In my home network I have a EdgeRouter 4 connected to a SonicWall TZ600 firewall. The SonicWall is "core" of my network, it connects to my cable modem via its X1 interface. My internal network is connected to the X0, X3, X4 interfaces that are configured as shared switch ports. The ER4 eth0 interface is connected to the X2 interface of the SonicWall. The ER4 is I have OSPFv2 and OSPFv3 running between the SonicWall and ER4. All of the IPv4 routing works as expected. I also have a 4 VM Cumulus BGP Spine/Leaf setup that is using OSPF and OSPFv3 with the SonicWall on a VLAN sub-interface X0.123 via one of the virtual leaf VMs.
I am getting a /56 prefix delegation from my ISP and I have broken this up into various /64 networks. I also have a /64 prefix HE Tunnel interface on the ER4 that I have excluded from OSPFv3.
The issue I am having is that as soon as I put an non-Link Local IPv6 address on one one of the ER4 interfaces or Cumulus VM interfaces that is not physically also on SonicWall all IPv6 traffic that hits the SonicWall is routed to the interface that has the non-Link Local IPv6 address. Looking at the IPv6 routes that I get via OSPFv3 on the SonicWall I just get a route for the /64 network of the address I bind to the interface on the ER4 or Cumulus routers.
I have IPv6 RA enabled on the SonicWall but disabled on the ER4 and Cumulus interfaces. I am advertising both connected and learned routes on both the SonicWall, ER4 and Cumulus. I have a default route ::/0 on the SonicWall going to my ISP IPv6 gateway.
I have tried putting a static route ::/0 on the ER4 to the SonicWall X2 interface address.
I can't seem to get IPv6 routing to work. The only thing I have not done is disable OSPFv3 and put in static routes.
I have no idea what is going on I welcome any suggestions or ideas that might help. IPv4 throughout this setup works perfectly.
- July 16, 2019, 02:07:09 PM
- Welcome, Guest
News:
Welcome to Hurricane Electric's Tunnelbroker.net forums!
|
1
on: July 16, 2019, 12:18:30 PM
|
||
| Started by charleslacour - Last post by charleslacour | ||
|
2
Tunnelbroker.net Specific Topics / Questions & Answers / Re: websites blocked through IPv6 tunnel by Cloudflare
on: July 12, 2019, 09:45:21 AM
|
||
| Started by bartgrefte - Last post by mrpippy | ||
|
I'm also having this problem, my IPv6 IP (from the Los Angeles tunnel broker) is geolocating to China/Hong Kong
|
||
|
3
on: July 09, 2019, 07:55:31 AM
|
||
| Started by user71 - Last post by user71 | ||
|
firewall,info forward: in:6to4-tunnel2he out:6to4-tunnel2he
|
||
|
4
on: July 09, 2019, 04:32:34 AM
|
||
| Started by user71 - Last post by cholzhauer | ||
|
Everyone gets a /64 by default. If you don't need it, don't use it.
|
||
|
5
on: July 09, 2019, 04:01:08 AM
|
||
| Started by user71 - Last post by user71 | ||
|
today, somebody decide to scan my not usable routed /64 prefix. I dont't use it and don't have specific route for it. the packet arived to my router, router lookup up in routing table for /64 prefix and send it to default route, back to you 1/128 then there is a route loop....
|
||
|
6
on: July 09, 2019, 03:49:36 AM
|
||
| Started by user71 - Last post by user71 | ||
|
Hi. I recently create 6to4 tunnel and get Routed /64 Routed /48 Prefixes in Tunnel Details. I have 8 subnets that's because i choose Routed /48. and i don't understand what is the Routed /64? why you give me that? In /48 i have many /64
|
||
|
7
on: July 08, 2019, 11:27:23 PM
|
||
| Started by dominix - Last post by snarked | ||
|
Use the routed /64 reverse. Example:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.d.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 1d IN PTR snarked-1.subnet.ipv6.he.net. |
||
|
8
on: July 08, 2019, 05:10:19 PM
|
||
| Started by dominix - Last post by dominix | ||
|
;; ANSWER SECTION:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.3.3.0.a.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN PTR tunnel61427-pt.tunnel.tserv14.sea1.ipv6.he.net. how do I proceed ? |
||
|
9
General IPv6 Topics / IPv6 on Linux & BSD & Mac / Re: Two hosts with two different tunnels - one small Q:
on: July 08, 2019, 05:23:26 AM
|
||
| Started by tMHru - Last post by cholzhauer | ||
|
You have to have a router somewhere...the thing that's hosting your IPv6 tunnel.
|
||
|
10
General IPv6 Topics / IPv6 on Linux & BSD & Mac / Re: Two hosts with two different tunnels - one small Q:
on: July 06, 2019, 06:05:51 AM
|
||
| Started by tMHru - Last post by tMHru | ||
Can the non-working computer ping the router ahead of it? I have no router, but switch with 16 ports instead. Yes, from 2nd host I can ping ipv6.google.com, I can ping :2 - remote gw of he.net, and I can ping 1st host ipv6 addresses, and vice versa - when I ping three v6 addresses on 2nd host from 1st host the pings passing ok. Moreover, I did tests with IRC server connections, and this is what I received: >irc *635 -h 2001:470:28:*::123 efnet.portlane.se *** Connecting to port 6667 of server efnet.portlane.se *** Couldn't bind to IRCHOST [ Whois *635!*@tunnel*-pt.tunnel.tserv24.sto1.ipv6.he.net (Network) ] -- I tried to connect with this ::123 host to efnet.portlane.se (v6 compatible server), but I get "Couldn't bind to IRCHOST" and then I get connection with default :2 host as you see, which is resolved. Another test with standard telnet: >telnet -b 2001:470:28:*::90 efnet.portlane.se 6667 Trying 2a00:1a28:1100:7::1337... Connected to efnet.portlane.se. Escape character is '^]'. NOTICE AUTH :*** Processing connection to efnet.portlane.se NOTICE AUTH :*** Looking up your hostname... NOTICE AUTH :*** Checking Ident NOTICE AUTH :*** Couldn't look up your hostname NOTICE AUTH :*** Got Ident response -- as you can notice - the connection passes ok, even irc server drop me notice about unresolved host which is :90 one. At first I thought it was ircII (irc client) problem - but I compiled newest version and got the same "Couldn't bind to IRCHOST". Any ideas?  I still wonder - why 1st host have this "ip6tnl0" in ip list while 2nd host does not... |
||