tech-net: Re: Status inquiry about kern/29150 (and related: kern/29149)

Subject: Re: Status inquiry about kern/29150 (and related: kern/29149)
To: None <tech-net@netbsd.org>
From: Gert Doering <gert@greenie.muc.de>
List: tech-net
Date: 03/29/2005 21:35:33
In muc.lists.netbsd.tech.net I wrote:

>In muc.lists.netbsd.tech.net Miles Nordin wrote:

>>>>>>> "gd" == Gert Doering <gert@greenie.muc.de> writes:

>>    gd> Due to Sparc64-recursive-softinterrupts issues,

>>I'm about to colocate a 1U sparc64, and it needs to do tunnels.  So,
>>it won't work?  Is there a workaround for this---for example if I do
>>only IPv4-in-IPv4 and only IPv6-in-IPv6 tunnels, will it work ok?  Or
>>is there a reasonable way to make the max packet delay 10ms?

>Only mixed-protocol tunnels exhibit the problem (you're inside of
>an IPv4 softinterrupt, and after unpacking an IPv6 packet, you schedule
>an IPv6 softinterrupt, which is then delayed for some high amount of
>time - typically 500ms...1s on my systems).

Good news!  

Chuck Silvers asked me to test rev 1.204 of sparc64/locore.s (which is 
what is in -current, and which is known to fix a number of Sparc64 
softirq problems), and the scheduling problems are *gone*:

cisco2514#ping 2001:608:4:4444::4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:608:4:4444::4, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms

this is a IPv6-over-GRE-over-IPv4 tunnel between two neighbouring
devices on the LAN, but as this is the test bed I've used for all my 
experiments, it's sufficient proof to me.


BTW, below is a documentation patch to gre.4 that shows an example how 
to configure the GRE tunnel between NetBSD and Cisco...

gert
------------ snip ------------
Index: gre.4
===================================================================
RCS file: /cvsroot/src/share/man/man4/gre.4,v
retrieving revision 1.29
diff -u -r1.29 gre.4
--- gre.4	7 Feb 2004 18:34:57 -0000	1.29
+++ gre.4	29 Mar 2005 19:26:36 -0000
@@ -210,6 +210,48 @@
 Note that this is a safe situation where the link1 flag (as discussed in the
 .Sx BUGS
 section below) may (and probably should) be set.
+.Pp
+Along these lines, you can use GRE tunnels to interconnect two IPv6 
+networks over an IPv4 infrastructure, or to hook up to the IPv6 internet
+via an IPv4 tunnel to a Cisco router.
+.Bd -literal
+2001:db8:1::/64 -- NetBSD A  -----tunnel----- Cisco B --- IPv6 Internet
+                   \\                              /
+                    \\                            /
+                      +----- the Internet ------+
+
+.Ed
+The example will use the following addressing: NetBSD A has the 
+IPv4 address A and the IPv6 address 2001:db8:1::1 (connects to internal
+network 2001:db8:1::/64).  Cisco B has external IPv4 address B.  All
+the IPv6 internet world is behind B, so A wants to route 0::0/0 (the IPv6 
+default route) into the tunnel.  The GRE tunnel will use a transit 
+network: 2001:db8:ffff::1/64 on the NetBSD side, and ::2/64 on the Cisco 
+side.  
+Then the following commands will configure the tunnel:
+.Pp
+On router A (NetBSD):
+.Bd -literal
+   # ifconfig greN create
+   # ifconfig greN inet6 2001:db8:ffff::1/64 
+   # ifconfig greN tunnel A B
+   # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN
+   # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN
+.Ed
+.Pp
+On router B (Cisco):
+.Bd -literal
+   Interface TunnelX
+     tunnel mode gre ip
+     ipv6 address 2001:db8:ffff::2/64   ! transfer network
+     tunnel source B                    ! e.g. address from LAN interface
+     tunnel destination A               ! where the tunnel is connected to
+   ipv6 route 2001:db8::/64 TunnelX     ! route this network through tunnel
+.Ed
+.Pp
+Note that this is a safe situation where the link1 flag (as discussed in the
+.Sx BUGS
+section below) may (and probably should) be set.
 .Sh NOTES
 The MTU of
 .Sy gre Ns Ar X
@@ -223,7 +265,8 @@
 device needs a route to the destination that is less specific than the
 one over the tunnel.
 (Basically, there needs to be a route to the decapsulating host that
-does not run over the tunnel, as this would be a loop.)
+does not run over the tunnel, as this would be a loop.  This is not
+relevant for IPv6-over-IPv4 tunnels, of course.)
 If the addresses are ambiguous, doing the
 .Xr ifconfig 8
 .Li tunnel
------------ snip ------------
-- 
gert@greenie.muc.de   fax: +49-89-35655025   http://alpha.greenie.net/mgetty/

If I do not return to the pulpit this weekend, millions of people will go
to hell.
	-- Jimmy Swaggart, 5/20/88