Solved: IPv6 clients can't ping each other even they are in the same LAN

titicaca · ‎02-14-2024

Greetings,

I have a PVE hypervisor, and I created one VM as the DHCP server, and I have two other clients as DHCP clients. Both clients are getting their IPv6 leases successfully. One has the IP 2001:db8:1::1 and the other has IP 2001:db8:1::2. But I can't ping the clients from each other.

I did a packets capture, and I see the neighbor discovery between the server and client. And from one client, I can see the Renewal message from another client and I can see Multicast Listener Report Message v2 from another client, but there's no solicit message from the other client.

I don't have any v-routers in this network segment, but since one client can see the message from the other client. Why there's no neighbor discovery information exchange between them? Can IPv6 experts help answer? Thank you!

Harold Ritter · ‎02-14-2024

Hi @titicaca ,

This scenario of running DHCPv6 clients and server on an isolated subnet (meaning without a local router) is not supported.

Most workstations will not even request an address via DHCPv6 before they first get a router advertisement (RA) with the managed bit set.

If you had a router sending a RA on the local subnet for the /64 that the 2 hosts belong to, this prefix would be installed in the workstations routing table and they would be able to communicate with one another.

This is a more common scenario.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

titicaca · ‎03-04-2024

Hi @Harold Ritter ,

I finally found the problem. Previously, in Rocky Linux, I had chosen the option as Automatic, DHCP Only, and this option allow VM reach out to DHCP server to get the IPv6 address but broke the route. So I had to change it to Automatic option and also enable the vRouter, after both, now I am able to ping each other!

Thank you very much for all the time and energy on troubleshooting my issue! Much appreciate for all your kind help!

View solution in original post

titicaca · ‎02-14-2024

OK, so I looked at another article recently in this community:

https://community.cisco.com/t5/ipv6/ipv6-host-prefixes-set-to-128/td-p/3192039

And the author mentioned below:

"But if the IPv6 address is /128, when the PC tries to communicate whith another PC and build the Layer 2 header, wouldn't it put the MAC address of the router as the destination mac and thus forwarding the packet to the gateway instead of direct communication?"

Can someone help explain this further to me? Thanks again!

Harold Ritter · ‎02-14-2024

Hi @titicaca ,

This scenario of running DHCPv6 clients and server on an isolated subnet (meaning without a local router) is not supported.

Most workstations will not even request an address via DHCPv6 before they first get a router advertisement (RA) with the managed bit set.

If you had a router sending a RA on the local subnet for the /64 that the 2 hosts belong to, this prefix would be installed in the workstations routing table and they would be able to communicate with one another.

This is a more common scenario.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

titicaca · ‎02-14-2024

Hi Harold, Thank you for your kind reply! But why the client and server still can communicate between them, I still don't understand this.

Harold Ritter · ‎02-15-2024

Hi @titicaca ,

Do you mean that you can ping from server to client and vice versa? What are the OS for the client and server?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

titicaca · ‎02-15-2024

Hi Harold,

Both of them are Rocky 8 Linux. I mean as you can see from below, fe80::40f1:11ff:fe7a:de7 is the link local of the server, and fe80::c40b:ebff:fed1:7298 is the link local of the client. As we can see, there's neighbor discovery between them. But I don't see the same packets exchange between the clients even they are all in the same 'virtual' LAN network on the PVE:

from server to client:

30 205.087366 fe80::40f1:11ff:fe7a:de7 fe80::c40b:ebff:fed1:7298 ICMPv6 86 Neighbor Solicitation for fe80::c40b:ebff:fed1:7298 from 42:f1:11:7a:0d:e7
31 205.087406 fe80::c40b:ebff:fed1:7298 fe80::40f1:11ff:fe7a:de7 ICMPv6 78 Neighbor Advertisement fe80::c40b:ebff:fed1:7298 (sol)

from client to server:

20 110.350115 fe80::c40b:ebff:fed1:7298 fe80::40f1:11ff:fe7a:de7 ICMPv6 86 Neighbor Solicitation for fe80::40f1:11ff:fe7a:de7 from c6:0b:eb:d1:72:98
21 110.350416 fe80::40f1:11ff:fe7a:de7 fe80::c40b:ebff:fed1:7298 ICMPv6 78 Neighbor Advertisement fe80::40f1:11ff:fe7a:de7 (sol)

Only packets from the other client with the link-local address offe80::7cbe:6ff:fe66:e263:

34 246.763300 fe80::7cbe:6ff:fe66:e263 ff02::1:2 DHCPv6 168 Renew XID: 0x735886 IAA: 2001:db8:1:1::2 CID: 0004bfaa9f8451610b2044a66aec1b998bb3
35 246.766305 fe80::7cbe:6ff:fe66:e263 ff02::16 ICMPv6 130 Multicast Listener Report Message v2
36 247.715434 fe80::7cbe:6ff:fe66:e263 ff02::16 ICMPv6 130 Multicast Listener Report Message v2

Harold Ritter · ‎02-15-2024

Hi @titicaca ,

It looks like the client (fe80::c40b:ebff:fed1:7298) has some kind of route installed. Can you please provide the output for "ip add" and "ip -6 route" from that client.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

titicaca · ‎02-15-2024

Sure, here it is, the fd74..../128 ipv6 address was assigned by the dhcp server:

Harold Ritter · ‎02-15-2024

Hi @titicaca ,

This output shows exactly what I was referring to at first. There is a /128 learnt from DHCP, but nothing else. You will not be able to ping from the server to the client or from client to client.

The only connectivity you will have in this scenario will be with link local addresses (LLA). The NS/NA traffic you are seeing might be only related to LLA.

You should really implement a router to fix the issue and make it a supported scenario.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

titicaca · ‎02-15-2024

Thank you for all the explanation, Harold! I just get this lab to be more familiar with the dhcp side

Harold Ritter · ‎02-15-2024

You are very welcome @titicaca . Please let us know if you any additional questions and have fun with the lab

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

titicaca · ‎02-15-2024

Will do, Thanks again!

titicaca · ‎02-23-2024

Hi @Harold Ritter

I am not sure if Csr1000v is free or not, thus I used another vendor vrouter, it is installed in a VM under the same hypervisor and it also got an IPv6 address from the DHCP server. I configured as below but still no default routes in the clients. And since they are all the in the broadcast domain, I don't know how the router should work in such case, the one close I can think of is like router-in-a-stick. But that's my guess. Can you give me some more advices? Thanks again!

https://forum.vyos.io/t/how-to-config-vyos-to-send-ra-with-m-bit/13789

Also,

Harold Ritter · ‎02-23-2024

Hi @titicaca ,

I am not a VYOS expert, but I doubt the router will send a router advertisement if it acquires its ipv6 address from dhcpv6. Try configuring a /64 prefix statically on the router interface instead of acquiring the address via dhcpv6. This should cause the router to start sending the router advertisement.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

titicaca · ‎02-23-2024

Hi Harold,

Thank you for your prompt response! I did the packets capture from a VM, and I do see the router advertisement, and seems M-bit has been set, but still no changes in its routing table: