One is a comcast 6to4. it looks configured correctly. multiple hosts can browse sites like ipv6.google.com and http://ipv6.whatismyipv6.net/?s=browser_environment
The other is a hurricane electric tunnel. it too lets multiple hosts browse the same sites.
But when a host from one tries to ping or traceroute or nmap or connect to port 80, it times out.
e.g.
from 2001:470:1f11:3bb:213:20ff:fe61:e7d4/64
jrwren@baltar:~$ ping6 2002:47ee:e061:1:e1ae:efe8:df4b:968a
PING 2002:47ee:e061:1:e1ae:efe8:df4b:968a(2002:47ee:e061:1:e1ae:efe8:df4b:968a) 56 data bytes
^C
--- 2002:47ee:e061:1:e1ae:efe8:df4b:968a ping statistics ---
17 packets transmitted, 0 received, 100% packet loss, time 16127ms
jrwren@baltar:~$ traceroute6 2002:47ee:e061:1:e1ae:efe8:df4b:968a
traceroute to 2002:47ee:e061:1:e1ae:efe8:df4b:968a (2002:47ee:e061:1:e1ae:efe8:df4b:968a) from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, 30 hops max, 16 byte packets
1 2001:470:1f11:3bb::1 (2001:470:1f11:3bb::1) 3.229 ms 0.343 ms 0.248 ms
2 jrwren-2.tunnel.tserv9.chi1.ipv6.he.net (2001:470:1f10:3bb::1) 61.931 ms 58.821 ms 59.188 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
from 2002:47ee:e061:1:e1ae:efe8:df4b:968a/64
jrwren@delays:{4}~/src/openwrt $ ping6 2001:470:1f11:3bb:213:20ff:fe61:e7d4
PING 2001:470:1f11:3bb:213:20ff:fe61:e7d4(2001:470:1f11:3bb:213:20ff:fe61:e7d4) 56 data bytes
^C
--- 2001:470:1f11:3bb:213:20ff:fe61:e7d4 ping statistics ---
82 packets transmitted, 0 received, 100% packet loss, time 81091ms
jrwren@delays:{4}~/src/openwrt $ traceroute6 2001:470:1f11:3bb:213:20ff:fe61:e7d4
traceroute to 2001:470:1f11:3bb:213:20ff:fe61:e7d4 (2001:470:1f11:3bb:213:20ff:fe61:e7d4) from 2002:47ee:e061:1:210:b5ff:feb1:1a6e, 30 hops max, 24 byte packets
1 2002:47ee:e061:1::1 (2002:47ee:e061:1::1) 0.424 ms 0.394 ms 0.345 ms
2 2002:c058:6301:: (2002:c058:6301::) 277.793 ms 246.361 ms 429.501 ms
3 ge-6-28-ur05.area4.il.chicago.comcast.net (2001:558:fe04:1::1) 278.378 ms 294.549 ms 290.968 ms
4 te-8-2-ur04.area4.il.chicago.comcast.net (2001:558:300:55::1) 324.476 ms 352.136 ms 451.184 ms
5 te-1-3-0-0-ar01.elmhurst.il.chicago.comcast.net (2001:558:300:56::2) 494.39 ms 401.255 ms 472.648 ms
6 pos-0-7-0-0-ar01.indianapolis.in.indiana.comcast.net (2001:558:300:138::2) 316.961 ms 405.678 ms 380.116 ms
7 2001:558:0:f6ab::1 (2001:558:0:f6ab::1) 558.226 ms 330.829 ms 420.681 ms
8 pos-0-3-0-0-pe01.56marietta.ga.ibone.comcast.net (2001:558:0:f5e1::2) 325.719 ms 394.291 ms 582.615 ms
9 * * *
10 * * *
11 gige-g3-16.core1.ash1.he.net (2001:470:0:191::1) 541.701 ms 398.324 ms 432.189 ms
12 10gigabitethernet1-2.core1.nyc4.he.net (2001:470:0:36::2) 311.117 ms 344.03 ms 519.227 ms
13 10gigabitethernet1-2.core1.chi1.he.net (2001:470:0:4e::1) 405.022 ms 464.816 ms 472.198 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 *
In the process of writing this post i realized that on the 2002:47ee:e061:1::/64 router I was missing a default route. it just turns out that most of the ipv6 hosts that i know of did have routes.
Now I think something must be configured wrong with my he tunnel.
its route table looks like this:
2001:470:1f10:3bb::/64 via :: dev he-ipv6 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:1f11:3bb::/64 dev br0 proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 4294967295
fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev wifi0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev ath0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev wifi1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev ath1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 mtu 1480 advmss 1420 hoplimit 4294967295
unreachable default dev lo proto kernel metric -1 error -128 hoplimit 255
ff00::/8 dev br0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev wifi0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev ath0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev wifi1 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev ath1 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev he-ipv6 metric 256 mtu 1480 advmss 1420 hoplimit 4294967295
unreachable default dev lo proto kernel metric -1 error -128 hoplimit 255
its addresses look like this:
1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::c23f:eff:fe8d:3d9c/64 scope link
valid_lft forever preferred_lft forever
5: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::c23f:eff:fe8d:3d9d/64 scope link
valid_lft forever preferred_lft forever
6: wifi0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::c23f:eff:fe8d:3d9c/64 scope link
valid_lft forever preferred_lft forever
7: wifi1: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::c23f:eff:fe8d:3d9e/64 scope link
valid_lft forever preferred_lft forever
8: br0: <BROADCAST,MULTICAST,PROMISC,UP,10000> mtu 1500
inet6 2001:470:1f11:3bb::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c23f:eff:fe8d:3d9c/64 scope link
valid_lft forever preferred_lft forever
18: ath0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::c23f:eff:fe8d:3d9c/64 scope link
valid_lft forever preferred_lft forever
19: ath1: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::c23f:eff:fe8d:3d9e/64 scope link
valid_lft forever preferred_lft forever
22: he-ipv6: <POINTOPOINT,NOARP,UP,10000> mtu 1480
inet6 2001:470:1f10:3bb::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ad0e:24d1/128 scope link
valid_lft forever preferred_lft forever
The HE side seems to be working
[carl@mars ~]$ ping6 2001:470:1f11:3bb:213:20ff:fe61:e7d4
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:1f11:3bb:213:20ff:fe61:e7d4
16 bytes from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, icmp_seq=0 hlim=61 time=99.937 ms
16 bytes from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, icmp_seq=1 hlim=61 time=108.854 ms
16 bytes from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, icmp_seq=2 hlim=61 time=108.914 ms
16 bytes from 2001:470:1f11:3bb:213:20ff:fe61:e7d4, icmp_seq=3 hlim=61 time=104.931 ms
^C
--- 2001:470:1f11:3bb:213:20ff:fe61:e7d4 ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 99.937/105.659/108.914/3.677 ms
If I had to wager a guess, I'd say it's the 6to4 stuff that isn't working as I can't ping any of the addresses you listed, but I can ping every HE address you listed.
thanks for that.
i saw on twitter that comcast was having network issues last night, maybe that includes their 6to4
The strange part is that i from those comcast 6to4 addresses i could browse ipv6 websites, but i couldn't browse a website on that he tunnel.
Is there a default route on the HE side?
Or is this it?
default dev he-ipv6 metric 1024 mtu 1480 advmss 1420 hoplimit 4294967295
that is it.