Hi all,
I'm busy with the tunnebroker's ipv6 brokers.
This is my situation:
linux server
eth1 Link encap:Ethernet HWaddr 00:07:E9:05:16:FA
inet addr:77.249.150.212 Bcast:77.249.150.255 Mask:255.255.255.0
inet6 addr: fe80::207:e9ff:fe05:16fa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:515961 errors:0 dropped:0 overruns:0 frame:0
TX packets:329168 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:305494218 (291.3 MiB) TX bytes:132382982 (126.2 MiB)
eth2 Link encap:Ethernet HWaddr 00:07:E9:05:16:FB
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:470:d5af::1/48 Scope:Global
inet6 addr: fe80::207:e9ff:fe05:16fb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:379403 errors:0 dropped:0 overruns:0 frame:0
TX packets:507452 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54381808 (51.8 MiB) TX bytes:418808062 (399.4 MiB)
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:1f14:110e::2/64 Scope:Global
inet6 addr: fe80::4df9:9642/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:23390 errors:0 dropped:0 overruns:0 frame:0
TX packets:22930 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2247419 (2.1 MiB) TX bytes:2342599 (2.2 MiB)
I can ping the ipv6 addresses from behind the server to an ipv6 in my internal network.
But if i ping from an box on my internal network to an external ipv6 address i get with some ip addresse an time out.
With 2a00:1450:4007:803::1013 i got response
and with 2a00:1450:4007:803::1011 i get an time out.
Can any help me.
Kind regards,
Daiman
Have you enabled ipv6 forwarding in sysctl.conf?
Are the hosts on the lan configured with a /48 netmask?
I can ping6 2001:470:d5af::1 so the /48 is definitely correctly routed to your side of the tunnel.
EDIT - also I can ping both 2a00:1450:4007:803::1013 and 2a00:1450:4007:803::1011 from native HE IPv6 colo, so they should respond to a tunnel
The routing is enabled ofcourse
[root@ams proc]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.forwarding = 1
the internal hosts has an ipv6 in the /48 range
like 2001:470:d5af::beef:1
and gateway 2001:470:d5af::1
I cannot ping6 2001:470:d5af::beef:1
--- 2001:470:d5af::beef:1 ping statistics ---
19 packets transmitted, 0 received, 100% packet loss, time 17999ms
Any ip6tables rules on your linux machine with the tunnel? Anything on 2001:470:d5af::beef:1 filtering ICMPv6?
i have my ip6tables off
Quote
inet6 addr: 2001:470:d5af::1/48 Scope:Global
I don't think this is right...what are you trying to do here?
that is the gateway ipv6 for the internal hosts
What is not right?
the /48.
I assume what you're trying to do is assign an address to this adapter so you can route to/from it. If that's the case, you need to pick a /64 and assign an address from there...in your case, something like 2001:470:d5af:1::1/64 would work.
When you do the routing you can use the whole /48, but when you assign an address, it has to be a /64
i have tryed it but won't work
Well I can tell you it won't work the way it is now.
Did you email HE to make sure it was allocated and routed correctly?
You do need to route the /48 though...you don't need to manually route the /64 because it's on link, but you will need to route the whole /48.
Why don't you change it back to /64 and post a copy of your routing tables
It doesn't *have* to be a /64, he can burn the entire /48 on a link. OVH and FDC have been doing that for years much to their customers' dismay and complaint ;) He is doing static IP configuration, so as long as it is configured for the correct range it should work (or else you couldn't ping that gateway address he configured).
However he has said that he can ping6 1 external address, but not another. If you could do some traces from your lan machine to either address, see where the one that doesn't reply times out.
Quote from: cholzhauer on June 25, 2012, 08:15:42 AM
Well I can tell you it won't work the way it is now.
Did you email HE to make sure it was allocated and routed correctly?
I did say that I can ping6 his lan gateway IP in the /48:
~$ mtr 2001:470:d5af::1 -c 1 -r
HOST: ipvsixme Loss% Snt Last Avg Best Wrst StDev
1.|-- f0-6.switch14.fmt2.he.net 0.0% 1 0.7 0.7 0.7 0.7 0.0
2.|-- 10gigabitethernet8-4.core 0.0% 1 0.6 0.6 0.6 0.6 0.0
3.|-- 10gigabitethernet1-1.core 0.0% 1 9.9 9.9 9.9 9.9 0.0
4.|-- 10gigabitethernet3-3.core 0.0% 1 40.4 40.4 40.4 40.4 0.0
5.|-- 10gigabitethernet8-2.core 0.0% 1 61.2 61.2 61.2 61.2 0.0
6.|-- 10gigabitethernet7-2.core 0.0% 1 76.6 76.6 76.6 76.6 0.0
7.|-- 10gigabitethernet1-2.core 0.0% 1 144.1 144.1 144.1 144.1 0.0
8.|-- 10gigabitethernet5-2.core 0.0% 1 148.6 148.6 148.6 148.6 0.0
9.|-- tserv1.ams1.he.net 0.0% 1 155.2 155.2 155.2 155.2 0.0
10.|-- ams.ip6.bitshosting.nl 0.0% 1 165.1 165.1 165.1 165.1 0.0
You *can* use /48 on links and hosts, it just isn't very conservative.
1 <1 ms <1 ms <1 ms ams.ip6.bitshosting.nl [2001:470:d5af::1]
2 29 ms 17 ms 15 ms Bitshostingnl-2.tunnel.tserv11.ams1.ipv6.he.net
[2001:470:1f14:110e::1]
3 13 ms 17 ms 12 ms gige-g2-13.core1.ams1.he.net [2001:470:0:7d::1]
4 11 ms 15 ms 14 ms amsix-router.google.com [2001:7f8:1::a501:5169:1
]
5 22 ms 10 ms 13 ms 2001:4860::1:0:8
6 11 ms 11 ms 28 ms 2001:4860::8:0:2daf
7 19 ms 23 ms 29 ms 2001:4860::8:0:2ac4
8 34 ms 27 ms 61 ms 2001:4860::8:0:3df4
9 105 ms 26 ms 42 ms 2001:4860::1:0:9f2
10 24 ms 40 ms 24 ms 2001:4860:0:1::225
11 23 ms 24 ms 23 ms par03s02-in-x13.1e100.net [2a00:1450:4007:803::1
013]
De trace is voltooid.
this is the working one.
1 * * * Time-out bij opdracht.
2 * * * Time-out bij opdracht.
3 15 ms 49 ms 13 ms gige-g2-13.core1.ams1.he.net [2001:470:0:7d::1]
4 12 ms 77 ms 14 ms amsix-router.google.com [2001:7f8:1::a501:5169:1
]
5 19 ms 15 ms 25 ms 2001:4860::1:0:4b3
6 14 ms 14 ms 31 ms 2001:4860::8:0:2db0
7 20 ms 21 ms 23 ms 2001:4860::8:0:2ac4
8 32 ms 25 ms 25 ms 2001:4860::8:0:3df4
9 40 ms 24 ms 73 ms 2001:4860::1:0:9f2
10 34 ms 33 ms 33 ms 2001:4860:0:1::225
11 22 ms 27 ms 23 ms par03s02-in-x11.1e100.net [2a00:1450:4007:803::1
011]
De trace is voltooid.
this is the one were i cant ping to it
Ok, but your trace shows that you reached it. I think Google does at times filter things oddly. Some hosts ping, other times UDP traces stop short of the destination, etc. Not certain why your linux box/router and the tserv don't reply in your traceroute, but the Google destination certainly did. I think this is a non-problem unless you are getting sent to 2a00:1450:4007:803::1011 when browsing Google, and the page isn't loading. Try a tracepath6 to the destination and see if there is any mtu mangling along the way. If you are behind pppoe you can try tuning the HE side of the tunnel to 1472 (in the broker's webUI), and then set your he-ipv6 tunnel interface to that as well.
the linux server is on a public network.
on the linux server what funging as router can ping, wget, traceroute and tracepath.
but on my pc what has an ipv6 i got problems with it.
Is there any way to fix it.
its not only with google it is on more websites with ipv6
If it is more than just Google failing to load on your lan machine, then muck around with mtu on both sides of the tunnel until it works? On HE's side you default at 1480 and can pick from 1472 for pppoe issues where your IPv4 mtu is 1492 and not 1500, or 1280 which is the minimum.
That was not working.
But i have now an static route for my ipv6 tunneling
ip -6 route add 2001:470:d5af::/48 via 2001:470:1f14:110e::1
and now it is working
What? That reads like a route-loop, on HE's side the /48 is routed to 2001:470:1f14:110e::2, and now you've set a static route back to 2001:470:1f14:110e::1 for it? Not certain how that fixed things for lan clients. Or are you saying you added that to your client machine on the lan?
I am exploring ipv6 as a noob, but I'm a bright guy otherwise.
My leaf computers couldn't reach the world until I configured radvd, then things worked without any<<< much grief. His description reminds me of that experience.
I tried tracepath6 to the OPs machine with success.
aubrey@recovery:/etc/network$ sudo tracepath6 2001:470:d5af::1
1?: [LOCALHOST] pmtu 1480
1: amcintosh-1.tunnel.tserv9.chi1.ipv6.he.net 34.287ms
1: amcintosh-1.tunnel.tserv9.chi1.ipv6.he.net 37.042ms
2: gige-g3-4.core1.chi1.he.net 25.683ms
3: 10gigabitethernet7-2.core1.nyc4.he.net 48.349ms
4: 10gigabitethernet1-2.core1.lon1.he.net 121.884ms
5: 10gigabitethernet5-2.core1.ams1.he.net 120.398ms
6: tserv1.ams1.he.net 126.967ms
7: ams.ip6.bitshosting.nl 133.180ms reached
Resume: pmtu 1480 hops 7 back 58
I tried the two addresses he tried, with failures.
aubrey@recovery:/etc/network$ sudo tracepath6 2a00:1450:4007:803::1013
1?: [LOCALHOST] pmtu 1480
1: amcintosh-1.tunnel.tserv9.chi1.ipv6.he.net 47.820ms
1: amcintosh-1.tunnel.tserv9.chi1.ipv6.he.net 30.563ms
2: gige-g3-4.core1.chi1.he.net 40.540ms
3: no reply
4: no reply
...
30: no reply
31: no reply
Too many hops: pmtu 1480
Resume: pmtu 1480
Same for the other address.
I'm not real sure what your question is...some more info would be nice too...like routing tables and interface configs