• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Routed IPv6 Prefixes Problem

Started by JulianR.B, January 21, 2020, 06:08:01 AM

Previous topic - Next topic

JulianR.B

I have a machine without IPv6 connectivity (openSUSE linux) and have a tunnel working fine to the outside IPv6 world. My tunnel is 2001:470:**06:****::2 locally.

I want to set up a local IPv6 network using the "Routed IPv6 Prefixes". To that end I have created an interface and given it an address 2001:470:**07:****::100 as per the reference page and enabled IPv6 routing on the machine.

I have then asked someone to access my machine and network from outside of my system. He can ping 2001:470:**06:****::1 as expected. But not 2001:470:**06:****::2 or 2001:470:**07:****::100 which I am supprised about.

Traceroute for the three addresses is as follows:

C:\WINDOWS\system32>TRACERT 2001:470:**06:****::1

Tracing route to tunnelXXXXXX.tunnel.tserv4.nyc4.ipv6.he.net [2001:470:**06:****::1]
over a maximum of 30 hops:

  1    22 ms    <1 ms    <1 ms  broadband.bt.com [2a00:23c5:b39e:****:21d:****:****:****]
  2     5 ms     5 ms     5 ms  2a00:2302::1100:203:209
  3     *        9 ms     9 ms  2a00:2302::1102:100:36
  4     *        *        *     Request timed out.
  5     9 ms     9 ms     9 ms  2a00:2380:3014:8000::1c
  6     9 ms     9 ms     *     core3-hu0-1-0-0.faraday.ukcore.bt.net [2a00:2380:14::9]
  7    11 ms     *        *     core4-l2.faraday.ukcore.bt.net [2a00:2380:3000:c::b]
  8     9 ms     8 ms     8 ms  2a00:2000:2066::84
  9     9 ms     9 ms     9 ms  40ge1-3.core1.lon2.he.net [2001:7f8:4::1b1b:1]
10    96 ms    91 ms    76 ms  100ge13-2.core1.nyc4.he.net [2001:470:0:2cf::2]
11    76 ms    76 ms    76 ms  tunnelXXXXXX.tunnel.tserv4.nyc4.ipv6.he.net [2001:470:**06:****::1]

Trace complete.

C:\WINDOWS\system32>TRACERT 2001:470:**06:****::2

Tracing route to tunnelXXXXXX-pt.tunnel.tserv4.nyc4.ipv6.he.net [2001:470:**06:****::2]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  broadband.bt.com [2a00:23c5:b39e:****:21d:****:****:****]
  2     5 ms     5 ms     5 ms  2a00:2302::1100:203:209
  3     *        9 ms     9 ms  2a00:2302::1102:100:32
  4    10 ms    10 ms    10 ms  2a00:2302::1102:100:33
  5    10 ms    10 ms    10 ms  2a00:2380:3014:8000::1e
  6    10 ms     *        *     core3-hu0-7-0-7.faraday.ukcore.bt.net [2a00:2380:c::338]
  7     *       10 ms     *     core4-l2.faraday.ukcore.bt.net [2a00:2380:3000:c::b]
  8     9 ms     9 ms     8 ms  2a00:2000:2066::84
  9    10 ms    10 ms    26 ms  40ge1-3.core1.lon2.he.net [2001:7f8:4::1b1b:1]
10    76 ms    76 ms    76 ms  100ge13-2.core1.nyc4.he.net [2001:470:0:2cf::2]
11    79 ms    78 ms    78 ms  tserv1.nyc4.he.net [2001:470:0:5d::2]
12     *        *        *     Request timed out.
13  ^C

C:\WINDOWS\system32>TRACERT 2001:470:**07:****::100

Tracing route to 2001:470:**07:****::2 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  broadband.bt.com [2a00:23c5:b39e:****:21d:****:****:****]
  2     5 ms     5 ms     5 ms  2a00:2302::1100:203:209
  3     *        *        *     Request timed out.
  4    10 ms    11 ms    15 ms  2a00:2302::1102:100:3f
  5     9 ms    10 ms     9 ms  2a00:2380:3014:8000::12
  6     *        9 ms     *     core3-hu0-7-0-7.faraday.ukcore.bt.net [2a00:2380:c::338]
  7     *        *        *     Request timed out.
  8     8 ms     8 ms     8 ms  2a00:2000:2066::84
  9    31 ms     9 ms     9 ms  40ge1-3.core1.lon2.he.net [2001:7f8:4::1b1b:1]
10    76 ms    76 ms    76 ms  100ge13-2.core1.nyc4.he.net [2001:470:0:2cf::2]
11    78 ms    78 ms    78 ms  tserv1.nyc4.he.net [2001:470:0:5d::2]
12     *        *        *     Request timed out.
13  ^C


Surprised that the HE end of the tunnel 2001:470:**06:****::1 does not appear to be reached. Is there an issue with the routing or am I missing something.

Thanks

cholzhauer

Well, the differentiation here is you;  the 06whatever::1 is the HE side, so it makes sense that someone else could reach them.  The 06whatever::2 is your side, so either the tunnel isn't up or you're firewalling something. We see above that your tunnel is up, so that means it must be a firewall issue.  I suppose it could be a routing issue on HE's side...what does a traceroute from your friend look like?

If you're using your routed /48, you would need a routing rule on your router to pass the entire /48 to the next hop, but I suspect that's not the case here.

JulianR.B

Thanks cholzhauer,

I can confirm that the tunnel is up and I had disabled the firewall (Firewalld).

Correct that I am using the routed /64 address and not the /48 and so have no routing on my Linux box that is setting up the tunnel.

The code section in my original post is my friend's traceroute for all three ip addresses (tunnel HE end, my end and my local ip). In neither of the latter two cases did the route get to the HE end of the tunnel.

Thanks

cholzhauer

Open a ticket, have HE check routing on their side  ipv6@he.net