It appears that what I reported in my last post was incorrect. The two Ubuntu servers are brought up exactly as I expected, and seem to work perfectly either for some (short) period of time, or possibly for one interaction with the router, after which the server on lan_server
(ie, VLAN10) appears to gain an IP address and a route on a prefix that is not delegated to that interface. I assume that has to be coming from OpenWRT as some kind of NDP or RA packet, presumably because I've misconfigured something.
This console trace is from the ubuntu server attached to the lan_server
interface, after that was freshly restarted and the server rebooted. 2001:XXX:XXXX:XXXX::0/64
is the prefix delegated from my overlay ISP (via my L2TP tunnel), and 2001:YYY:YYYY::0/64
is the prefix delegated to the other interface (lan
) from my Hurricane Electric (6in4) tunnel, which acts as my bulk IPv6 ISP.
We can see 6 IP addresses defined on the ethernet interface. The first three are provisioned by DHCP, the next two by SLAAC (judging by the MAC & hostname), and the last is the NDP-created link-local address used to self-configure basic connectivity, namely:
- IPv4 address for eth0: 192.168.251.212
- IPv6 address for eth0: fdb4:0:0:1::212
- IPv6 address for eth0: 2001:XXX:XXXX:XXXX::212
- IPv6 address for eth0: fdb4::1:ba27:ebff:fe73:a5ba
- IPv6 address for eth0: 2001:XXX:XXXX:XXXX:ba27:ebff:fe73:a5ba
- IPv6 address for eth0: fe80::ba27:ebff:fe73:a5ba/64
We can see that the prefixes available are fdb4::1/64
and 2001:XXX:XXXX:XXXX/64
, which matches my ULA and my overlay ISP delegated prefix, and agrees with the setting of the IPv6 prefix filters on this (lan_server
) interface.
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Tue Apr 29 18:40:32 BST 2025
System load: 1.42
Usage of /: 8.0% of 28.69GB
Memory usage: 25%
Swap usage: 0%
Temperature: 48.3 C
Processes: 145
Users logged in: 0
IPv4 address for eth0: 192.168.251.212
IPv6 address for eth0: fdb4:0:0:1::212
IPv6 address for eth0: 2001:XXX:XXXX:XXXX::212
IPv6 address for eth0: fdb4::1:ba27:ebff:fe73:a5ba
IPv6 address for eth0: 2001:XXX:XXXX:XXXX:ba27:ebff:fe73:a5ba
* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
just raised the bar for easy, resilient and secure K8s cluster deployment.
https://ubuntu.com/engage/secure-kubernetes-at-the-edge
Last login: Tue Apr 29 18:34:57 2025 from 192.168.252.119
user@ubuntu-pi1:~$ sudo cat /etc/netplan/50*.yaml; echo "---"; netplan status; echo "---"; resolvectl;
[sudo] password for user:
network:
version: 2
ethernets:
eth0:
optional: true
dhcp4: true
nameservers:
search: [site1.lan, site2.lan]
---
Online state: online
DNS Addresses: 127.0.0.53 (stub)
DNS Search: site1.lan
site2.lan
● 1: lo ethernet UNKNOWN/UP (unmanaged)
MAC Address: 00:00:00:00:00:00
Addresses: 127.0.0.1/8
::1/128
● 2: eth0 ethernet UP (networkd: eth0)
MAC Address: b8:27:eb:73:a5:ba (Microchip Technology, Inc. (formerly SMSC))
Addresses: 192.168.251.212/24 (dynamic, dhcp)
fdb4:0:0:1::212/128 (dynamic, dhcp)
2001:XXX:XXXX:XXXX::212/128 (dynamic, dhcp)
fdb4::1:ba27:ebff:fe73:a5ba/64 (dynamic, ra)
2001:XXX:XXXX:XXXX:ba27:ebff:fe73:a5ba/64 (dynamic, ra)
fe80::ba27:ebff:fe73:a5ba/64 (link)
DNS Addresses: 192.168.251.1
fdb4:0:0:1::1
2001:XXX:XXXX:XXXX::1
DNS Search: site1.lan
site2.lan
Routes: default via 192.168.251.1 from 192.168.251.212 metric 100 (dhcp)
192.168.251.0/24 from 192.168.251.212 metric 100 (link)
192.168.251.1 from 192.168.251.212 metric 100 (dhcp, link)
2001:XXX:XXXX:XXXX::/64 metric 100 (ra)
fdb4:0:0:1::/64 metric 100 (ra)
fe80::/64 metric 256
default via fe80::9683:c4ff:fea2:e8df metric 100 (ra)
1 inactive interfaces hidden. Use "--all" to show all.
---
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.251.1
DNS Servers: 192.168.251.1 fdb4:0:0:1::1 2001:XXX:XXXX:XXXX::1
DNS Domain: site1.lan site2.lan
Default Route: yes
Link 3 (wlan0)
Current Scopes: none
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Default Route: no
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ # At this point the server seems to be configured correctly ... see routes
user@ubuntu-pi1:~$ # to ipv6.google.com and to my "other" server on my "lan" interface.
user@ubuntu-pi1:~$ # If I were to ping either of these now, they would work - once.
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ ip -6 r get to 2a00:1450:4009:815::200e
2a00:1450:4009:815::200e from :: via fe80::9683:c4ff:fea2:e8df dev eth0 proto ra src 2001:XXX:XXXX:XXXX::212 metric 100 pref medium
user@ubuntu-pi1:~$ ip -6 r get to fdb4::22
fdb4::22 from :: via fe80::9683:c4ff:fea2:e8df dev eth0 proto ra src fdb4:0:0:1::212 metric 100 pref medium
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ # Now wait a few minutes ...
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ date
Tue Apr 29 18:41:53 BST 2025
user@ubuntu-pi1:~$ date
Tue Apr 29 18:51:36 BST 2025
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ # Now look at the IP addresses and routes ...
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ sudo netplan status; echo "---"; resolvectl;
Online state: online
DNS Addresses: 127.0.0.53 (stub)
DNS Search: site1.lan
site2.lan
● 1: lo ethernet UNKNOWN/UP (unmanaged)
MAC Address: 00:00:00:00:00:00
Addresses: 127.0.0.1/8
::1/128
● 2: eth0 ethernet UP (networkd: eth0)
MAC Address: b8:27:eb:73:a5:ba (Microchip Technology, Inc. (formerly SMSC))
Addresses: 192.168.251.212/24 (dynamic, dhcp)
2001:YYY:YYYY:0:ba27:ebff:fe73:a5ba/64 (dynamic, ra)
fdb4::ba27:ebff:fe73:a5ba/64 (dynamic, ra)
fdb4:0:0:1::212/128 (dynamic, dhcp)
2001:XXX:XXXX:XXXX::212/128 (dynamic, dhcp)
fdb4::1:ba27:ebff:fe73:a5ba/64 (dynamic, ra)
2001:XXX:XXXX:XXXX:ba27:ebff:fe73:a5ba/64 (dynamic, ra)
fe80::ba27:ebff:fe73:a5ba/64 (link)
DNS Addresses: 192.168.251.1
fdb4:0:0:1::1
2001:XXX:XXXX:XXXX::1
2001:YYY:YYYY::1
DNS Search: site1.lan
site2.lan
Routes: default via 192.168.251.1 from 192.168.251.212 metric 100 (dhcp)
192.168.251.0/24 from 192.168.251.212 metric 100 (link)
192.168.251.1 from 192.168.251.212 metric 100 (dhcp, link)
2001:YYY:YYYY::/64 metric 100 (ra)
2001:XXX:XXXX:XXXX::/64 metric 100 (ra)
fdb4::/64 metric 100 (ra)
fdb4:0:0:1::/64 metric 100 (ra)
fe80::/64 metric 256
default via fe80::9683:c4ff:fea2:e8df metric 100 (ra)
1 inactive interfaces hidden. Use "--all" to show all.
---
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.251.1
DNS Servers: 192.168.251.1 fdb4:0:0:1::1 2001:XXX:XXXX:XXXX::1 2001:YYY:YYYY::1
DNS Domain: site1.lan site2.lan
Default Route: yes
Link 3 (wlan0)
Current Scopes: none
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Default Route: no
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ # Again, ask for specific routes to ipv6.google.com and my other server.
user@ubuntu-pi1:~$ # Note the changes.
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ ip -6 r get to 2a00:1450:4009:815::200e
2a00:1450:4009:815::200e from :: via fe80::9683:c4ff:fea2:e8df dev eth0 proto ra src 2001:YYY:YYYY:0:ba27:ebff:fe73:a5ba metric 100 pref medium
user@ubuntu-pi1:~$ ip -6 r get to fdb4::22
fdb4::22 from :: dev eth0 proto ra src fdb4::ba27:ebff:fe73:a5ba metric 100 pref medium
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ # Try to actually ping - fails
user@ubuntu-pi1:~$ #
user@ubuntu-pi1:~$ ping -6 -c 1 2a00:1450:4009:815::200e
PING 2a00:1450:4009:815::200e (2a00:1450:4009:815::200e) 56 data bytes
--- 2a00:1450:4009:815::200e ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
user@ubuntu-pi1:~$ ping -6 -c 1 fdb4::22
PING fdb4::22 (fdb4::22) 56 data bytes
From fdb4::ba27:ebff:fe73:a5ba icmp_seq=1 Destination unreachable: Address unreachable
--- fdb4::22 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
Looking at the output from that second netplan status
command, we can see that 2001:YYY:YYYY:0:ba27:ebff:fe73:a5ba/64 (dynamic, ra)
has been provisioned on the interface, allegedly by an "ra". Ditto a DNS server and a route using that prefix.
I feel like I must be missing something really obvious here. Can anyone help?