Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

IPV6 macos intermittent packet loss

Post Reply
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

IPV6 macos intermittent packet loss

Thu Jun 13, 2024 7:32 pm

Fasten your seatbelts it's a wierd problem.

Situation
* vdsl pppoe using isp modem
* rb5009 initiating its own pppoe sesssion "behind" isp modem
* ipv6 to ' segments behing the RB-5009 dhcp-pd and ra


On my macbook pro
Test-ipv6.com --> 10/10

At first i discoverd a massive slow down when using the gcloud command to access Google Cloud artifact repository.

After further research
* on a linux vm also behind rb-5009 with ipv4 only --> no issue
* linux vm added ipv6 address using RA -> no issue
* macbook pro connected on the vdsl modem via wifi ipv6 --> no issue
* macboo pro connected via wired ethernet on rb-5009 see lower

running this small script
You'll see in output that
* ipv4 is ok
* ipv6 is "sometimes" ok (either all 5 packets are lost, or all 5 packets are OK)
* eg when using gcloud, command sometimes hangs, sometimes is fast
Code: Select all
while true
do
 echo  "------------$(date)-----------"
 ping6 -c 5 lesoir.be
 ping -c 5 lesoir.be
 sleep 7
done
sample output
Code: Select all
------------Jeu 13 jui 2024 18:08:47 CEST-----------
PING6(56=40+8+8 bytes) 2a02:a03f:ae85:5801:f99c:a552:e96c:d65c --> 2a02:a000:1:213::51f3:1b9
16 bytes from 2a02:a000:1:213::51f3:1b9, icmp_seq=0 hlim=59 time=15.896 ms
16 bytes from 2a02:a000:1:213::51f3:1b9, icmp_seq=1 hlim=59 time=47.269 ms
16 bytes from 2a02:a000:1:213::51f3:1b9, icmp_seq=2 hlim=59 time=18.061 ms
16 bytes from 2a02:a000:1:213::51f3:1b9, icmp_seq=3 hlim=59 time=68.550 ms
16 bytes from 2a02:a000:1:213::51f3:1b9, icmp_seq=4 hlim=59 time=114.608 ms

--- lesoir.be ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 15.896/52.877/114.608/36.517 ms
PING lesoir.be (81.242.3.139): 56 data bytes
64 bytes from 81.242.3.139: icmp_seq=0 ttl=59 time=15.926 ms
64 bytes from 81.242.3.139: icmp_seq=1 ttl=59 time=18.839 ms
64 bytes from 81.242.3.139: icmp_seq=2 ttl=59 time=19.548 ms
64 bytes from 81.242.3.139: icmp_seq=3 ttl=59 time=18.237 ms
64 bytes from 81.242.3.139: icmp_seq=4 ttl=59 time=19.110 ms

--- lesoir.be ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 15.926/18.332/19.548/1.276 ms
------------Jeu 13 jui 2024 18:09:03 CEST-----------
PING6(56=40+8+8 bytes) 2a02:a03f:ae85:5801:f99c:a552:e96c:d65c --> 2a02:a000:1:213::51f3:1b9

--- lesoir.be ping6 statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
PING lesoir.be (81.242.3.139): 56 data bytes
64 bytes from 81.242.3.139: icmp_seq=0 ttl=59 time=18.849 ms
64 bytes from 81.242.3.139: icmp_seq=1 ttl=59 time=18.810 ms
64 bytes from 81.242.3.139: icmp_seq=2 ttl=59 time=16.745 ms
64 bytes from 81.242.3.139: icmp_seq=3 ttl=59 time=15.789 ms
64 bytes from 81.242.3.139: icmp_seq=4 ttl=59 time=18.711 ms

--- lesoir.be ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 15.789/17.781/18.849/1.273 ms
^[[A------------Jeu 13 jui 2024 18:09:29 CEST-----------
PING6(56=40+8+8 bytes) 2a02:a03f:ae85:5801:f99c:a552:e96c:d65c --> 2a02:a000:1:213::51f3:190
16 bytes from 2a02:a000:1:213::51f3:190, icmp_seq=0 hlim=59 time=17.141 ms
16 bytes from 2a02:a000:1:213::51f3:190, icmp_seq=1 hlim=59 time=20.008 ms
16 bytes from 2a02:a000:1:213::51f3:190, icmp_seq=2 hlim=59 time=14.002 ms
16 bytes from 2a02:a000:1:213::51f3:190, icmp_seq=3 hlim=59 time=18.296 ms
16 bytes from 2a02:a000:1:213::51f3:190, icmp_seq=4 hlim=59 time=17.899 ms

--- lesoir.be ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 14.002/17.469/20.008/1.972 ms
PING lesoir.be (81.242.3.194): 56 data bytes
64 bytes from 81.242.3.194: icmp_seq=0 ttl=59 time=14.971 ms
64 bytes from 81.242.3.194: icmp_seq=1 ttl=59 time=15.181 ms
64 bytes from 81.242.3.194: icmp_seq=2 ttl=59 time=15.066 ms
64 bytes from 81.242.3.194: icmp_seq=3 ttl=59 time=14.477 ms
^[64 bytes from 81.242.3.194: icmp_seq=4 ttl=59 time=17.173 ms

--- lesoir.be ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 14.477/15.374/17.173/0.931 ms

here is my config
Code: Select all

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 7.13 (c) 1999-2023       https://www.mikrotik.com/

Press F1 for help

[admin@rb-00] > /export
# 2024-06-13 18:31:38 by RouterOS 7.13
# software id = QAZ7-JG2P
#
# model = RB5009UG+S+
# serial number = EC190F362DB6
/disk
set usb1 type=hardware
add parent=usb1 partition-number=1 partition-offset=512 partition-size="63 283 658 240" type=partition
/interface bridge
add admin-mac=DC:2C:6E:2D:46:94 auto-mac=no comment=defconf name=bridge port-cost-mode=short vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no
/interface wireguard
add listen-port=51003 mtu=1420 name=oob-bcn
add listen-port=51002 mtu=1420 name=oracle
add listen-port=51001 mtu=1420 name=vpn
/interface vlan
add interface=bridge name=DMZ vlan-id=1902
add interface=bridge name=EXT vlan-id=2002
add interface=bridge name=GUEST vlan-id=1903
add interface=bridge name=INT vlan-id=2001
add interface=bridge name=IOT vlan-id=2003
add interface=bridge name=LAN vlan-id=2000
add interface=bridge name=MGT vlan-id=1
add interface=ether2 name=PROX vlan-id=20
add interface=bridge name=VDSL vlan-id=4000
/interface pppoe-client
add add-default-route=yes disabled=no interface=VDSL max-mtu=1480 name=PROXIMUS user=pv937239@PROXIMUS
/interface list
add comment=defconf name=WAN
add comment=defconf name=ALL-LAN
/iot lora servers
add address=eu.mikrotik.thethings.industries name=TTN-EU protocol=UDP
add address=us.mikrotik.thethings.industries name=TTN-US protocol=UDP
add address=eu1.cloud.thethings.industries name="TTS Cloud (eu1)" protocol=UDP
add address=nam1.cloud.thethings.industries name="TTS Cloud (nam1)" protocol=UDP
add address=au1.cloud.thethings.industries name="TTS Cloud (au1)" protocol=UDP
add address=eu1.cloud.thethings.network name="TTN V3 (eu1)" protocol=UDP
add address=nam1.cloud.thethings.network name="TTN V3 (nam1)" protocol=UDP
add address=au1.cloud.thethings.network name="TTN V3 (au1)" protocol=UDP
/ip pool
add name=DHCP_POOL_LAN ranges=172.20.100.2-172.20.109.254
add name=DHCP_POOL_INT ranges=172.21.100.2-172.21.109.254
add name=DHCP_POOL_EXT ranges=172.22.100.2-172.22.109.254
add name=DHCP_POOL_IOT ranges=172.23.100.2-172.23.109.254
add name=DHCP_POOL_DMZ ranges=172.19.2.100-172.19.2.149
add name=DHCP_POOL_GUEST ranges=172.19.3.100-172.19.3.149
add name=DHCP_POOL_MGT ranges=172.19.1.160-172.19.1.190
/ip dhcp-server
add address-pool=DHCP_POOL_LAN interface=LAN lease-time=10m name=DHCP_LAN
add address-pool=DHCP_POOL_MGT interface=MGT lease-time=10m name=DHCP_MGT
add address-pool=DHCP_POOL_INT interface=INT lease-time=10m name=DHCP_INT
add address-pool=DHCP_POOL_EXT interface=EXT lease-time=10m name=DHCP_EXT
add address-pool=DHCP_POOL_IOT interface=IOT lease-time=10m name=DHCP_IOT
add address-pool=DHCP_POOL_GUEST interface=GUEST lease-time=10m name=DHCP_GUEST
add address-pool=DHCP_POOL_DMZ interface=DMZ lease-time=10m name=DHCP_DMZ
/port
set 0 baud-rate=115200
/queue type
add cake-diffserv=besteffort cake-nat=yes kind=cake name=cake-default
add cake-ack-filter=filter cake-bandwidth=29.0Mbps cake-diffserv=besteffort cake-nat=yes kind=cake name=cake-up
add cake-bandwidth=84.0Mbps cake-diffserv=besteffort cake-nat=yes cake-wash=yes kind=cake name=cake-down
/queue simple
# CAKE type with bandwidth setting detected, configure traffic limits within queue itself
add bucket-size=0.001/0.001 name=cake queue=cake-down/cake-up target=PROXIMUS total-queue=cake-default
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" disabled=yes disabled=yes name=zt1 port=9993
/container config
set registry-url=https://registry-1.docker.io tmpdir=/storage/docker/tmpdir
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=no interface=ether3 \
    internal-path-cost=10 path-cost=10 pvid=2000
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=no interface=ether5 \
    internal-path-cost=10 path-cost=10 pvid=4000
add bridge=bridge comment=defconf ingress-filtering=no interface=ether6 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether7 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether8 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether1 internal-path-cost=10 \
    path-cost=10 pvid=2000
/ip firewall connection tracking
set udp-timeout=20s
/ip neighbor discovery-settings
set discover-interface-list=ALL-LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set accept-router-advertisements=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge comment=MGT tagged=bridge untagged=sfp-sfpplus1,ether4,ether6,ether7,ether8 vlan-ids=1
add bridge=bridge comment=LAN tagged=bridge,sfp-sfpplus1,ether4,ether6,ether7,ether8 untagged=ether1,ether3 vlan-ids=2000
add bridge=bridge comment=INT tagged=bridge,sfp-sfpplus1,ether4,ether6,ether7,ether8 vlan-ids=2001
add bridge=bridge comment=EXT tagged=bridge,sfp-sfpplus1,ether4,ether6,ether7,ether8 vlan-ids=2002
add bridge=bridge comment=IOT tagged=bridge,sfp-sfpplus1,ether4,ether6,ether7,ether8 vlan-ids=2003
add bridge=bridge comment=DMZ tagged=bridge,sfp-sfpplus1,ether6,ether7,ether8 vlan-ids=1902
add bridge=bridge comment=GUEST tagged=bridge,sfp-sfpplus1,ether4,ether6,ether7,ether8 vlan-ids=1903
add bridge=bridge comment=IPTV tagged=ether8 vlan-ids=30
add bridge=bridge comment=VDSL tagged=bridge,sfp-sfpplus1,ether6,ether7,ether8 untagged=ether5 vlan-ids=4000
add bridge=bridge comment=CLUSTER tagged=sfp-sfpplus1,ether6,ether8 vlan-ids=1905
add bridge=bridge comment=STORAGE tagged=sfp-sfpplus1,ether6,ether8 vlan-ids=1906
/interface list member
add comment=defconf interface=bridge list=ALL-LAN
add comment=defconf interface=PROXIMUS list=WAN
add interface=MGT list=ALL-LAN
add interface=IOT list=ALL-LAN
add interface=INT list=ALL-LAN
add interface=EXT list=ALL-LAN
add interface=LAN list=ALL-LAN
add interface=*14 list=ALL-LAN
add interface=*15 list=ALL-LAN
add interface=vpn list=ALL-LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=172.19.4.2/32 comment=etienne interface=vpn public-key="fy0eU7d3JpmXaOJIVJ99GfilZoGO0OIGGl/GNKvxUBc="
add allowed-address=10.149.255.0/24,10.249.1.0/24 comment=rb-00 endpoint-address=141.145.197.232 endpoint-port=51820 interface=\
    oracle public-key="lDvDOpCKsVbBPmUvZ2fIrNNE3EjDbYqjo/BMObJOzyk="
add allowed-address=172.19.4.3/32 comment=mbp14-ec interface=vpn public-key="TgQHMAJ5gtvgc+h25YlAfaIlrgSZ/Wnx4dVYr6aBDmg="
add allowed-address=192.168.1.0/24 endpoint-address=hcp083zdcs7.sn.mynetname.net endpoint-port=52222 interface=oob-bcn \
    public-key="sjL2tz5JJMvobFBfXAbQ+mSJDeTjMX1hQdcpLz4laWM="
/ip address
add address=172.19.1.1/24 interface=MGT network=172.19.1.0
add address=172.20.0.1/16 interface=LAN network=172.20.0.0
add address=172.21.0.1/16 interface=INT network=172.21.0.0
add address=172.22.0.1/16 interface=EXT network=172.22.0.0
add address=172.23.0.1/16 interface=IOT network=172.23.0.0
add address=172.19.2.1/24 interface=DMZ network=172.19.2.0
add address=172.19.3.1/24 interface=GUEST network=172.19.3.0
add address=192.168.1.250/24 disabled=yes interface=VDSL network=192.168.1.0
add address=172.19.4.1/24 interface=vpn network=172.19.4.0
add address=10.149.255.3/24 interface=oracle network=10.149.255.0
add address=10.255.255.1/30 interface=oob-bcn network=10.255.255.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether2 use-peer-dns=no
/ip dhcp-server lease
add address=172.19.1.11 mac-address=B0:A7:B9:CB:EF:22
add address=172.19.1.12 mac-address=B0:A7:B9:CB:EE:32
add address=172.19.1.13 mac-address=AC:84:C6:12:97:E2
add address=172.20.1.10 mac-address=00:11:32:0E:9E:A9
add address=172.20.1.12 mac-address=00:11:32:5A:60:4D
add address=172.20.1.21 mac-address=02:11:32:20:01:7F
add address=172.20.1.11 mac-address=00:11:32:46:24:79
add address=172.20.2.12 mac-address=4C:20:B8:E5:DC:DD
add address=172.20.2.11 mac-address=BC:D0:74:30:16:02
add address=172.20.2.110 mac-address=00:E0:4C:68:02:1C
add address=172.19.1.21 mac-address=8A:8A:0C:67:8E:27
add address=172.20.2.13 mac-address=0E:5D:9D:12:00:46
add address=172.20.2.10 comment=mbp14-ec mac-address=C8:89:F3:DE:0B:9F
add address=172.19.1.191 comment=winet-s mac-address=AC:0B:FB:0C:B3:4F
add address=172.20.2.14 comment=pc-marc mac-address=74:56:3C:07:59:8B
add address=172.20.2.15 mac-address=14:7D:DA:8D:23:E7
add address=172.20.1.42 comment=voip-01 disabled=yes mac-address=7C:2F:80:B9:24:9D
add address=172.20.1.41 comment=atv-01 disabled=yes mac-address=1C:B3:C9:07:8B:AF
/ip dhcp-server network
add address=172.19.1.0/24 dns-server=172.19.1.3,172.19.1.4 domain=phi8.ovh gateway=172.19.1.1 ntp-server=172.19.1.1
add address=172.19.2.0/24 dns-server=172.19.1.3,172.19.1.4 domain=phi8.ovh gateway=172.19.2.1 ntp-server=172.19.2.1
add address=172.19.3.0/24 dns-server=172.19.1.3,172.19.1.4 domain=phi8.ovh gateway=172.19.3.1 ntp-server=172.19.3.1
add address=172.20.0.0/16 dns-server=172.19.1.3,172.19.1.4 domain=phi8.ovh gateway=172.20.0.1 ntp-server=172.20.0.1
add address=172.21.0.0/16 dns-server=172.19.1.3,172.19.1.4 domain=phi8.ovh gateway=172.21.0.1 ntp-server=172.21.0.1
add address=172.22.0.0/16 dns-server=172.19.1.3,172.19.1.4 domain=phi8.ovh gateway=172.22.0.1 ntp-server=172.22.0.1
add address=172.23.0.0/16 dns-server=172.19.1.3,172.19.1.4 domain=phi8.ovh gateway=172.23.0.1 ntp-server=172.23.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=172.19.1.1 name=rb-00.phi8.ovh
add address=172.19.1.10 name=omada.phi8.ovh
add address=172.19.1.11 name=eap-01.phi8.ovh
add address=172.19.1.12 name=eap-02.phi8.ovh
add address=172.19.1.13 name=eap-03.phi8.ovh
add address=172.19.1.14 name=eap-04.phi8.ovh
add address=172.19.1.31 name=sw-01.phi8.ovh
add address=172.19.1.32 name=sw-02.phi8.ovh
add address=172.19.1.33 name=sw-03.phi8.ovh
add address=172.19.1.34 name=sw-04.phi8.ovh
add address=172.19.1.100 name=srv-00.phi8.ovh
add address=172.19.1.101 name=srv-01.phi8.ovh
add address=172.19.1.102 name=srv-02.phi8.ovh
add address=172.19.1.104 name=rpi-01.phi8.ovh
add address=172.19.1.108 name=lorath-adm.phi8.ovh
add address=172.19.1.109 name=ups-01.phi8.ovh
add address=172.19.1.110 name=pachacamac.phi8.ovh
add address=172.20.1.11 name=nas-02.phi8.ovh
add address=172.20.1.14 name=nas-01.phi8.ovh
/ip firewall address-list
add address=ec190f362db6.sn.mynetname.net list=MyDDNS
/ip firewall filter
add action=accept chain=input comment="Allow Wireguard" dst-port=51001 protocol=udp
add action=accept chain=input dst-port=51002 protocol=udp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!ALL-LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=forward dst-address=172.16.0.0/12 src-address=172.23.0.0/16
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
add action=accept chain=input dst-port=51003 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN protocol=tcp to-addresses=172.19.1.2 to-ports=443
add action=masquerade chain=srcnat src-address=172.19.4.0/24 to-addresses=172.19.1.1
/ip route
add dst-address=10.249.1.0/24 gateway=10.149.255.1
add dst-address=192.168.1.0/24 gateway=oob-bcn
/ip service
set telnet disabled=yes
set ftp disabled=yes
/ipv6 address
add address=::1 from-pool=PROXIMUS interface=LAN
add address=::1 from-pool=PROXIMUS interface=INT
add address=::1 from-pool=PROXIMUS interface=EXT
add address=::1 from-pool=PROXIMUS interface=DMZ
add address=::1 from-pool=PROXIMUS interface=MGT
add address=::1 from-pool=PROXIMUS interface=GUEST
/ipv6 dhcp-client
add interface=PROXIMUS pool-name=PROXIMUS request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=\
    fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!ALL-LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!ALL-LAN
/ipv6 firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=PROXIMUS passthrough=yes protocol=tcp tcp-flags=syn
/ipv6 nd
set [ find default=yes ] advertise-dns=no mtu=1480
add advertise-dns=no interface=GUEST mtu=1480
add advertise-dns=no interface=DMZ mtu=1480
add advertise-dns=no interface=EXT mtu=1480
add advertise-dns=no interface=INT mtu=1480
add advertise-dns=no interface=LAN mtu=1480
add advertise-dns=no interface=MGT mtu=1480
/system clock
set time-zone-name=Europe/Brussels
/system identity
set name=rb-00
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes multicast=yes
/system ntp client servers
add address=ntp.belnet.be
add address=time.belnet.be
/system ups
add name=EATON port=*80000002
/tool graphing interface
add interface=PROXIMUS
/tool mac-server
set allowed-interface-list=ALL-LAN
/tool mac-server mac-winbox
set allowed-interface-list=ALL-LAN
Top
 
User avatar
patrikg
Member
Member
Posts: 368
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: IPV6 macos intermittent packet loss

Thu Jun 13, 2024 11:50 pm

When it comes to slow connections, you have to use commands like traceroute and use looking glasses thru diffrent isp's and to see if its the traffic someway take another ways. And using ppp you also need to think of the packet size, try to ping with diffrent sizes. So you can see if there being some splits of packets.
Top
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 631
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPV6 macos intermittent packet loss

Fri Jun 14, 2024 9:53 am

Sniff traffic off the PPPoE interface, your goal is to verify that the packets are dropped within your LAN.
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Fri Jun 14, 2024 10:00 am

Thanks for your answer !
What looses me is that same command sometimes fails and sometimes succeed

eg:
Code: Select all
ping6 -s 1000 facebook.com                                                                                    
PING6(1048=40+8+1000 bytes) 2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6 --> 2a03:2880:f121:83:face:b00c:0:25de
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=0 hlim=55 time=14.418 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=1 hlim=55 time=14.274 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=2 hlim=55 time=14.438 ms
A can leave to 2 min, no packet lost

then I hit ctrl+c
and re run the command right away
this time or it ping or it fails like that
Code: Select all
ping6 -s 1000 facebook.com                                                                                          ec@mbp14-ec
PING6(1048=40+8+1000 bytes) 2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6 --> 2a03:2880:f121:83:face:b00c:0:25de
^C
--- facebook.com ping6 statistics ---
575 packets transmitted, 0 packets received, 100.0% packet loss
/code]

http://icmpcheckv6.popcount.org/ tells me 
IP fragmented packet delivery
✗ The request timed out. Looks like IP fragments failed to be delivered to you.

But no idea on how to fix it
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Fri Jun 14, 2024 10:15 am

Sniff traffic off the PPPoE interface, your goal is to verify that the packets are dropped within your LAN.
This is good advice ! thanks
I sniffed the PPPOE interface
Code: Select all
 print
                     only-headers: no
                     memory-limit: 100KiB
                    memory-scroll: yes
                        file-name:
                       file-limit: 1000KiB
                streaming-enabled: no
                 streaming-server: 0.0.0.0:37008
                    filter-stream: no
                 filter-interface: PROXIMUS
               filter-mac-address:
           filter-src-mac-address:
           filter-dst-mac-address:
              filter-mac-protocol:
                filter-ip-address:
            filter-src-ip-address:
            filter-dst-ip-address:
              filter-ipv6-address: 2a03:2880:f121:83:face:b00c:0:25de/128
          filter-src-ipv6-address:
          filter-dst-ipv6-address:
               filter-ip-protocol: icmpv6
                      filter-port:
                  filter-src-port:
                  filter-dst-port:
                      filter-vlan:
                       filter-cpu:
                      filter-size:
                 filter-direction: any
  filter-operator-between-entries: or
                          running: no
When ping answers
Code: Select all
Columns: TIME, INTERFACE, SRC-ADDRESS, DST-ADDRESS, IP-PROTOCOL, SIZE, CPU
 #  TIME   INTERFACE  SRC-ADDRESS                              DST-ADDRESS                              IP-PROTOCOL  SIZE  CPU
 0  0.329  PROXIMUS   2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de       icmpv6       1048    3
 1  0.344  PROXIMUS   2a03:2880:f121:83:face:b00c:0:25de       2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  icmpv6       1048    3
 2  1.335  PROXIMUS   2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de       icmpv6       1048    3
 3  1.349  PROXIMUS   2a03:2880:f121:83:face:b00c:0:25de       2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  icmpv6       1048    3
 4  2.34   PROXIMUS   2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de       icmpv6       1048    3
 5  2.354  PROXIMUS   2a03:2880:f121:83:face:b00c:0:25de       2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  icmpv6       1048    3
 6  3.346  PROXIMUS   2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de       icmpv6       1048    3
 7  3.359  PROXIMUS   2a03:2880:f121:83:face:b00c:0:25de       2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  icmpv6       1048    3
 8  4.349  PROXIMUS   2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de       icmpv6       1048    3
 9  4.364  PROXIMUS   2a03:2880:f121:83:face:b00c:0:25de       2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  icmpv6       1048    3
10  5.354  PROXIMUS   2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de       icmpv6       1048    3
11  5.368  PROXIMUS   2a03:2880:f121:83:face:b00c:0:25de       2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  icmpv6       1048    3
when ping does not answers
Code: Select all
admin@rb-00] /tool/sniffer> start
[admin@rb-00] /tool/sniffer> stop
[admin@rb-00] /tool/sniffer> packet/print
sniffer log is empty
I also sniffer at the vlan interface and when ping does not answer
Code: Select all

When no answer

[admin@rb-00] /tool/sniffer> packet/print
Columns: TIME, INTERFACE, SRC-ADDRESS, DST-ADDRESS, IP-PROTOCOL, SIZE, CPU
#  TIME    INTERFACE  SRC-ADDRESS                              DST-ADDRESS                         IP-PROTOCOL  SIZE  CPU
0  1.071   LAN        2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de  icmpv6       1062    3
1  2.073   LAN        2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de  icmpv6       1062    3
2  3.074   LAN        2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de  icmpv6       1062    3
3  4.079   LAN        2a02:a03f:ae85:5801:74a3:6942:a9fc:23a6  2a03:2880:f121:83:face:b00c:0:25de  icmpv6       1062    3
I see the request but not the response.

It looks like the traffic is sometimes not forwarded between the lan and the wan....

Whan coudl produce such "non deterministic" behaviour ?
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Fri Jun 14, 2024 12:17 pm

Here is another attempt
from the mac
Code: Select all
~ » ping6 -s 1000 facebook.com                                                                                          ec@mbp14-ec
PING6(1048=40+8+1000 bytes) 2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9 --> 2a03:2880:f121:83:face:b00c:0:25de
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=0 hlim=55 time=14.216 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=1 hlim=55 time=14.154 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=2 hlim=55 time=14.309 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=3 hlim=55 time=13.652 ms
^C
--- facebook.com ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 13.652/14.083/14.309/0.255 ms
------------------------------------------------------------------------------------------------------------------------------------
~ » ping6 -s 1000 facebook.com                                                                                          ec@mbp14-ec
PING6(1048=40+8+1000 bytes) 2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9 --> 2a03:2880:f121:83:face:b00c:0:25de
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=0 hlim=54 time=14.298 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=1 hlim=54 time=13.765 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=2 hlim=54 time=13.701 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=3 hlim=54 time=14.116 ms
^C
--- facebook.com ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 13.701/13.970/14.298/0.247 ms
------------------------------------------------------------------------------------------------------------------------------------
~ » ping6 -s 1000 facebook.com                                                                                          ec@mbp14-ec
PING6(1048=40+8+1000 bytes) 2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9 --> 2a03:2880:f121:83:face:b00c:0:25de
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=0 hlim=54 time=13.753 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=1 hlim=54 time=14.370 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=2 hlim=54 time=13.904 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=3 hlim=54 time=14.150 ms
^C
--- facebook.com ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 13.753/14.044/14.370/0.235 ms
------------------------------------------------------------------------------------------------------------------------------------
~ » ping6 -s 1000 facebook.com                                                                                          ec@mbp14-ec
PING6(1048=40+8+1000 bytes) 2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9 --> 2a03:2880:f121:83:face:b00c:0:25de
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=0 hlim=55 time=13.701 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=1 hlim=55 time=14.988 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=2 hlim=55 time=16.204 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=3 hlim=55 time=13.514 ms
^C
--- facebook.com ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 13.514/14.602/16.204/1.085 ms
------------------------------------------------------------------------------------------------------------------------------------
~ » ping6 -s 1000 facebook.com                                                                                          ec@mbp14-ec
PING6(1048=40+8+1000 bytes) 2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9 --> 2a03:2880:f121:83:face:b00c:0:25de
^C
--- facebook.com ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss
------------------------------------------------------------------------------------------------------------------------------------
~ » ping6 -s 1000 facebook.com                                                                                      2 ↵ ec@mbp14-ec
PING6(1048=40+8+1000 bytes) 2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9 --> 2a03:2880:f121:83:face:b00c:0:25de
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=0 hlim=54 time=13.548 ms
1008 bytes from 2a03:2880:f121:83:face:b00c:0:25de, icmp_seq=1 hlim=54 time=14.062 ms
^C
--- facebook.com ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 13.548/13.805/14.062/0.257 ms
------------------------------------------------------------------------------------------------------------------------------------
~ » ping6 -s 1000 facebook.com                                                                                          ec@mbp14-ec
PING6(1048=40+8+1000 bytes) 2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9 --> 2a03:2880:f121:83:face:b00c:0:25de
^C
--- facebook.com ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
from the packet sniffer
Code: Select all
 0   2.411 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
 1   2.411 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
 2   2.428 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
 3   2.428 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
 4   3.416 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
 5   3.416 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
 6    3.43 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
 7    3.43 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
 8   4.421 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
 9   4.421 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
10   4.435 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
11   4.435 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
12   5.423 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
13   5.423 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
14    5.44 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
15    5.44 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
16   6.231 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
17   6.231 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
18   6.244 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
19   6.244 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
20   7.236 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
21   7.236 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
22   7.249 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
23   7.249 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
24   8.237 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
25   8.237 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
26    8.25 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
27    8.25 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
28   9.239 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
29    9.24 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
30   9.252 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
31   9.253 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
32  10.529 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
33  10.529 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
34  10.543 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
35  10.543 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
36  11.534 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
37  11.534 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
38  11.547 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
39  11.547 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
40   12.54 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
41   12.54 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
42  12.552 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
50  14.725 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
51  14.725 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
52  15.717 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
53  15.718 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
54  15.731 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
55  15.731 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
56  16.722 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
57  16.722 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
58  16.735 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
59  16.735 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
60  17.724 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
61  17.724 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
62  17.737 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
63  17.737 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
64  18.741 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
65  18.741 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
66  18.754 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
67  18.754 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
68  19.746 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
69  19.747 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
70  19.761 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
71  19.761 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
72  20.752 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
73  20.752 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
74  20.767 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
75  20.767 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
76  21.757 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
77  21.757 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
78   21.77 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
79   21.77 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
80  23.438 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
81  24.443 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
82  25.449 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
83  26.451 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
84  27.456 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
85  28.459 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
86  30.166 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
87  30.167 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
88  30.179 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
89  30.179 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
90  31.172 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
91  31.172 PROXIMUS     2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1048   1
92  31.185 PROXIMUS     2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1048   3
93  31.185 LAN          2a03:2880:f121:83:face:b00c:0:25de         2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    icmpv6       1062   3
94   32.03 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
95  33.035 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
96   34.04 LAN          2a02:a03f:be8f:fc01:245a:dc98:a83a:eac9    2a03:2880:f121:83:face:b00c:0:25de         icmpv6       1062   1
Lines 79-86 and 93-96 shows that "some" packets are not forwarded to the PPPOE interface (PROXIUMS)...
Top
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 631
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPV6 macos intermittent packet loss

Sat Jun 15, 2024 11:14 pm

Post the routing tables on macOS (via netstat) and the router.
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Mon Jun 17, 2024 9:00 am

Post the routing tables on macOS (via netstat) and the router.
Here they are
From Mac:
Code: Select all
~ » netstat -rn -f inet6                                                                                            2 ↵ ec@mbp14-ec
Routing tables

Internet6:
Destination                             Gateway                                 Flags               Netif Expire
default                                 fe80::de2c:6eff:fe2d:4694%en0           UGcg                  en0
default                                 fe80::%utun0                            UGcIg               utun0
default                                 fe80::%utun1                            UGcIg               utun1
default                                 fe80::%utun2                            UGcIg               utun2
default                                 fe80::%utun3                            UGcIg               utun3
default                                 fe80::%utun5                            UGcIg               utun5
default                                 fe80::%utun6                            UGcIg               utun6
::1                                     ::1                                     UHL                   lo0
2a02:a03f:ae85:5801::/64                link#16                                 UC                    en0
2a02:a03f:ae85:5801:53c:338:2028:1863   1c:b3:c9:7:8b:af                        UHLWI                 en0
2a02:a03f:ae85:5801:8a5:4a86:f179:8efd  a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:8fd:4a88:9169:811b  c8:89:f3:de:b:9f                        UHL                   lo0
2a02:a03f:ae85:5801:108d:2100:1f5f:3e43 c8:89:f3:de:b:9f                        UHL                   lo0
2a02:a03f:ae85:5801:10a0:899e:582e:c65  1c:b3:c9:7:8b:af                        UHLWIi                en0
2a02:a03f:ae85:5801:1cb5:f176:110f:dad  a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:2862:eb89:7060:4cce a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:5892:421b:685d:95ab a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:5972:1f4c:bc75:2558 1c:b3:c9:7:8b:af                        UHLWI                 en0
2a02:a03f:ae85:5801:687f:6f3b:149b:47ad a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:70c7:ef8c:d73:6ef5  a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:70cb:dff2:5f0:926d  1c:b3:c9:7:8b:af                        UHLWI                 en0
2a02:a03f:ae85:5801:75e9:d3bf:7422:2ceb c8:89:f3:de:b:9f                        UHL                   lo0
2a02:a03f:ae85:5801:8096:6903:55e7:e505 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:85f5:ee20:e119:70e7 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:89a8:5e47:c654:5e88 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:957a:16b4:8ecf:5836 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:a1c2:f8bf:ab2c:acd3 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:ad90:8828:7c97:3b11 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:b4f1:1b49:3d30:e1f1 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:bd4a:cfac:745c:8c7  a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:c43d:33f0:d6f5:68c1 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:d1b8:ad3e:9593:5fc2 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:d804:9439:f4f8:9982 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:d9a1:b80e:3cf7:ccef a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:e13f:797a:3793:6702 a2:ad:53:ef:7f:d5                       UHLWI                 en0
2a02:a03f:ae85:5801:f1f7:a7ae:8830:6c17 a2:ad:53:ef:7f:d5                       UHLWI                 en0
fd9e:19af:ce79::/64                     fe80::1c8c:3c79:e64c:4c8%en0            UGc                   en0
fe80::%lo0/64                           fe80::1%lo0                             UcI                   lo0
fe80::1%lo0                             link#1                                  UHLI                  lo0
fe80::%ap1/64                           link#15                                 UCI                   ap1
fe80::e889:f3ff:fede:b9f%ap1            ea:89:f3:de:b:9f                        UHLI                  lo0
fe80::%en0/64                           link#16                                 UCI                   en0
fe80::38:68b1:ce5d:c6ef%en0             7a:75:94:64:7a:73                       UHLWI                 en0
fe80::d4:a28c:95e5:564d%en0             88:e9:fe:73:a2:75                       UHLWI                 en0
fe80::403:7b59:8835:3c33%en0            4a:73:5a:a1:96:93                       UHLWI                 en0
fe80::427:ab0b:9670:febc%en0            4a:73:5a:a1:96:93                       UHLWI                 en0
fe80::48b:455f:fa6d:665a%en0            5a:de:bb:4:35:1e                        UHLWI                 en0
fe80::c9e:64be:f875:552a%en0            60:f8:1d:aa:1a:e8                       UHLWI                 en0
fe80::cf7:f17d:ca80:27e9%en0            c8:89:f3:de:b:9f                        UHLI                  lo0
fe80::10f1:e133:3eb3:eec8%en0           2e:8:60:ca:45:20                        UHLWI                 en0
fe80::142e:ef6a:fe66:899f%en0           2:17:e:73:4f:26                         UHLWI                 en0
fe80::1431:4cbe:233a:9b36%en0           92:2e:7f:84:72:e9                       UHLWI                 en0
fe80::1445:6faf:45ea:2ae4%en0           a2:ad:53:ef:7f:d5                       UHLWIi                en0
fe80::1c23:4646:cb70:991b%en0           bc:d0:74:30:16:2                        UHLWI                 en0
fe80::1c8c:3c79:e64c:4c8%en0            1c:b3:c9:7:8b:af                        UHLWIir               en0
fe80::1cb6:5eeb:d069:4a61%en0           3a:18:6e:3:9b:9e                        UHLWI                 en0
fe80::369f:7bff:feeb:6c48%en0           34:9f:7b:eb:6c:48                       UHLWI                 en0
fe80::de2c:6eff:fe2d:4694%en0           dc:2c:6e:2d:46:94                       UHLWIir               en0
fe80::b4f5:f8ff:fe5d:a7f%awdl0          b6:f5:f8:5d:a:7f                        UHLI                  lo0
fe80::b4f5:f8ff:fe5d:a7f%llw0           b6:f5:f8:5d:a:7f                        UHLI                  lo0
fe80::%utun0/64                         fe80::8e6e:2712:23a0:b03f%utun0         UcI                 utun0
fe80::8e6e:2712:23a0:b03f%utun0         link#19                                 UHLI                  lo0
fe80::%utun1/64                         fe80::f26b:bc51:7f01:2893%utun1         UcI                 utun1
fe80::f26b:bc51:7f01:2893%utun1         link#20                                 UHLI                  lo0
fe80::%utun2/64                         fe80::feca:b8e6:128e:acd4%utun2         UcI                 utun2
fe80::feca:b8e6:128e:acd4%utun2         link#21                                 UHLI                  lo0
fe80::%utun3/64                         fe80::ce81:b1c:bd2c:69e%utun3           UcI                 utun3
fe80::ce81:b1c:bd2c:69e%utun3           link#22                                 UHLI                  lo0
fe80::%utun5/64                         fe80::9925:45d:48fd:ca3%utun5           UcI                 utun5
fe80::9925:45d:48fd:ca3%utun5           link#24                                 UHLI                  lo0
fe80::%utun6/64                         fe80::8e5d:81bb:408c:51d8%utun6         UcI                 utun6
fe80::8e5d:81bb:408c:51d8%utun6         link#25                                 UHLI                  lo0
ff00::/8                                ::1                                     UmCI                  lo0
ff00::/8                                link#15                                 UmCI                  ap1
ff00::/8                                link#16                                 UmCI                  en0
ff00::/8                                link#17                                 UmCI                awdl0
ff00::/8                                link#18                                 UmCI                 llw0
ff00::/8                                fe80::8e6e:2712:23a0:b03f%utun0         UmCI                utun0
ff00::/8                                fe80::f26b:bc51:7f01:2893%utun1         UmCI                utun1
ff00::/8                                fe80::feca:b8e6:128e:acd4%utun2         UmCI                utun2
ff00::/8                                fe80::ce81:b1c:bd2c:69e%utun3           UmCI                utun3
ff00::/8                                fe80::9925:45d:48fd:ca3%utun5           UmCI                utun5
ff00::/8                                fe80::8e5d:81bb:408c:51d8%utun6         UmCI                utun6
ff01::%lo0/32                           ::1                                     UmCI                  lo0
ff01::%ap1/32                           link#15                                 UmCI                  ap1
ff01::%en0/32                           link#16                                 UmCI                  en0
ff01::%utun0/32                         fe80::8e6e:2712:23a0:b03f%utun0         UmCI                utun0
ff01::%utun1/32                         fe80::f26b:bc51:7f01:2893%utun1         UmCI                utun1
ff01::%utun2/32                         fe80::feca:b8e6:128e:acd4%utun2         UmCI                utun2
ff01::%utun3/32                         fe80::ce81:b1c:bd2c:69e%utun3           UmCI                utun3
ff01::%utun5/32                         fe80::9925:45d:48fd:ca3%utun5           UmCI                utun5
ff01::%utun6/32                         fe80::8e5d:81bb:408c:51d8%utun6         UmCI                utun6
ff02::%lo0/32                           ::1                                     UmCI                  lo0
ff02::%ap1/32                           link#15                                 UmCI                  ap1
ff02::%en0/32                           link#16                                 UmCI                  en0
ff02::%utun0/32                         fe80::8e6e:2712:23a0:b03f%utun0         UmCI                utun0
ff02::%utun1/32                         fe80::f26b:bc51:7f01:2893%utun1         UmCI                utun1
ff02::%utun2/32                         fe80::feca:b8e6:128e:acd4%utun2         UmCI                utun2
ff02::%utun3/32                         fe80::ce81:b1c:bd2c:69e%utun3           UmCI                utun3
ff02::%utun5/32                         fe80::9925:45d:48fd:ca3%utun5           UmCI                utun5
ff02::%utun6/32                         fe80::8e5d:81bb:408c:51d8%utun6         UmCI                utun6
From Router
Code: Select all
/ipv6/route> print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP, v - VPN, g - SLAAC; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
     DST-ADDRESS               GATEWAY                            DISTANCE
DAg+ ::/0                      fe80::6aab:9ff:fe95:9c01%PROXIMUS         1
DAv+ ::/0                      PROXIMUS                                  1
DAg+ ::/0                      fe80::46d4:54ff:fef8:6d4b%VDSL            1
DAc  ::1/128                   lo                                        0
DAc  2a02:a03f:ae81:5b00::/64  VDSL                                      0
DAd  2a02:a03f:ae85:5800::/56                                            1
DAc  2a02:a03f:ae85:5800::/64  MGT                                       0
DAc  2a02:a03f:ae85:5801::/64  LAN                                       0
DAc  2a02:a03f:ae85:5802::/64  INT                                       0
DAc  2a02:a03f:ae85:5803::/64  EXT                                       0
DAc  2a02:a03f:ae85:5804::/64  DMZ                                       0
DAc  2a02:a03f:ae85:5805::/64  GUEST                                     0
DAc  2a02:a03f:bfee:c7c4::/64  PROXIMUS                                  0
DAc  fe80::%bridge/64          bridge                                    0
DAc  fe80::%PROXIMUS/64        PROXIMUS                                  0
DAc  fe80::%MGT/64             MGT                                       0
DAc  fe80::%LAN/64             LAN                                       0
DAc  fe80::%INT/64             INT                                       0
DAc  fe80::%EXT/64             EXT                                       0
DAc  fe80::%IOT/64             IOT                                       0
DAc  fe80::%DMZ/64             DMZ                                       0
DAc  fe80::%GUEST/64           GUEST                                     0
DAc  fe80::%vpn/64             vpn                                       0
DAc  fe80::%oracle/64          oracle                                    0
DAc  fe80::%VDSL/64            VDSL                                      0
DAc  fe80::%oob-bcn/64         oob-bcn                                   0
Thanks for your time
Top
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 631
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPV6 macos intermittent packet loss

Mon Jun 17, 2024 10:00 am

What physical interface is VDSL? Can you show a diagram of your VLANs?
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Mon Jun 17, 2024 12:13 pm

What physical interface is VDSL? Can you show a diagram of your VLANs?
VDSL is a vlan interface on vlan4000 ( tagged on sfp+ trunk)


Rather "unusual" for a home setup:
- in Basemant I have my VSDL modem
- ethernet interface of modem is an "hybrid"
- untagged: vdsl traffic
- vlan30 IPVT ( no used in rest of the network)
- vlan20 VOIP ( not used in rest of the network)

my vlans ( 1901-1905, 2000-2005) mac is connected to vlan2000
vlan4000 is used to ship traffic coming untagged out of the vdsl modem and tagged in all my trunks

- in basement: managed switch sw-03
- vdsl is connected to access port on vlan 4000 ( this is supposed to block vlan20 and 30 from the vsdl modem
- trunk hosting U1 ( management in "all my lan")
t4000, plus al my other vlans
- trunk connection to zyx-01

in office: managed switch zyx-02
- trunk coming from basement
- trunk going to CRS-309 core switch

in crs-309
- trunk coming from zyx
- trunk going to rb5009

in rb-5009 PPPOE is configured on an vlan interface 'untagging' vlan4000
Let's try some ascciart
Code: Select all

------basement-----

  |
  | VDSL
  |
  |
  |   +----------+
  |   |          |
  +---|  MODEM   |
      |          |
      +---+------+
          | U=vdsl, T20=voip(unused), T30=IPTV(unused)
          |
          |
          | U4000
      +---+------+
      |          |
      |  SW-03   |
      |          |
      +--+-------+
         |
         | TRUNK (4000,1901-1095,2000-2005)
      +--+-------+
      |          |
      | ZYX-02   |
      |          |
      +--+-------+
         |
         | ETH (4000,1901-1095,2000-2005) TRUNK 10GB (CATx 10GB)
---------|--------------- OFFICE---------
         |
         | ETH (4000,1901-1095,2000-2005) TRUNK 10GB (CATx 10GB)
      +--+-------+
      |          | U2000
      | ZYX-01   +---------macbookpro
      |          |
      +--+-------+
         |
         | SFP+ (4000,1901-1095,2000-2005) TRUNK 10GB
         |
      +--+------------+
      |               |
      | SW-05 CRS-309 |
      |               |
      +--+------------+
         |
         | SFP+ (4000,1901-1095,2000-2005) TRUNK 10GB
         |
         |
      +--+-------+
      |          |
      | RB5009   |
      |          |
      +--+-------+
hope it helps
EC
Top
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 631
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPV6 macos intermittent packet loss

Mon Jun 17, 2024 6:37 pm

Try sniffing all interfaces to see what happens to the lost ping packets when there are not seen on the WAN interface.
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Mon Jun 17, 2024 8:02 pm

Try sniffing all interfaces to see what happens to the lost ping packets when there are not seen on the WAN interface.
ICMP requests are entering the LAN but are not existing "WAN" see post #6 line numbers are shown
but understood I'll sniff ALL interfaces

It looks like "sometimes" the traffic is routed via the VDSL interface instead of the to the PROXIMUS ( pppoe-client)
VDSL interface is given and address by the vdsl modem in another IPV6 Range
Code: Select all
 6  3.203  ether7        2a02:a03f:ae85:5801:75e9:d3bf:7422:2ceb  2a03:2880:f121:83:face:b00c:0:25de  icmpv6         74    3
 7  3.203  bridge        2a02:a03f:ae85:5801:75e9:d3bf:7422:2ceb  2a03:2880:f121:83:face:b00c:0:25de  icmpv6         74    3
 8  3.203  LAN           2a02:a03f:ae85:5801:75e9:d3bf:7422:2ceb  2a03:2880:f121:83:face:b00c:0:25de  icmpv6         70    3
 9  3.203  VDSL          2a02:a03f:ae85:5801:75e9:d3bf:7422:2ceb  2a03:2880:f121:83:face:b00c:0:25de  icmpv6         70    3
10  3.203  bridge        2a02:a03f:ae85:5801:75e9:d3bf:7422:2ceb  2a03:2880:f121:83:face:b00c:0:25de  icmpv6         74    3
11  3.203  sfp-sfpplus1  2a02:a03f:ae85:5801:75e9:d3bf:7422:2ceb  2a03:2880:f121:83:face:b00c:0:25de  icmpv6         74    3
VDSL is also assigning an IPV4 address but I disabled the interface
Code: Select all
[admin@rb-00] /tool/sniffer> /ip/address/print
Flags: X - DISABLED, D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
 #   ADDRESS           NETWORK       INTERFACE
 0   172.19.1.1/24     172.19.1.0    MGT
 1   172.20.0.1/16     172.20.0.0    LAN
 2   172.21.0.1/16     172.21.0.0    INT
 3   172.22.0.1/16     172.22.0.0    EXT
 4   172.23.0.1/16     172.23.0.0    IOT
 5   172.19.2.1/24     172.19.2.0    DMZ
 6   172.19.3.1/24     172.19.3.0    GUEST
 7 X 192.168.1.250/24  192.168.1.0   VDSL
 8   172.19.4.1/24     172.19.4.0    vpn
 9   10.149.255.3/24   10.149.255.0  oracle
10   10.255.255.1/30   10.255.255.0  oob-bcn
11 D 91.178.141.18/32  10.24.97.187  PROXIMUS
So now how to disable this IPV6 address ? there is nothing specificaly configured


Code: Select all
[admin@rb-00] /ipv6/address> export
# 2024-06-17 20:43:20 by RouterOS 7.15.1
# software id = QAZ7-JG2P
#
# model = RB5009UG+S+
# serial number = EC190F362DB6
/ipv6 address
add address=::1 from-pool=PROXIMUS interface=LAN
add address=::1 from-pool=PROXIMUS interface=INT
add address=::1 from-pool=PROXIMUS interface=EXT
add address=::1 from-pool=PROXIMUS interface=DMZ
add address=::1 from-pool=PROXIMUS interface=MGT
add address=::1 from-pool=PROXIMUS interface=GUEST



20 DG 2a02:a03f:ae81:5b00:de2c:6eff:fe2d:4694/64             VDSL       no
21 DG 2a02:a03f:bfee:c7c4:4251:5c67:0:c/64                   PROXIMUS   no

[admin@rb-00] /ipv6/address> set 20 disabled=yes
failure: can not change dynamic address
[admin@rb-00] /ipv6/address>
trying this
Code: Select all
 /ipv6/address> set accept-router-advertisements=no
Top
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 631
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPV6 macos intermittent packet loss

Tue Jun 18, 2024 8:29 am

I cannot give you a solution, but it seems strange that you have 3 default routes of equal distance in the routing table of RouterOS. Have a critical look at your LAN / VLAN / bridge layout, something is amiss there. It is possible that the issue is not related to IPv6 at all.
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Tue Jun 18, 2024 8:58 am

I cannot give you a solution, but it seems strange that you have 3 default routes of equal distance in the routing table of RouterOS. Have a critical look at your LAN / VLAN / bridge layout, something is amiss there. It is possible that the issue is not related to IPv6 at all.
I think
Code: Select all
/ipv6/address> set accept-router-advertisements=no
"solved" the issue
Code: Select all
[admin@rb-00] > /ipv6/route/print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP, v - VPN
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS               GATEWAY   DISTANCE
DAv ::/0                      PROXIMUS         1
DAc ::1/128                   lo               0
DAd 2a02:a03f:ae85:5800::/56                   1
DAc 2a02:a03f:ae85:5800::/64  MGT              0
DAc 2a02:a03f:ae85:5801::/64  LAN              0
DAc 2a02:a03f:ae85:5802::/64  INT              0
DAc 2a02:a03f:ae85:5803::/64  EXT              0
DAc 2a02:a03f:ae85:5804::/64  DMZ              0
DAc 2a02:a03f:ae85:5805::/64  GUEST            0
DAc fe80::%bridge/64          bridge           0
DAc fe80::%PROXIMUS/64        PROXIMUS         0
DAc fe80::%MGT/64             MGT              0
DAc fe80::%LAN/64             LAN              0
DAc fe80::%INT/64             INT              0
DAc fe80::%EXT/64             EXT              0
DAc fe80::%IOT/64             IOT              0
DAc fe80::%DMZ/64             DMZ              0
DAc fe80::%GUEST/64           GUEST            0
DAc fe80::%vpn/64             vpn              0
DAc fe80::%oracle/64          oracle           0
DAc fe80::%VDSL/64            VDSL             0
DAc fe80::%oob-bcn/64         oob-bcn          0
It looked like I overlooked the fact that in IPV6 a device is either a host either a router.
A router hands address out ( dhcp, ra), a host "receives" address.
In my case, the interface ( VDSL) I use to create the pppoe session to the Internet assigned itself an address handed out by the vdsl modem.

By deconfiguring the accept-router-advertisements , my router becomes a "pure" router ( I receives a Prefix with dhcp-pd through pppoe session ) and only uses this address range
Let's see, I'll let a ping test run for a day or two.
But I can'l make test-ipv6 fail anymore by repeatly refreshing the page...
Thanks for your help, you guided me well in using the diag tools
Top
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 631
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPV6 macos intermittent packet loss

Tue Jun 18, 2024 8:30 pm

I’d keep the RA on in the setting and instead worked with the raw rules of the IPv6 firewall to drop all ICMPv6 (which includes RAs) coming via interfaces where IPv6 is not desirable.

One notable use case for having RAs in home network is IoT and the Thread protocol, it uses RAs. Apple TV does that when configured as a home hub.
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Wed Jun 19, 2024 7:20 am

I’d keep the RA on in the setting and instead worked with the raw rules of the IPv6 firewall to drop all ICMPv6 (which includes RAs) coming via interfaces where IPv6 is not desirable.

One notable use case for having RAs in home network is IoT and the Thread protocol, it uses RAs. Apple TV does that when configured as a home hub.
Thanks for the tip, I'll look into it !
I get your point, but even the default value ( yes-if-forwarding-disabled ) of accept-router-advertisements would lead to an actual behaviour of "no" as the very nature of this device is to forward packets.
Top
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 631
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPV6 macos intermittent packet loss

Wed Jun 19, 2024 8:57 pm

IMHO the default value is wrong (at least for home networks) and is still set as such solely for backwards compatibility.

I recommend the following for further reading:
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Fri Jun 21, 2024 7:23 pm

I’d keep the RA on in the setting and instead worked with the raw rules of the IPv6 firewall to drop all ICMPv6 (which includes RAs) coming via interfaces where IPv6 is not desirable.

One notable use case for having RAs in home network is IoT and the Thread protocol, it uses RAs. Apple TV does that when configured as a home hub.
Tried
Code: Select all
print
                  disable-ipv6: no
                       forward: yes
              accept-redirects: yes-if-forwarding-disabled
  accept-router-advertisements: yes
          max-neighbor-entries: 8192
and
Code: Select all
admin@rb-00] /ipv6/firewall/raw> print
Flags: X - disabled, I - invalid; D - dynamic
 0 X  chain=prerouting action=drop in-interface=VDSL log=yes protocol=icmpv6
( of course enabled)
But il looks like the rule block icmpv6 coming on both the VDSL interface ( vlan interface "connected" to the vdsl modem) and the icmpv6 destinated to the "pppoe" session traveling on this interface.

moreover, this post viewtopic.php?t=203229#p1047439 advices to disable accept-router-advertisements
Top
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 631
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: IPV6 macos intermittent packet loss

Sat Jun 22, 2024 12:44 am

Yeah, I'm of little help here as I do not work with PPPoE. Try Mikrotik support, perhaps they can give you a solution without disabling `accept-router-advertisements`.
Top
 
ech1965
newbie
Topic Author
Posts: 37
Joined: Wed Mar 20, 2019 3:53 pm

Re: IPV6 macos intermittent packet loss

Sat Jun 22, 2024 9:53 am

Yeah, I'm of little help here as I do not work with PPPoE. Try Mikrotik support, perhaps they can give you a solution without disabling `accept-router-advertisements`.
Thanks a lot for your help so far !
Top
 
varkey
just joined
Posts: 5
Joined: Fri Jul 20, 2018 2:51 pm

Re: IPV6 macos intermittent packet loss

Thu Jul 11, 2024 7:41 pm

I think
Code: Select all
/ipv6/address> set accept-router-advertisements=no
"solved" the issue
I was seeing the very same issue and was scratching my head. Was relieved to see your thread and indeed disabling RA did fix the issue for me.

However, I do have a backup link which requires RA to fetch an IPv6 address. Will see how to get that working, perhaps the earliest suggestion to block RA for the specific interfaces.
Top
Post Reply
  4. RouterOS
  5. Beginner Basics