• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Tunnel working, but no connectivity from the router

Started by optix, July 03, 2010, 11:23:12 AM

Previous topic - Next topic

optix

Hi all,

This keeps puzzling me for a few days now, and I haven't been able to find similar problem on the forum...

Router is Cisco 1801 with directly attached ADSL line.

Basically, I can't get any ipv6 connectivity from the router to global ipv6 addresses, pinging HE end of the tunnel doesn't work, pinging any other ipv6 address doesn't work, telnet to opened telnet server on ipv6 doesn't work etc. However, everything is working just fine from Win machines inside my allocated /48 block.


Relevant config:

!
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel
no ip address
ipv6 address 2001:xxx:xxx:xxx::2/64
ipv6 enable
tunnel source Dialer1
tunnel destination 216.66.80.30
tunnel mode ipv6ip
!         
interface Dialer1
mtu 1492
ip address negotiated
ip access-group Traffic-from-Internet in
ip access-group Traffic-to-Internet out
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxx password xxx
!             
interface Vlan1
ip address 10.10.10.5 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ipv6 address 2001:xxx:xxxx::1/48
ipv6 enable
!         
ip nat inside source list 1 interface Dialer1 overload
!
ipv6 route ::/0 Tunnel0
!



Any thoughts, or has someone experienced similar issue?

I've tried modifying MTU several times, changed IOS, but problem remains...


c1801#ping ipv6.google.com
Translating "ipv6.google.com"...domain server (8.8.8.8) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A00:1450:8007::69, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
c1801#


Win machine


C:\>ping ipv6.google.com

Pinging ipv6.l.google.com [2A00:1450:8007::69] with 32 bytes of data:
Reply from 2A00:1450:8007::69: time=28ms
Reply from 2A00:1450:8007::69: time=28ms
Reply from 2A00:1450:8007::69: time=28ms
Reply from 2A00:1450:8007::69: time=28ms

Ping statistics for 2A00:1450:8007::69:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 28ms, Average = 28ms

C:\>



Thanks!

jimb

You shouldn't have an entire /48 on your LAN.  You should break it into /64 subnets.

That shouldn't really prevent you from pinging though.  Have you tried to ping using the tunnel interface as source?  Does that work?

optix

I have, unfortunately result is the same  :(


c1801#ping ipv6.google.com source tunnel0
Translating "ipv6.google.com"...domain server (8.8.8.8) [OK]

Translating "ipv6.google.com"...domain server (8.8.8.8) [OK]

Translating "ipv6.google.com"...domain server (8.8.8.8) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A00:1450:8007::68, timeout is 2 seconds:
Packet sent with a source address of 2001:470:1F0A:1391::2
.....
Success rate is 0 percent (0/5)
c1801#


Traceroute from win machine... everything as it should be


C:\>tracert ipv6.google.com

Tracing route to ipv6.l.google.com [2a00:1450:8007::69]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  c1801.optix.rs [2001:470:9da5::1]
  2    32 ms    32 ms    32 ms  optix-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:1391::1]
  3    28 ms    29 ms    32 ms  gige-g2-4.core1.fra1.ipv6.he.net [2001:470:0:69::1]
  4    28 ms    29 ms    30 ms  de-cix20.net.google.com [2001:7f8::3b41:0:2]
  5    28 ms    28 ms    31 ms  2001:4860::1:0:10
  6    27 ms    29 ms    29 ms  2001:4860::23
  7    28 ms    28 ms    28 ms  2001:4860:0:1::cb
  8    29 ms    28 ms    28 ms  2a00:1450:8007::69

Trace complete.

C:\>


From Switch looking glass... ping breaks on my router


Router: swiCE2.switch.ch
Command: trace 2001:470:9da5::2

Type escape sequence to abort.
Tracing the route to orion.optix.rs (2001:470:9DA5::2)

  1 swiCE3-10GE-1-4.switch.ch (2001:620:0:C03D::2) 0 msec 0 msec 0 msec
  2 20gigabitethernet1-3.core1.ams1.ipv6.he.net (2001:7F8:1::A500:6939:1) 20 msec 16 msec 16 msec
  3 10gigabitethernet1-1.core1.fra1.ipv6.he.net (2001:470:0:47::2) 20 msec 20 msec 24 msec
  4 gige-gbge0.tserv6.fra1.ipv6.he.net (2001:470:0:69::2) 24 msec 20 msec 20 msec
  5  *  *  *
  6 orion.optix.rs (2001:470:9DA5::2) 50 msec 52 msec 46 msec



snarked

RE Reply #1 - Aside:  In fact, if one has a SINGLE LAN, there's no reason to request a /48.  Just use the "routed /64."

optix

Guys, I agree with you 100% :) However, this is just a temporary (test) config, there are several vlans on that router and each one will eventually have it's /64, but that's a different subject.

I'm just curious as to why there's no connectivity from the router itself... I have one 2800 with almost identical config, but with an optical uplink... and no problems of this kind there.

Thanks for replying :)

jimb

From what I can actually see of the config, it looks fine to me.  I can only guess some ACL, or a Cisco bug on that IOS.

I vaguely remember reading about such bugs, perhaps on here.  Esp when VLANs were involved.

optix

Wasn't working on advent. 15.0-1M, 15.0-1XA, 12.4-24T, 12.4-22T, but now finally works on 12.4-15T7, go figure... :)

Now to find out what other feature will not work on this Train release... :)