[support] MCoA policy routing issues
Romain KUNTZ
kuntz at unistra.fr
Tue Oct 6 23:30:27 JST 2009
Hi Jozsef,
I've never played with MCoA with a PPP interface, but here are a few
pointers to help you find a solution for your problem:
- Check if the IPv6 routing policy database (RPDB) is correct (with
"ip -6 rule"). It should display a rule for the BID 100. I highly
suspect that such rule is not present when you experience your
problem. For more information on how MCoA works (combinaiton of
netfilter and the RPDB), I invite you to read the following paper:
http://www.rkuntz.org/pub/papers/20061128-AINTEC-NEMO-MCoA-KuntzR-LorchatJ.pdf
- The following debug message makes me wonder what is the
configuration of your RA daemon on your native 3G IPv6 access:
> Fri Oct 2 16:50:07 md_check_default_router: looking for existing
> routers on iface ppp0 (12)
> Fri Oct 2 16:50:07 md_update_router: updating router
> fe80:0:0:0:1234:1234:1000:11 on iface ppp0 (12)
> Fri Oct 2 16:50:07 md_free_router_prefix: freeing prefix 2001:XXX:
> 2001:20a9:0:0:0:0/64
> Fri Oct 2 16:50:07 __md_free_router: freeing router
> fe80:0:0:0:1234:1234:1000:11
Could you check the configuration on the access router side, or send a
dump of the received RA (with radvdump for example).
Cheers,
romain
On 2009/10/02, at 17:22, Jozsef Kovacs wrote:
> Dear all,
>
> I'm using the latest NEMO/MCoA implementation on the latest .31
> kernel.
> Userland has the following extra patches:
> http://www.nautilus6.org/doc/nepl-howto/patch/feat_wait_for_lladdr.patch
> http://www.nautilus6.org/doc/nepl-howto/patch/feat_is_dad_necessary.patch
>
> I have 3 egress interfaces: 1 PPP (Native IPv6 on 3G), 2 WLAN
> I want every flow from a MNN to use only one of the tunnels, MCoA is
> used only for fast handovers.
> We use a policy exchange software to set similar rules on the MR and
> the HA:
>
> MR: ip6tables -t mangle -A PREROUTING -s 2001:XXX:2001:2089::/64 -j
> MARK
> --set-mark 100
> HA: ip6tables -t mangle -A PREROUTING -d 2001:XXX:2001:2089::/64 -j
> MARK
> --set-mark 100
>
> The interfaces are preconfigured (wifi is already connected, ppp is
> already running) when mip6d starts up, so the only job for mip6d is to
> establish 3 tunnels and route the flow according to the BID markings.
> Routing works flawlessly according to the ip6tnl interfaces. If I
> set a
> new firewall rule on both sides, the traffic goes instantly into the
> right tunnel.
> But sometimes one direction of the tunnel uses another physical
> interface.
> In our scenario:
> BID 100 should only use the PPP interface, the tunnel established over
> ppp0 is ip6tnl1. If I tcpdump ip6tnl1 it shows that the echo/reply
> packets are on ip6tnl1.
> But when I tcpdump the physical interfaces it shows that only one
> direction is actually using the ppp interface, the other direction
> is on
> a wifi interface. tcpdump on wifi accesspoints indeed confirm that it
> uses the wrong interface.
>
> Since only the MR -> HA direction is wrong I'm assuming that it's the
> kernel on the MR. So I tried almost every major kernel release from
> 2.6.23 to 2.6.31. Right now on the latest stable kernel it's still
> doesn't work. I can't always reproduce the problem, sometimes it works
> flawlessly, sometimes it doesn't.
> Our test software sets the following handovers: 100(3g) ->
> 110(wlan1) ->
> 120(wlan2) -> 110(wlan1) -> 100(3g). Problem occurs after the last
> handover.
>
> My first guess is that the kernel somehow doesn't find the ppp0
> interface ready for IP6-IP6 communication, so it uses another
> interface.
>
> mip6d.log has several entries like this for ppp0 _per second_:
> Fri Oct 2 16:50:07 __md_new_link: new link on iface ppp0 (12)
> Fri Oct 2 16:50:07 __md_trigger_movement_event: strategy 0 type 8
> iface
> ppp0 (12) CoA 0:0:0:0:0:0:0:0
> Fri Oct 2 16:50:07 process_new_addr: new address
> 2001:XXX:2001:20a9:1234:1234:1000:11 on iface 12
> Fri Oct 2 16:50:07 md_create_coa: creating CoA
> 2001:XXX:2001:20a9:1234:1234:1000:11 on iface ppp0 (12)
> Fri Oct 2 16:50:07 update_coa: updating CoA
> 2001:XXX:2001:20a9:1234:1234:1000:11 on iface ppp0 (12)
> Fri Oct 2 16:50:07 __md_trigger_movement_event: strategy 0 type 12
> iface ppp0 (12) CoA 2001:XXX:2001:20a9:1234:1234:1000:11
> Fri Oct 2 16:50:07 md_recv_ra: received RA from
> fe80:0:0:0:1234:1234:1000:11 on iface 12
> Fri Oct 2 16:50:07 md_create_router_prefix: creating new prefix
> 2001:XXX:2001:20a9:0:0:0:0/64
> Fri Oct 2 16:50:07 md_create_router: creating new router
> fe80:0:0:0:1234:1234:1000:11 on interface ppp0 (12)
> Fri Oct 2 16:50:07 md_check_default_router: looking for existing
> routers on iface ppp0 (12)
> Fri Oct 2 16:50:07 md_update_router: updating router
> fe80:0:0:0:1234:1234:1000:11 on iface ppp0 (12)
> Fri Oct 2 16:50:07 md_free_router_prefix: freeing prefix
> 2001:XXX:2001:20a9:0:0:0:0/64
> Fri Oct 2 16:50:07 __md_free_router: freeing router
> fe80:0:0:0:1234:1234:1000:11
> Fri Oct 2 16:50:07 md_update_router_stats: adding default route via
> fe80:0:0:0:1234:1234:1000:11
> Fri Oct 2 16:50:07 md_update_router_stats: add coa
> 2001:XXX:2001:20a9:1234:1234:1000:11 on interface (12)
>
>
>
>
>
> *mip6d.conf*
>
> NodeConfig MN;
> DebugLevel 10;
> DoRouteOptimizationCN disabled;
> DoRouteOptimizationMN disabled;
> SendMobPfxSols disabled;
> UseCnBuAck disabled;
>
> MobRtrUseExplicitMode enabled;
> OptimisticHandoff disabled;
>
> MnMaxHaBindingLife 180;
>
> Interface "wlan3" {
> Bid 110;
> BidPriority 2;
> Reliable true;
> }
>
> Interface "ppp0" {
> Bid 100;
> BidPriority 3;
> Reliable true;
> }
>
> Interface "ath2" {
> Bid 120;
> BidPriority 1;
> Reliable true;
> }
>
> MnMaxHaBindingLife 180;
>
> MnHomeLink "lo" {
> IsMobRtr enabled;
> HomeAgentAddress 2001:XXX:2001:2088::1000;
> HomeAddress 2001:XXX:2001:2088::1/64 (2001:XXX:
> 2001:2089::/64);
> RegMultipleCoA enabled;
> IfMultipleCoA "ppp0", "ath2", "wlan3";
> }
>
>
> UseMnHaIPsec disabled;
> KeyMngMobCapability disabled;
>
> * policy on MR *
> # ip6tables -t mangle -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> MARK all 2001:XXX:2001:2089::/64 anywhere MARK
> xset 0x64/0xffffffff
>
> * policy on HA *
> # ip6tables -L -t mangle
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> MARK 0 anywhere 2001:XXX:2001:2089::/64MARK
> set
> 0x64
>
> * tunnels on MR *
> 2284: ip6tnl3 at wlan3: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1460
> inet6 2001:XXX:2001:2088::1/128 scope global home nodad
> valid_lft forever preferred_lft forever
> inet6 fe80::20b:5dff:fe71:80c1/64 scope link
> valid_lft forever preferred_lft forever
> 2285: ip6tnl1 at ppp0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1460
> inet6 2001:XXX:2001:2088::1/128 scope global home nodad
> valid_lft forever preferred_lft forever
> inet6 fe80::20b:5dff:fe71:80c1/64 scope link
> valid_lft forever preferred_lft forever
> 2286: ip6tnl2 at ath2: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1460
> inet6 2001:XXX:2001:2088::1/128 scope global home nodad
> valid_lft forever preferred_lft forever
> inet6 fe80::20b:5dff:fe71:80c1/64 scope link
> valid_lft forever preferred_lft forever
>
>
> * TCPDUMP IP6TNL1 *
>
> # tcpdump -ni ip6tnl1
> tcpdump: WARNING: ip6tnl1: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on ip6tnl1, link-type LINUX_SLL (Linux cooked), capture size
> 96 bytes
> 15:25:54.514506 IP6 2001:XXX:2001:2080::1 > 2001:XXX:2001:2089::2:
> ICMP6, echo reply, seq 53494, length 64
> 15:25:55.331797 IP6 2001:XXX:2001:2089::2 > 2001:XXX:2001:2080::1:
> ICMP6, echo request, seq 53495, length 64
> 15:25:55.482495 IP6 2001:XXX:2001:2080::1 > 2001:XXX:2001:2089::2:
> ICMP6, echo reply, seq 53495, length 64
> 15:25:56.331822 IP6 2001:XXX:2001:2089::2 > 2001:XXX:2001:2080::1:
> ICMP6, echo request, seq 53496, length 64
> 15:25:56.802469 IP6 2001:XXX:2001:2080::1 > 2001:XXX:2001:2089::2:
> ICMP6, echo reply, seq 53496, length 64
>
>
> * TCPDUMP on ppp0 *
> 15:47:06.642431 IP6 2001:XXX:2001:2088::1000 >
> 2001:XXX:2001:20a9:1234:1234:1000:11: IP6 2001:XXX:2001:2080::1 >
> 2001:XXX:2001:2089::2: ICMP6, echo reply, seq 54764, length 64
>
>
> _______________________________________________
> Support mailing list
> Support at ml.nautilus6.org
> http://ml.nautilus6.org/mailman/listinfo/support
>
More information about the Support
mailing list