Proxy NDP, intermittent Address Unreach

Question

I've configured NDP proxying on my Digital Ocean droplet to allow containers to obtain public IPv6 addresses. It seems to work, but occasionally I'll get Destination Unreachable (Address Unreachable) errors. It seems that while this occurs the neighbor's table on the container host shows the router reachability as INCOMPLETE (show as x:x:x:x::1). Then, randomly, it'll start working again. Why is this happening, and is there anything I can do to fix it?

Host configuration:

# ip -6 address show
<...>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 x:x:x:x::x:5000/64 scope global 
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
<...>
# ip -6 route show | grep -v fe80::/64
x:x:x:x::x:5000/124 dev br0 metric 128  pref medium
x:x:x:x::/64 dev eth0 proto kernel metric 256  pref medium
default via x:x:x:x::1 dev eth0 metric 1024  pref medium
# ip -6 neigh show proxy
x:x:x:x::x:5000 dev br0  proxy
x:x:x:x::x:5001 dev eth0  proxy
# sysctl net.ipv6.conf.{all,br0,eth0}.{forwarding,proxy_ndp}
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.br0.forwarding = 1
net.ipv6.conf.br0.proxy_ndp = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth0.proxy_ndp = 1

Guest configuration:

# ip -6 address show
<...>
2: host0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 x:x:x:x::x:5001/124 scope global
<...>
# ip -6 route show | grep -v fe80::/64
x:x:x:x::x:5000/124 dev host0  proto kernel  metric 256 
default via x:x:x:x::x:5000 dev host0  metric 1024

I also had reliability issues with Linux's built in NDP proxying, and so I installed [`ndppd`](https://aur.archlinux.org/packages/ndppd/), which works well. — Michael Hampton, Apr 26 '18 at 03:52

Proxy NDP, intermittent Address Unreach

0 Answers0