[support] MCoA policy routing issues

Jozsef Kovacs jozsef.kovacs at elstor.com
Sat Oct 3 00:22:49 JST 2009 

Dear all,

I'm using the latest NEMO/MCoA implementation on the latest .31 kernel.
Userland has the following extra patches:
http://www.nautilus6.org/doc/nepl-howto/patch/feat_wait_for_lladdr.patch
http://www.nautilus6.org/doc/nepl-howto/patch/feat_is_dad_necessary.patch

I have 3 egress interfaces: 1 PPP (Native IPv6 on 3G), 2 WLAN
I want every flow from a MNN to use only one of the tunnels, MCoA is 
used only for fast handovers.
We use a policy exchange software to set similar rules on the MR and the HA:

MR: ip6tables -t mangle -A PREROUTING -s 2001:XXX:2001:2089::/64 -j MARK 
--set-mark 100
HA: ip6tables -t mangle -A PREROUTING -d 2001:XXX:2001:2089::/64 -j MARK 
--set-mark 100

The interfaces are preconfigured (wifi is already connected, ppp is 
already running) when mip6d starts up, so the only job for mip6d is to 
establish 3 tunnels and route the flow according to the BID markings. 
Routing works flawlessly according to the ip6tnl interfaces. If I set a 
new firewall rule on both sides, the traffic goes instantly into the 
right tunnel.
But sometimes one direction of the tunnel uses another physical interface.
In our scenario:
BID 100 should only use the PPP interface, the tunnel established over 
ppp0 is ip6tnl1. If I tcpdump ip6tnl1 it shows that the echo/reply 
packets are on ip6tnl1.
But when I tcpdump the physical interfaces it shows that only one 
direction is actually using the ppp interface, the other direction is on 
a wifi interface. tcpdump on wifi accesspoints indeed confirm that it 
uses the wrong interface.

Since only the MR -> HA direction is wrong I'm assuming that it's the 
kernel on the MR. So I tried almost every major kernel release from 
2.6.23 to 2.6.31. Right now on the latest stable kernel it's still 
doesn't work. I can't always reproduce the problem, sometimes it works 
flawlessly, sometimes it doesn't.
Our test software sets the following handovers: 100(3g) -> 110(wlan1) -> 
120(wlan2) -> 110(wlan1) -> 100(3g). Problem occurs after the last handover.

My first guess is that the kernel somehow doesn't find the ppp0 
interface ready for IP6-IP6 communication, so it uses another interface.

mip6d.log has several entries like this for ppp0 _per second_:
Fri Oct  2 16:50:07 __md_new_link: new link on iface ppp0 (12)
Fri Oct  2 16:50:07 __md_trigger_movement_event: strategy 0 type 8 iface 
ppp0 (12) CoA 0:0:0:0:0:0:0:0
Fri Oct  2 16:50:07 process_new_addr: new address 
2001:XXX:2001:20a9:1234:1234:1000:11 on iface 12
Fri Oct  2 16:50:07 md_create_coa: creating CoA 
2001:XXX:2001:20a9:1234:1234:1000:11 on iface ppp0 (12)
Fri Oct  2 16:50:07 update_coa: updating CoA 
2001:XXX:2001:20a9:1234:1234:1000:11 on iface ppp0 (12)
Fri Oct  2 16:50:07 __md_trigger_movement_event: strategy 0 type 12 
iface ppp0 (12) CoA 2001:XXX:2001:20a9:1234:1234:1000:11
Fri Oct  2 16:50:07 md_recv_ra: received RA from 
fe80:0:0:0:1234:1234:1000:11 on iface 12
Fri Oct  2 16:50:07 md_create_router_prefix: creating new prefix 
2001:XXX:2001:20a9:0:0:0:0/64
Fri Oct  2 16:50:07 md_create_router: creating new router 
fe80:0:0:0:1234:1234:1000:11 on interface ppp0 (12)
Fri Oct  2 16:50:07 md_check_default_router: looking for existing 
routers on iface ppp0 (12)
Fri Oct  2 16:50:07 md_update_router: updating router 
fe80:0:0:0:1234:1234:1000:11 on iface ppp0 (12)
Fri Oct  2 16:50:07 md_free_router_prefix: freeing prefix 
2001:XXX:2001:20a9:0:0:0:0/64
Fri Oct  2 16:50:07 __md_free_router: freeing router 
fe80:0:0:0:1234:1234:1000:11
Fri Oct  2 16:50:07 md_update_router_stats: adding default route via 
fe80:0:0:0:1234:1234:1000:11
Fri Oct  2 16:50:07 md_update_router_stats: add coa 
2001:XXX:2001:20a9:1234:1234:1000:11 on interface (12)





*mip6d.conf*

NodeConfig MN;
DebugLevel 10;
DoRouteOptimizationCN disabled;
DoRouteOptimizationMN disabled;
SendMobPfxSols disabled;
UseCnBuAck disabled;

MobRtrUseExplicitMode enabled;
OptimisticHandoff disabled;

MnMaxHaBindingLife 180;

Interface "wlan3" {
Bid 110;
BidPriority 2;
Reliable true;
}

Interface "ppp0" {
Bid 100;
BidPriority 3;
Reliable true;
}

Interface "ath2" {
Bid 120;
BidPriority 1;
Reliable true;
}

MnMaxHaBindingLife 180;

MnHomeLink "lo" {
        IsMobRtr enabled;
        HomeAgentAddress 2001:XXX:2001:2088::1000;
        HomeAddress      2001:XXX:2001:2088::1/64 (2001:XXX:2001:2089::/64);
        RegMultipleCoA enabled;
        IfMultipleCoA  "ppp0", "ath2", "wlan3";
}


UseMnHaIPsec disabled;
KeyMngMobCapability disabled;

* policy on MR *
# ip6tables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
MARK       all      2001:XXX:2001:2089::/64  anywhere            MARK 
xset 0x64/0xffffffff

* policy on HA *
# ip6tables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
MARK       0        anywhere             2001:XXX:2001:2089::/64MARK set 
0x64

* tunnels on MR *
2284: ip6tnl3 at wlan3: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1460
    inet6 2001:XXX:2001:2088::1/128 scope global home nodad
       valid_lft forever preferred_lft forever
    inet6 fe80::20b:5dff:fe71:80c1/64 scope link
       valid_lft forever preferred_lft forever
2285: ip6tnl1 at ppp0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1460
    inet6 2001:XXX:2001:2088::1/128 scope global home nodad
       valid_lft forever preferred_lft forever
    inet6 fe80::20b:5dff:fe71:80c1/64 scope link
       valid_lft forever preferred_lft forever
2286: ip6tnl2 at ath2: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1460
    inet6 2001:XXX:2001:2088::1/128 scope global home nodad
       valid_lft forever preferred_lft forever
    inet6 fe80::20b:5dff:fe71:80c1/64 scope link
       valid_lft forever preferred_lft forever


* TCPDUMP IP6TNL1 *

# tcpdump -ni ip6tnl1
tcpdump: WARNING: ip6tnl1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ip6tnl1, link-type LINUX_SLL (Linux cooked), capture size 
96 bytes
15:25:54.514506 IP6 2001:XXX:2001:2080::1 > 2001:XXX:2001:2089::2: 
ICMP6, echo reply, seq 53494, length 64
15:25:55.331797 IP6 2001:XXX:2001:2089::2 > 2001:XXX:2001:2080::1: 
ICMP6, echo request, seq 53495, length 64
15:25:55.482495 IP6 2001:XXX:2001:2080::1 > 2001:XXX:2001:2089::2: 
ICMP6, echo reply, seq 53495, length 64
15:25:56.331822 IP6 2001:XXX:2001:2089::2 > 2001:XXX:2001:2080::1: 
ICMP6, echo request, seq 53496, length 64
15:25:56.802469 IP6 2001:XXX:2001:2080::1 > 2001:XXX:2001:2089::2: 
ICMP6, echo reply, seq 53496, length 64


* TCPDUMP on ppp0 *
15:47:06.642431 IP6 2001:XXX:2001:2088::1000 > 
2001:XXX:2001:20a9:1234:1234:1000:11: IP6 2001:XXX:2001:2080::1 > 
2001:XXX:2001:2089::2: ICMP6, echo reply, seq 54764, length 64

More information about the Support mailing list