The tunnel is up but I can not ping the remote ipv6 tunnel endpoint. I see no input packets across the tunnel. Trying to ping or access any IPV6 across the tunnel also fails.
Specifics for tunnel as supplied:
IPv6 Tunnel Endpoints
Server IPv4 Address:184.105.253.14
Server IPv6 Address:2001:470:1f10:d93::1/64
Client IPv4 Address:162.230.214.65
Client IPv6 Address:2001:470:1f10:d93::2/64
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F10:D93::2/64
ipv6 enable
ipv6 virtual-reassembly in
tunnel source 162.230.214.65
tunnel mode ipv6ip
tunnel destination 184.105.253.14
end
c2800-1#show int tun 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Description: Hurricane Electric IPv6 Tunnel Broker
MTU 17920 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 162.230.214.65, destination 184.105.253.14
Tunnel protocol/transport IPv6/IP
Tunnel TTL 255
Tunnel transport MTU 1480 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output 00:01:20, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 21
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
254 packets output, 23856 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
c2800-1#
System image file is "flash:c2800nm-advipservicesk9-mz.151-4.M8.bin"
c2800-1#ping 184.105.253.14 <---- HE IPV4 Tunnel endpoint
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 184.105.253.14, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/52 ms
c2800-1#
c2800-1#ping ipv6 2001:470:1f10:d93::2 <--- MY IPV6 END OF THE TUNNEL
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:D93::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
c2800-1#
c2800-1#ping ipv6 2001:470:1f10:d93::1 <--- HE IPV6 END OF THE TUNNEL
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:1F10:D93::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
c2800-1#
IPV6 ICMP DEBUG - No return traffic :-(
12124475: Jan 6 22:11:13.374 est: ICMPv6: Sent echo request, Src=2001:470:1F10:D93::2, Dst=2001:470:1F10:D93::1
12124476: Jan 6 22:11:13.374 est: IPV6: source 2001:470:1F10:D93::2 (local)
12124477: Jan 6 22:11:13.374 est: dest 2001:470:1F10:D93::1 (Tunnel0)
12124478: Jan 6 22:11:13.374 est: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating
12124479: Jan 6 22:11:13.374 est: IPv6-Fwd: Created tmp mtu cache entry for 2001:470:1F10:D93::2 2001:470:1F10:D93::1 00000000
12124480: Jan 6 22:11:13.374 est: IPv6-Fwd: Sending on Tunnel0
12124481: Jan 6 22:11:15.374 est: IPv6-Fwd: Destination lookup for 2001:470:1F10:D93::1 : i/f=Tunnel0, nexthop=2001:470:1F10:D93::1
12124482: Jan 6 22:11:15.374 est: IPv6-Sas: SAS picked source 2001:470:1F10:D93::2 for 2001:470:1F10:D93::1 (Tunnel0)
12124483: Jan 6 22:11:15.374 est: ICMPv6: Sent echo request, Src=2001:470:1F10:D93::2, Dst=2001:470:1F10:D93::1
12124484: Jan 6 22:11:15.374 est: IPV6: source 2001:470:1F10:D93::2 (local)
12124485: Jan 6 22:11:15.374 est: dest 2001:470:1F10:D93::1 (Tunnel0)
12124486: Jan 6 22:11:15.374 est: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating
12124487: Jan 6 22:11:15.374 est: IPv6-Fwd: Sending on Tunnel0
12124488: Jan 6 22:11:17.374 est: IPv6-Fwd: Destination lookup for 2001:470:1F10:D93::1 : i/f=Tunnel0, nexthop=2001:470:1F10:D93::1
12124489: Jan 6 22:11:17.374 est: IPv6-Sas: SAS picked source 2001:470:1F10:D93::2 for 2001:470:1F10:D93::1 (Tunnel0)
12124490: Jan 6 22:11:17.374 est: ICMPv6: Sent echo request, Src=2001:470:1F10:D93::2, Dst=2001:470:1F10:D93::1
12124491: Jan 6 22:11:17.374 est: IPV6: source 2001:470:1F10:D93::2 (local)
12124492: Jan 6 22:11:17.374 est: dest 2001:470:1F10:D93::1 (Tunnel0)
12124493: Jan 6 22:11:17.374 est: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating
12124494: Jan 6 22:11:17.374 est: IPv6-Fwd: Sending on Tunnel0
What am I missing?
Thanks!
ipv6 unicast routing
I wish "ipv6 unicast-routing" was missing but it not.
I can see the tunnels subnet 2001:470:1F10:D93::/64 and the default route ::/0 are directly correctly connected to the tunnel and I have connectivity from hosts on my LAN interface to 2001:470:1f10:d93::2/64 (my side of the tunnel) - The router just will not output any packets across the tunnel :-(
I can't find any problems documenting issues with the 15.x train on CCO but if there are no other ideas I will try downgrading to 124-24.T7 on post back later this week.
Thanks for you reply!
c2800-1#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, ND - Neighbor Discovery, l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S ::/0 [1/0]
via Tunnel0, directly connected
C 2001:470:1F10:D93::/64 [0/0]
via Tunnel0, directly connected
L 2001:470:1F10:D93::2/128 [0/0]
via Tunnel0, receive
C 2001:470:C4B8::/48 [0/0]
via GigabitEthernet0/1, directly connected
L 2001:470:C4B8::1/128 [0/0]
via GigabitEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
c2800-1#
what is "ipv6 virtual-reassembly in". I've never put that on a cisco tunnel interface.
I removed "ipv6 virtual-reassembly in" for the tunnel interface.
I did have a NAT configured when I first tried to bring the tunnel up and removed that when I ran into any issue. I obviously stared right at it and didn't notice it. Good catch.
ip virtual-reassembly gets added automatically when you configure NAT on an interface. This appears to be introduced in 12.3(8)
http://www.cisco.com/c/en/us/td/docs/ios/sec_data_plane/configuration/guide/12_4/sec_data_plane_12_4_book/sec_virt_frag_reassm.pdf
"Virtual fragmentation reassembly (VFR) enables the Cisco IOS Firewall to create the appropriate
dynamic ACLs, thereby, protecting the network from various fragmentation attacks. "
"VFR is designed to work with any feature that requires fragment reassembly (such as Cisco IOS Firewall
and NAT). Currently, NAT enables and disables VFR internally; that is, when NAT is enabled on an
interface, VFR is automatically enabled on that interface."
Current Tunnel0 config:
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F10:D93::2/64
ipv6 enable
tunnel source 162.230.214.65
tunnel mode ipv6ip
tunnel destination 184.105.253.14
end
Removing it from the interface did NOT fix my issue. I can still not pass any traffic across the tunnel.
It looks like downgrading may be my next best option to test. I have never had an issue like this bringing up a tunnel to HE from a Cisco device.
Thank you for your reply.