Hey folks,
Every so often, one or more interfaces on my access points stops routing traffic. Most often, IPv6 routing breaks and IPv4 keeps working but sometimes IPv4 breaks and IPv6 keeps working, or both break together.
When IPv6 routing is broken...
-
The access point's log contains one recent instance of: "br-guest: received packet on eth1.40 with own address as source address (addr:aa:aa:aa:03:00:40, vlan:0)".
-
Running tcpdump on a router upstream of the access point while pinging the broken interface shows a steady stream of icmp6 (NDP) neighbor-solicitation packets but no neighbor-advertisements in reply.
-
Running tcpdump on the access point itself unbreaks the routing! Right away, the dumps show a neighbor-solicitation packet, its neighbor-advertisement reply, and echo-requests/replies getting through as expected.
-
Similarly, restarting the interface on the access point unbreaks the routing.
-
Once unbroken, routing continues to work for some indefinite period. I haven't observe any pattern to the interval.
(I haven't investigated the IPv4 breaks closely yet but I'd guess the traffic is getting dropped similarly.)
More details...
-
The access points each have 2 radios each with 3 networks configured (for lan, infra, guest). These networks are bridged to their corresponding Ethernet vlans. For example, the "br-guest" bridge mentioned above contains eth1.40, wifi-guest (2.4 GHz), wifi-guest (5 GHz).
-
Each of the 3 bridged interfaces on the access point has a unique MAC address.
-
I'm pretty confident that my network doesn't contain any loops or meshes.
-
Enabling/disabling STP has no effect.
-
Enabling/disabling wifi networks has no effect.
-
Making changes upstream of the access points has no effect.
-
The only thing that seems to unbreak routing is touching the interface, either by restarting it or by attaching tcpdump (enter promiscuous mode). This works every time.
-
Remember, the interface isn't completely dead. Routing over IPv4 can continue even while IPv6 is broken and vice-versa.
-
This problem affects both of my Archer C7 v2s running OpenWRT 19.07.7.
So I'm pretty stumped at this point. It seems like the kernel just gives up routing IPv4 or IPv6 traffic over the bridge interface when it encounters a self-addressed packet. I've no idea where that packet is coming from anyhow.
Advice welcome!
Jeff.