Have a router with debian squeeze and desktops in /48 routed subnet (currently i use one /64 with 2001:470:dc05:0000 prefix). I can reach any ipv6 site on the Internet except www.ietf.org from routed subnet. It works though if I try to reach it from my router directly.
from router [OK]
traceroute to www.ietf.org (2001:1890:1112:1::1e), 30 hops max, 80 byte packets
1 2001:470:27:92c::1 81.123 ms
2 2001:470:0:11e::1 80.873 ms
3 2001:470:0:110::1 105.347 ms
4 2001:470:0:1d2::1 126.161 ms
5 2001:470:0:3e::1 184.776 ms
6 2001:470:0:1dd::2 185.141 ms
7 ::ffff:12.122.81.110 196.694 ms
8 ::ffff:12.122.3.38 196.566 ms
9 ::ffff:12.123.10.250 196.500 ms
10 *
11 2001:1890:1112:1::1e 283.030 ms
from routed subnet [fail]
traceroute to www.ietf.org (2001:1890:1112:1::1e) from 2001:470:dc05:0:222:15ff:fec5:f34a, 30 hops max, 16 byte packets
1 2001:470:dc05::1 3.706 ms
2 2001:470:27:92c::1 81.379 ms
3 2001:470:0:11e::1 78.641 ms
4 2001:470:0:110::1 104.555 ms
5 2001:470:0:1d2::1 119.665 ms
6 2001:470:0:3e::1 182.723 ms
7 2001:470:0:1dd::2 183.04 ms
8 ::ffff:12.122.81.110 192.917 ms
9 ::ffff:12.122.3.38 192.847 ms
10 ::ffff:12.123.10.250 192.538 ms
11 *
12 *
13 *
14 *
Is that an external routing problem?
But if i make ping packets on my router to originate from routed subnet (not from tunnel endpoint) I will still receive the reply
PING 2001:1890:1112:1::1e(2001:1890:1112:1::1e) from 2001:470:dc05::1 : 56 data bytes
64 bytes from 2001:1890:1112:1::1e: icmp_seq=1 ttl=51 time=702 ms
pings from desktops remain unreplied. tcpdump on tunnel interface shows pings going out, but never returning back. Netfilter logs didn't show any filtered packets.
So I'm kind of at loss here. What could be the problem?
Here is routing table of my router
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:470:27:92c::1/128 :: U 1024 0 1 he-ipv6
2001:470:27:92c::/64 :: Un 256 0 0 he-ipv6
2001:470:dc05::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: Un 256 0 0 he-ipv6
::/0 2001:470:27:92c::1 UG 1024 0 4306 he-ipv6
::/0 :: !n -1 1 66785 lo
::1/128 :: Un 0 1 362 lo
2001:470:27:92c::/128 :: Un 0 1 0 lo
2001:470:27:92c::2/128 :: Un 0 1 10379 lo
2001:470:dc05::/128 :: Un 0 1 5 lo
2001:470:dc05::1/128 :: Un 0 1 5453 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::c3d0:dbe3/128 :: Un 0 1 0 lo
fe80::250:baff:fe47:5c11/128 :: Un 0 1 0 lo
fe80::280:48ff:fe2c:8da6/128 :: Un 0 1 1586 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 he-ipv6
::/0 :: !n -1 1 66785 lo
and desktop
Destination Next Hop Flag Met Ref Use If
2001:470:dc05::/64 :: UAe 256 0 185 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 fe80::280:48ff:fe2c:8da6 UGDAe 1024 0 1029 eth0
::/0 :: !n -1 1 3468 lo
::1/128 :: Un 0 7 222 lo
2001:470:dc05::2/128 :: Un 0 1 17 lo
2001:470:dc05:0:222:15ff:fec5:f34a/128 :: Un 0 1 24002 lo
fe80::222:15ff:fec5:f34a/128 :: Un 0 1 73 lo
ff00::/8 :: U 256 0 0 eth0
::/0 :: !n -1 1 3468 lo
It's not just you
traceroute6 to www.ietf.org (2001:1890:1112:1::1e) from 2001:470:c27d:e000:20c:29ff:fe8a:1618, 64 hops max, 12 byte packets
1 *
2001:470:c27d:d000:2e0:81ff:fe79:f4c4 2.105 ms 0.554 ms
2 servicespring-1.tunnel.tserv9.chi1.ipv6.he.net 25.616 ms 23.588 ms 24.297 ms
3 gige-g3-4.core1.chi1.he.net 20.810 ms 20.440 ms 20.642 ms
4 * * *
5 * * *
6 * * *
7 * * *
^C
^ I think you killed it a bit early is all, its working here
Tracing route to www.ietf.org [2001:1890:1112:1::1e]
over a maximum of 30 hops:
3 79 ms 36 ms 38 ms gige-g3-4.core1.chi1.he.net [2001:470:0:6e::1]
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 152 ms 151 ms 151 ms mail.ietf.org [2001:1890:1112:1::1e]
Pinging www.ietf.org [2001:1890:1112:1::1e] with 32 bytes of data:
Reply from 2001:1890:1112:1::1e: time=179ms
Reply from 2001:1890:1112:1::1e: time=153ms
Also having been having problems reaching www.ietf.org and rfc-editor.org via IPv6.
www.ietf.org sometimes works. Haven't gotten http://www.rfc-editor.org to work.
This might be an AT&T (or IETF) routing issue. Note that www.rfc-editor.org and www.ietf.org are on the same /64.
traceroute6 to www.ietf.org (2001:1890:1112:1::1e):
...
3 gige-g4-12.core1.ash1.he.net 38.342 ms 41.135 ms 38.628 ms
4 10gigabitethernet1-2.core1.nyc4.he.net 60.567 ms 43.998 ms 44.519 ms
5 as7018-att.10gigabitethernet2-3.core1.nyc4.he.net 46.220 ms 46.575 ms 45.124 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 mail.ietf.org 142.117 ms 143.573 ms 141.785 ms
-------------
http://www.rfc-editor.org still doesn't work, but I think that is an AT&T issue.
traceroute6 to www.rfc-editor.org (2001:1890:1112:1::2f) :
...
3 gige-g4-12.core1.ash1.he.net 39.436 ms 46.064 ms 49.402 ms
4 10gigabitethernet1-2.core1.nyc4.he.net 43.630 ms 52.138 ms 58.112 ms
5 as7018-att.10gigabitethernet2-3.core1.nyc4.he.net 46.551 ms 45.812 ms 44.180 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 2001:1890:1fff:fffd::1 68.000 ms 65.427 ms *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
^C
Ugh, AT&T joins Cogent on the list of networks that think using IPv4-mapped IPv6 addresses on their routers' interfaces is somehow a good idea.
A HE.NET network engineer contacted AT&T about this on the 27th, and I personally don't know if he heard back directly. I've contacted AT&T about this with your provided information and mine, and hopefully AT&T will get this resolved shortly.
Please retest, as the IETF also was contacting AT&T to get this resolved and we are once again seeing end to end connectivity over IPv6.
It works! Thank you HE.
Now I can enjoy reading RFC's over ipv6 :)
$ traceroute6 -n -q 1 www.ietf.org
traceroute to www.ietf.org (2001:1890:1112:1::1e) from 2001:470:dc05:0:222:15ff:fec5:f34a, 30 hops max, 16 byte packets
1 2001:470:dc05::1 1.798 ms
2 2001:470:27:92c::1 80.774 ms
3 2001:470:0:11e::1 78.329 ms
4 2001:470:0:110::1 102.875 ms
5 2001:470:0:1d2::1 123.492 ms
6 2001:470:0:3e::1 190.459 ms
7 2001:470:0:1dd::2 182.711 ms
8 ::ffff:12.122.81.110 192.34 ms
9 ::ffff:12.122.3.38 192.099 ms
10 ::ffff:12.123.10.250 192.462 ms
11 *
12 *
13 2001:1890:1112:1::1e 280.195 ms