Strange speed problems with ipv6 forwarding

Andras Toth diosbejgli at gmail.com
Sat Oct 10 05:12:36 CEST 2015


Hi Frank,

As Matt and me earlier pointed out it sounds like the router is
sending ICMP Redirects because they are on a common segment and the
router tries to tell the host a better route exist. You can read more
about redirects here:
http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html

The slowness occurs as the router cannot forward packets in its
dedicated fast circuits (ASIC or data-plane) because it needs to send
an ICMP Redirect packet to each packet on the same subnet. This is
done in the router CPU (control-plane) which is slower than the
dedicated circuits in the router data-plane.

Try disabling IPv6 redirects, on Cisco routers it's generally "no ipv6
redirects" on the routed interfaces, such as the L3 ports or VLAN
Interfaces (SVI). Alternatively fix your topology and routing to
ensure the return traffic does not go through the router in the same
subnet.

You most likely have "no ip redirects" configured already on the
router for v4, that's why for IPv4 it is fast, because the router
won't have to generate ICMP packets for v4 traffic and they go through
the data-plane and CPU does not slow them down.

Let me know if this solves the problem and if you have any other questions.

Best regards,
Andras


On Sat, Oct 10, 2015 at 12:22 AM, Frank Steiner
<fsteiner-mail1 at bio.ifi.lmu.de> wrote:
> Matt Rowley wrote
>
>>> I got one step further. tracerout shows that route from inside (A)
>>> outside (B) is A->F->B with F being my firewall.
>>>
>>> But route from B to A goes through the router. I've setup all hosts
>>> in the subnet in front of the firewall to route their packets through
>>> the router R that our data center configured for this subnet.
>>>
>>> Thus it's B->R->F->A. The same happens for ipv4, no ->R-> when
>>> sending from A to B, but via R from B to A. While it's fast for
>>> ipv4, it's slow for ipv6. So I added a route for the internal
>>> subnet to the routing table of B so that the trace now shows
>>> B->F->A. And then the copying between A and B is at full speed
>>> of 112MB/s.
>>
>> Hi Frank,
>>
>> So, R, B, and F all have legs on a common network segment, right?
>
> Yes!
>
>> And B points to R for default gateway?
>
> Right.
>
>> Does B have routes in its table so that it knows to point to F in
>> order to reach A?
>
> That's what I tried to describe above. By default it doesn't and that's
> when the traffic slow. When I add such a route, the traffic is fast.
> I just don't why it's slow without that route for ipv6 only, while
> ipv4 has no problems routing through R first. Well, maybe...
>
>> If not, it is sending packets to R, who is probably returning ICMP
>> redirects to B. Perhaps B is dropping them?
>
> ...sth. like that. As far as I understand, ipv6 tries to dynamically
>  configure better routes while ipv4 doesn't.
>
>> A tcpdump on R, B, and F might help show you what's going on.
>
> I'm not really familiar with tcpdump, but I will figure out!
>
> cu,
> Frank
>
>
> --
> Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
> Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
> LMU, Amalienstr. 17           Phone: +49 89 2180-4049
> 80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
> * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *


More information about the ipv6-ops mailing list