IPv6 - troubleshooting a "invalid interface or local address" error

sgilbert · July 14, 2017, 4:21pm

When I attempt to ping any ipv6 address from one specific interface, I receive the error “invalid interface or local address”:

 > /ping address=fe80::1 interface=ether1-wan count=3  
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                  
    0                                                         invalid interface or local address                      
    1                                                         invalid interface or local address                      
    2                                                         invalid interface or local address                      
    sent=3 received=0 packet-loss=100%

As far as I can tell, both the interface and the local address are just fine:

> /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1-wan                          ether            1500  1598       4074 E4:8D:8C:50:8A:E0
 1  R  ether2-lan                          ether            1500  1598       4074 E4:8D:8C:50:8A:E1
 2  R  ether3-mirror-wan                   ether            1500  1598       4074 E4:8D:8C:50:8A:E2
 3   S ether4                              ether            1500  1598       4074 E4:8D:8C:50:8A:E3
 4  RS ether5                              ether            1500  1598       4074 E4:8D:8C:50:8A:E4

> /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                        ADVERTISE
 0 DL fe80::e68d:8cff:fe50:8ae2/64                          ether3-mirror-wan                                no       
 1 DL fe80::e68d:8cff:fe50:8ae0/64                          ether1-wan                                       no       
 2 DL fe80::e68d:8cff:fe50:8ae1/64                          ether2-lan                                       no

I’ve tried increasing the log level to debug, but no additional information is provided.

I seem to be unable to send any ipv6 traffic out this interface - for example, dhcpv6-client “solicit” requests never seem to actually leave the interface. (there are no outgoing firewall filter restrictions). Only the “ping” command returns an actual error message - all other operations that attempt to send ipv6 packets just silently fail.

I only experience these problems with the “ether1-wan” interface - ipv6 works as expected with all other interfaces.

This is on an RB750Gr2 running v6.39.2.

Does anyone have any insights into what may be happening here, or how to troubleshoot further?

ZeroByte · July 14, 2017, 4:37pm

I think it should be ping address=fe80::1%ether1-wan

In Winbox, you can specify just the fe80::1 as long as you specify an interface, but perhaps the command-line is not so forgiving.

sgilbert · July 14, 2017, 4:44pm

Thanks for the response ZeroByte!

Alas, using either command syntax returns the same error:

> /ping address=fe80::1%ether1-wan count=3 
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                  
    0                                                         invalid interface or local address                      
    1                                                         invalid interface or local address                      
    2                                                         invalid interface or local address                      
    sent=3 received=0 packet-loss=100%

ZeroByte · July 14, 2017, 5:36pm

What does the name ether3-mirror-wan imply?

If you have any kind of layer2 goings-on between ports 1 and 3, then this could possibly be behind your issue… (Basically, if ether3 is anything other than a stand-alone layer3 interface, then it shouldn’t have a link-local IPv6 address if my understanding of things is correct.

sgilbert · July 14, 2017, 7:45pm

Thanks again for your interest and response ZeroByte!

The ether3-mirror-wan interface is a “mirror” of the ether1-wan interface:

> /interface ethernet switch print detail 
Flags: I - invalid 
 0   name="switch1" type=QCA-8337 mirror-source=ether1-wan mirror-target=ether3-mirror-wan

I only configured this recently, to enable sniffing the traffic on ether1-wan to aide with troubleshooting. This interface is cabled to a computer so I can use tcpdump to capture the network traffic on ether1-wan, and this is how I know that no ipv6 traffic is ever leaving the ether1-wan interface.

Just to be sure, I temporarily removed the mirror configuration and the “invalid interface or local address” error remains unchanged.

I’d really like to understand what that “invalid interface or local address” message is trying to tell me. On the face of it, both the interface and address appear to be completely normal and valid. I cannot find any references to this error message on the internet. Perhaps someone with access to the source code could tell us more about what conditions trigger this message?

ZeroByte · July 14, 2017, 8:47pm

I’ve run into my own little arcane situation where something was broken and the reason wouldn’t have been apparent had my stuff not just been struck by lightning a few hours earlier…

One of my router’s eth interfaces was damaged in a way that apparently was causing it to loop frames back towards itself. Disabling the damaged interface fixed my problem.
The symptom I was facing was that I couldn’t apply any IPv6 addresses “from pool” to my LAN bridge interface. They would just stay red w/o any explanation as to why.

After looking in the logs, I saw some spanning tree error messages about duplicate MAC addresses from ether3 (the fried port). Disabling ether3 made the IPv6 address go active for me. The reason it was failing seems to have been due to DAD (duplicate address detection). It would’ve been nice if a flag came up on the invalid IPv6 address, such as “d” and mouse-over would reveal that d = duplicate address detected.

I’m about to fire up my GNS3 and see if I get similar results when trying to command-line ping to link-local addressing. (I’ve had difficulty with it in the past so I usually just use the GUI)
I’ll update if I can replicate your observed behavior and whether I figure out what’s wrong.

EDIT: I cannot get your exact error message. When I type something invalid, it just gives me a sort of “usage” statement

[admin@MikroTik] > ping fe80::1%eth1
invalid value for argument address:
    invalid value of mac-address, mac address required
    input does not match any value of interface
    while resolving ip-address: could not get answer from dns server

If I ping something that just isn’t there, then of course I get timeout - if I ping a link-local address w/o specifying the interface, I get some error message:

[admin@MikroTik] > ping fe80::4     
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                   
    0                                                         pinging IPv6 link-local address requires that interface is specified                     
    1                                                         pinging IPv6 link-local address requires that interface is specified                     
    sent=2 received=0 packet-loss=100%

This all leads me to believe that there’s some kind of layer2 connectivity between your physical interfaces, or else there’s a bridge involved and yet you have IPv6 addresses on each physical port anyway… Just on a hunch, enabled multiple interfaces, all of which got their own fe80:: addresses, but whenever I would add one of them to a bridge, it would be removed, and the bridge then received a link-local address.

I can’t think of anything more to suggest at this point, other than to say that perhaps you should try from winbox to see if you get any further clues.

sgilbert · July 17, 2017, 2:17pm

Thanks for all your ideas and suggestions ZeroByte! I still have not identified the source of my issue, but you’ve given me some things to think about and areas to investigate.

When I figure this out, I’ll update this thread to save someone someday some time and effort.

sgilbert · July 19, 2017, 2:23am

Just to “close the loop” on this for posterity:

I was never able to really understand the source of the problem or the true meaning of the cryptic error message.

I ended up reconfiguring the router to access the internet via ether2 instead of ether1 (updating all the other settings accordingly) and everything now works as expected. The problematic ether1 interface is now un-used.

shrug

ZeroByte · July 19, 2017, 1:37pm

My money’s still on there being some switch rule (mirror to CPU sort of thing), or bridge or switch maser/slave thing that has ether1 bonded to something else. The key piece of information is that there’s a link-local address on ether1 and ether3.

At least you got things working, though.