Could you provide config from several items?
How many nodes do we need to reproduce it?

Hi,

You can test with 3-5 servers, the config is basic for each server:

For example what I have for server 1:

set interfaces ethernet eth0 vif xx address '10.0.0.1/24'
set interfaces ethernet eth0 vif xx address 'fdfd:8888::5:8218:1/48'

For example what I have for server 2:

set interfaces ethernet eth0 vif xx address '10.0.0.2/24'
set interfaces ethernet eth0 vif xx address 'fdfd:8888::5:7050:1/48'

And the ping between fdfd:8888::5:8218:1 and fdfd:8888::5:8218:2 do not work, but after I set static mac address works and with the command: show ipv6 neighbors, I see that the ipv6 is set permanent.

On the older version sometime I loose ipv6 connection and I did not know why, and I see that if I enter in the configuration and I delete the ipv6 and set again and apply config it start working and works for some weeks and months and after this you have again the issue. In the last version seems that the issue is more frequent.

Hi,

I add here what I just found and I can reproduce the issue everytime.

S1 configuration:
set interfaces ethernet eth0 address '10.0.0.1/24'
set interfaces ethernet eth0 address 'fdfd:8888::5:8218:1/48'

S2 configuration:
set interfaces ethernet eth0 address '10.0.0.2/24'
set interfaces ethernet eth0 address 'fdfd:8888::5:7050:1/48'

If you connect directly everything works.

Now If we add vyos bridge between s1 and s2 ipv6 will stop working. I will put the new configuration here:

S1 configuration:
set interfaces ethernet eth0 address '10.0.0.1/24'
set interfaces ethernet eth0 address 'fdfd:8888::5:8218:1/48'

S2 configuration:
set interfaces ethernet eth0 address '10.0.0.2/24'
set interfaces ethernet eth0 address 'fdfd:8888::5:7050:1/48'

Note that

eth0 port for S1 is on vlan 22
eth0 port for S2 is on vlan 23

Bridge configuration:

set interfaces bridge br0 member interface eth0
set interfaces bridge br0 member interface eth1
set interfaces ethernet eth0 (this command is required to make the interface up)
set interfaces ethernet eth1 (this command is required to make the interface up)

Note that

eth0 port for bridge is on vlan 22
eth1 port for bridge is on vlan 23

After this setup the ipv4 works without any issue but the ipv6 works only If I set static ip on each server, for example:

sudo ip -6 neigh del fdfd:8888::5:8218:1 lladdr ce:4c:ae:49:4a:32 dev eth0
sudo ip -6 neigh del fdfd:8888::5:7050:1 lladdr be:db:40:c2:8d:16 dev eth0

sudo ip -6 neigh add fdfd:8888::5:8218:1 lladdr ce:4c:ae:49:4a:32 dev eth0
sudo ip -6 neigh add fdfd:8888::5:7050:1 lladdr be:db:40:c2:8d:16 dev eth0

If you need, I can give you access to test.

I think the issue is realated to this: https://blog.ipspace.net/2014/09/ipv6-neighbor-discovery-nd-and.html

I am having this exact problem and it evidently has been a problem for quite a few years.

MOST OF THE TIME, the IPv6 NDP works correctly but SOMETHING causes it to stop working and I fiddle with stuff for hours or days and then it suddenly starts working again.

At the moment, ONE of my MAC OS (Ventural 13.4.1) boxes can't ping the VyOS router on IPv6 address but my Dell laptop on Windows 10 can.

When I do a "show ipv6 neigh | grep -i IPV6_ADDRESS_OF_MAC_OS" then it shows:

2603:XXXX:YYYY:ZZZZ::202 dev eth1.2 FAILED

It only seems to have problems maybe 2-3 times a year, most of the time it works fine.

I have not been able to determine how or when it stops working or starts working again.

VERY FRUSTRATING! Usually only one computer or two computers out of 20-50 have this problem intermittently and it is never the same set twice.

Any ideas on fixes?

Wierd that it is so intermittent.

Are there any workarounds?

I tried "reset ipv6 neighbors address 2603:XXXX:YYYY:ZZZZ::202" and "reset ipv6 neighbors interface eth1.2" and it still can't ping from my router to my MAC or my MAC to my router.

I've verified that I see incoming ping6 requests but there is not response and I show the above ndp entry as FAILED.

Rebooting the router "fixed" it and now I can "ping6 2603:XXXX:YYYY:ZZZZ::202" and get responses and "show ipv6 neighbors" now shows

2603:XXXX:YYYY:ZZZZ::202 dev eth1.2 aa:bb:cc:dd:ee:ff:00 REACHABLE

1. How is the physical topology (can you provide a drawing)?

2. Does this occur also for hosts that are directly connected to the VyOS router?

3. You say rebooting the router fixes this, but what about rebooting the server next time - will that also make things to work (that is dont reboot VyOS router but reboot the host instead)?

4. The IPv6 address you see and can ping after reboot of VyOS, is it the same address as previously or does the host apply some kind of "IPv6 privacy" on that ("normally" the last part is made up of the host mac-address but with "IPv6 privacy" enabled that part is scrambled and get get changed over time unless statically assigned)?

1. Vyos Router <-> Switch <-> Multiple Computers

2. No, all devices are interconnected via a Switch.

3. I've tried rebooting the server and that doesn't fix it.

4. I'm using DHCPv6 with reserved addresses so there is only 1 IPv6 address per host and they don't change when the computer is rebooted or DHCPv6 device is renewed.

I hope that answers your questions.

Please let me know if any other information can be supplied.

How is your IPv6 config from the VyOS config?

That is for interface, dhcpv6-server, router-advert, system ipv6 and whatever else I have missed.

Do something like "show configuration commands | strip-private" and post relative bits.

I assume you use latest VyOS 1.4-rolling available (1.4-rolling-202308060317 as of writing according to https://vyos.net/get/nightly-builds/)?

Hi,

I can confirm that the issue is still here, something is wrong and usually when you assign ipv6 address to sub-interface like vlan or bridge etc.

I was able to fix the issue by enable ndp proxy and on one router I do not have issue from months, but in another still happens.

To enable ndp proxy here is the config:

sysctl sys.net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1

The issue is not exaclty like below because sometime works and sometine loose the arp of the ipv6 and if you delete will work again or not, and in the explication all the time will not work or will work.

Ipv6 works quit different than ipv4 and here is an explication:

If in IPv4 we have ARP (Address Resolution Protocol), in the case of IPv6 we have NDP (Neighbor Discovery Protocol). In simple networks, things work wonderfully. However, recently I encountered a situation where I had to use NDP proxy in Linux.

Let's consider a system running FreeBSD, with the interface bge0 connected to another system running Linux (e.g., Ubuntu 24). On Linux, the interface to which the cable is connected is em1.

On the Linux system, we have created a virtual interface called dummy0 with an assigned IPv6 address.

You will notice that if you ping6 from the FreeBSD system to 2a00:2222:4/48, you will not receive any response. The explanation is that the FreeBSD system sends out an "ICMP6, neighbor solicitation" message into the network, to which the Linux system does not respond, even though the respective address is configured there. If the IPv6 address was configured on the em1 interface of the Linux system, then it would respond with an "ICMP6, neighbor advertisement" message.

How can we solve this situation and enable data transfer between the two systems? One quick and easy solution would be to move the IPv6 address to the em1 interface, but sometimes this is not possible for various reasons. The second solution, which I used, involves some additional settings on the Linux system:

Enable forwarding for IPv6:
sysctl sys.net.ipv6.conf.all.forwarding=1
Enable NDP proxy:
net.ipv6.conf.all.proxy_ndp=1
Define the IP address for which the system will add an NDP proxy:
ip neigh add proxy 2a00:2222:4/48 dev em1

That's it!
Note: The IPv6 addresses used in this article are for illustrative purposes only and are randomly generated.