com>
> wrote:
> > Hi
> >
> > The xfrm policy for BU is set in kernel from mip6d code. You can see the
> > policy by below command
> > # ip xfrm policy show
> > src ::/0 dst ::/0 proto 135 sport 5
> > dir in priority 9
> > tmpl src :: dst ::
> > proto ipv6-opts spi 0x00000000 reqid 0 mode 2
> > level use
> >
> > Read this pdf, it will help u understand xfrm architecture better.
> >
> > http://ols.fedoraproject.org/OLS/Reprints-2006/schopp-reprint.pdf
> >
> > Regards
> > Manish Jamwal
> >
> > On Tue, Mar 24, 2009 at 10:01 PM, Mattias Blomqvist
> > <mattias.blomqvist at gmail.com> wrote:
> >>
> >> Hi
> >>
> >> I've done some more research.
> >>
> >> I can't get it to work with either of the mip6d from nautilus6.org or
> >> from natisbad.org on either debian 4.0 or debian 5.0 with a variety of
> >> kernels. I'm currently on debian 5.0 and kernel 2.6.29. The kernel is
> >> before compiling checked with set_mip6_ipsec_fw_kernel_options.sh from
> >> natisbad.org to make sure all the correct options are set.
> >> Kernel 2.6.29 doesn't send destination unreachable as a patched 2.6.24
> >> did.
> >>
> >> I'm currently investigating the xfrm setup and I have a question. A HA
> >> does both xfrm_ha_init() and xfrm_cn_init(). xfrm_ha_init() only sets
> >> up ipsec which I have turned off. xfrm_cn_init() says in its comments:
> >> /* Create policy for all BUs with home flag NOT set to
> >> use home address option */
> >>
> >> So where is the xfrm policy for BUs with home flag set ? Or isn't that
> >> policy needed for the HA?
> >>
> >> Just trying to understand things...
> >>
> >> Would it be a good or bad idea to cross-post this to usagi-users?
> >>
> >> BR,
> >> Mattias Blomqvist
> >>
> >> On Mon, Mar 23, 2009 at 11:44 PM, Romain KUNTZ <
> kuntz at lsiit.u-strasbg.fr>
> >> wrote:
> >> > Hi Mattias,
> >> >
> >> > On 2009/03/23, at 15:02, Mattias Blomqvist wrote:
> >> >> libc6 is standard debian 5.0 which is 2.7-18 (afaik).
> >> >> I also came to think of libc problems so I recompiled from the source
> >> >> package from nautilus6 but with exactly the same result.
> >> >>
> >> >> I've tracked the issue down to mh_recv() in mh_listen() in mh.c never
> >> >> returning any data. This in turn is because recvmsg() in mh_recv()
> >> >> never returns any data.
> >> >> This seems to be in line with the destination unreachable being sent.
> >> >> It seems like the kernel or some lib doesn't think that any process
> is
> >> >> interested in the BU.
> >> >
> >> > I don't have any clue so far, but if you happen to find the cause of
> >> > the problem and/or a solution, please advertise it on this list and
> >> > I'll add an entry in the howto FAQ.
> >> >
> >> > Cheers,
> >> > romain
> >> >
> >> >
> >> >> On Mon, Mar 23, 2009 at 2:17 PM, Romain KUNTZ <
> kuntz at lsiit.u-strasbg.fr
> >> >> > wrote:
> >> >>> Seems also OK to me. That is odd, it's the first time I hear about
> >> >>> such
> >> >>> issue.
> >> >>> I've got the sane configuration here (2.6.24-1 kernel & mip6d from
> >> >>> nautilus6) running fine.
> >> >>>
> >> >>> Which libc6 version are you using? Mine is 2.7-18.
> >> >>>
> >> >>> Cheers,
> >> >>> romain
> >> >>>
> >> >>> On 2009/03/23, at 13:18, Mattias Blomqvist wrote:
> >> >>>
> >> >>>> Hi,
> >> >>>>
> >> >>>> Good question. Missed that one. It says the following with mip6d
> and
> >> >>>> radvd running:
> >> >>>>
> >> >>>> HA:~# netstat -6 -a
> >> >>>> Active Internet connections (servers and established)
> >> >>>> Proto Recv-Q Send-Q Local Address Foreign
> >> >>>> Address State
> >> >>>> tcp6 0 0 localhost:7777
> >> >>>> [::]:* LISTEN
> >> >>>> tcp6 0 0 [::]:ssh
> >> >>>> [::]:* LISTEN
> >> >>>> tcp6 0 0 localhost:6010
> >> >>>> [::]:* LISTEN
> >> >>>> raw6 0 0 [::]:ipv6-icmp
> >> >>>> [::]:* 7
> >> >>>> raw6 0 0 [::]:ipv6-icmp
> >> >>>> [::]:* 7
> >> >>>> raw6 0 0 [::]:135
> >> >>>> [::]:* 7
> >> >>>>
> >> >>>> After stopping mip6d and radvd it says:
> >> >>>> HA:~# netstat -6 -a
> >> >>>> Active Internet connections (servers and established)
> >> >>>> Proto Recv-Q Send-Q Local Address Foreign
> >> >>>> Address State
> >> >>>> tcp6 0 0 [::]:ssh
> >> >>>> [::]:* LISTEN
> >> >>>> tcp6 0 0 localhost:6010
> >> >>>> [::]:* LISTEN
> >> >>>>
> >> >>>>
> >> >>>> Looks ok to me. Or?
> >> >>>>
> >> >>>> BR,
> >> >>>> Mattias
> >> >>>>
> >> >>>> On Mon, Mar 23, 2009 at 1:06 PM, Romain KUNTZ
> >> >>>> <kuntz at lsiit.u-strasbg.fr
> >> >>>> >
> >> >>>> wrote:
> >> >>>>>
> >> >>>>> Hi,
> >> >>>>>
> >> >>>>> What does netstat tells you?
> >> >>>>>
> >> >>>>> Cheers,
> >> >>>>> romain
> >> >>>>>
> >> >>>>> On 2009/03/23, at 11:26, Mattias Blomqvist wrote:
> >> >>>>>
> >> >>>>>> Hello
> >> >>>>>>
> >> >>>>>> I'm getting destination unreachable icmp errors with code set to
> >> >>>>>> "port
> >> >>>>>> unreachable" (4) from the HA with mip6d running (and without of
> >> >>>>>> course).
> >> >>>>>> This is under Debian 5.0 but with the kernel and mip6d from
> >> >>>>>> nautilus6.org.
> >> >>>>>>
> >> >>>>>> HA:~# uname -a
> >> >>>>>> Linux HA 2.6.24-1-mip6-686 #1 SMP Tue Feb 26 03:20:31 UTC 2008
> >> >>>>>> i686
> >> >>>>>> GNU/Linux
> >> >>>>>>
> >> >>>>>> If I run mip6d in the foreground it says the following:
> >> >>>>>> HA:~# mip6d
> >> >>>>>> mip6d[2497]: MIPL Mobile IPv6 for Linux v2.0.2-umip-0.4 started
> >> >>>>>> (Home
> >> >>>>>> Agent)
> >> >>>>>> Mon Mar 23 11:41:16 main: MIPL Mobile IPv6 for Linux started in
> >> >>>>>> debug
> >> >>>>>> mode, not detaching from terminal
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: config_file = /etc/mip6d.conf
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: vt_hostname = localhost
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: vt_service = 7777
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: mip6_entity = 2
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: debug_level = 10
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: debug_log_file = stderr
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: PolicyModulePath = [internal]
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: DefaultBindingAclPolicy = 0
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: NonVolatileBindingCache = disabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: KeyMngMobCapability = disabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: UseMnHaIPsec = disabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnMaxHaBindingLife = 262140
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnMaxCnBindingLife = 420
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnRouterProbes = 0
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnRouterProbeTimeout = 0.000000
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: InitialBindackTimeoutFirstReg =
> >> >>>>>> 1.500000
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: InitialBindackTimeoutReReg =
> >> >>>>>> 1.000000
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: UseCnBuAck = disabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: DoRouteOptimizationMN = enabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnUseAllInterfaces = disabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnDiscardHaParamProb = disabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: SendMobPfxSols = enabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: OptimisticHandoff = disabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MobRtrUseExplicitMode = enabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: SendMobPfxAdvs = enabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: SendUnsolMobPfxAdvs = enabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MaxMobPfxAdvInterval = 86400
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MinMobPfxAdvInterval = 600
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: HaMaxBindingLife = 262140
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: HaAcceptMobRtr = disabled
> >> >>>>>> Mon Mar 23 11:41:16 conf_show: DoRouteOptimizationCN = disabled
> >> >>>>>> Mon Mar 23 11:41:16 xfrm_cn_init: Adding policies and states for
> >> >>>>>> CN
> >> >>>>>> Mon Mar 23 11:41:16 xfrm_ha_init: Adding policies and states for
> >> >>>>>> HA
> >> >>>>>> Mon Mar 23 11:41:16 ha_if_addr_setup: Joined anycast group
> >> >>>>>> 2a03:a0a:ffff:ffff:ffff:ffff:ffff:fffe on iface 3
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> iface 3 is correct since:
> >> >>>>>> HA:~# ip link
> >> >>>>>> ........
> >> >>>>>> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> >> >>>>>> pfifo_fast
> >> >>>>>> state UNKNOWN qlen 1000
> >> >>>>>> link/ether 08:00:27:99:49:45 brd ff:ff:ff:ff:ff:ff
> >> >>>>>>
> >> >>>>>> tcpdump on HA gives:
> >> >>>>>> HA:~# tcpdump -vvv -i eth0 -s 200 host yyyy:yyyy::1
> >> >>>>>> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture
> >> >>>>>> size
> >> >>>>>> 200
> >> >>>>>> bytes
> >> >>>>>>
> >> >>>>>> 11:50:33.221717 IP6 (hlim 64, next-header IPv6 (41) payload
> >> >>>>>> length:
> >> >>>>>> 72) xxxx:xxxx::13 > yyyy:yyyy::1: IP6 (hlim 64, next-header
> >> >>>>>> Mobility
> >> >>>>>> (135) payload length: 32) yyyy:yyyy:0:1300::1 > yyyy:yyyy::1:
> >> >>>>>> mobility: BU seq#=26817 AH lifetime=262140(padn)(alt-CoA:
> >> >>>>>> xxxx:xxxx::13)
> >> >>>>>>
> >> >>>>>> 11:50:33.319495 IP6 (hlim 64, next-header ICMPv6 (58) payload
> >> >>>>>> length:
> >> >>>>>> 120) yyyy:yyyy::1 > xxxx:xxxx::13: [icmp6 sum ok] ICMP6,
> >> >>>>>> destination
> >> >>>>>> unreachable, length 120, unreachable port[|icmp6]
> >> >>>>>>
> >> >>>>>> radvd is running on HA with the following config:
> >> >>>>>> interface eth0
> >> >>>>>> {
> >> >>>>>> AdvSendAdvert on;
> >> >>>>>> MinRtrAdvInterval 3;
> >> >>>>>> MaxRtrAdvInterval 10;
> >> >>>>>> AdvIntervalOpt on;
> >> >>>>>> AdvHomeAgentFlag on;
> >> >>>>>> AdvHomeAgentInfo on;
> >> >>>>>> HomeAgentLifetime 1800;
> >> >>>>>> HomeAgentPreference 10;
> >> >>>>>> AdvMobRtrSupportFlag off;
> >> >>>>>> prefix xxxx:xxxx::1/32
> >> >>>>>> {
> >> >>>>>> AdvRouterAddr on;
> >> >>>>>> AdvOnLink on;
> >> >>>>>> AdvAutonomous off;
> >> >>>>>> };
> >> >>>>>> };
> >> >>>>>>
> >> >>>>>> I have tried with prefix xxxx:xxxx::1/64 and AdvAutonomous on
> >> >>>>>> but the
> >> >>>>>> result is still the same. And yes, radvd was restarted after
> >> >>>>>> mip6d was
> >> >>>>>> started.
> >> >>>>>>
> >> >>>>>> I assume that the BU's reach the HA but doesn't reach mip6d
> >> >>>>>> running on
> >> >>>>>> it since the icmp code says "unreachable port". Correct?
> >> >>>>>> What can cause it?
> >> >>>>>>
> >> >>>>>> I've also tried with a recompiled debian 5.0 kernel and mip6d
> from
> >> >>>>>> natisbad.org with the same result.
> >> >>>>>>
> >> >>>>>> BR,
> >> >>>>>> Mattias
> >> >>>>>> _______________________________________________
> >> >>>>>> Support mailing list
> >> >>>>>> Support at ml.nautilus6.org
> >> >>>>>> http://ml.nautilus6.org/mailman/listinfo/support
> >> >>>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> Support mailing list
> >> >>>>> Support at ml.nautilus6.org
> >> >>>>> http://ml.nautilus6.org/mailman/listinfo/support
> >> >>>>>
> >> >>>> _______________________________________________
> >> >>>> Support mailing list
> >> >>>> Support at ml.nautilus6.org
> >> >>>> http://ml.nautilus6.org/mailman/listinfo/support
> >> >>>>
> >> >>>
> >> >>> _______________________________________________
> >> >>> Support mailing list
> >> >>> Support at ml.nautilus6.org
> >> >>> http://ml.nautilus6.org/mailman/listinfo/support
> >> >>>
> >> >> _______________________________________________
> >> >> Support mailing list
> >> >> Support at ml.nautilus6.org
> >> >> http://ml.nautilus6.org/mailman/listinfo/support
> >> >>
> >> >
> >> > _______________________________________________
> >> > Support mailing list
> >> > Support at ml.nautilus6.org
> >> > http://ml.nautilus6.org/mailman/listinfo/support
> >> >
> >> _______________________________________________
> >> Support mailing list
> >> Support at ml.nautilus6.org
> >> http://ml.nautilus6.org/mailman/listinfo/support
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090325/ed93eaa0/attachment-0001.htm
More information about the Support
mailing list