• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

CentOS routing help

Started by horsemen, December 21, 2010, 10:30:42 AM

Previous topic - Next topic

cholzhauer


[carl@mars ~]$ ping6  2001:470:b115::2:2
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:b115::2:2
^C
--- 2001:470:b115::2:2 ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss

horsemen

Ok I restarted

setup config:
[root@d75-152-109-214 ~]# modprobe ipv6
[root@d75-152-109-214 ~]# ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
[root@d75-152-109-214 ~]# ip link set he-ipv6 up
[root@d75-152-109-214 ~]# ip addr add 2001:470:1d:417::2/64  dev he-ipv6
[root@d75-152-109-214 ~]# ip route add ::/0 dev he-ipv6
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::1:1/64 dev eth0
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::2:1/64 dev eth1
[root@d75-152-109-214 ~]# ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:b115::1:1/64 scope global tentative
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fefb:c0cf/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:b115::2:1/64 scope global tentative
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fefb:c0d9/64 scope link
       valid_lft forever preferred_lft forever
5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
    inet6 2001:470:1d:417::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::4b98:6dd6/128 scope link
       valid_lft forever preferred_lft forever
[root@d75-152-109-214 ~]# sysctl -w net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
[root@d75-152-109-214 ~]# ip -6 route add :: via 2001:470:1d:417::1
[root@d75-152-109-214 ~]# ip route add 2000::/3 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add 2001:470:b115::/48 dev eth1
[root@d75-152-109-214 ~]#

[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1d:417::1 dev he-ipv6  metric 1024  expires 21334325sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1d:417::/64 via :: dev he-ipv6  metric 256  expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0  metric 256  expires 21334324sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1  metric 256  expires 21334324sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1  metric 1024  expires 21334325sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 dev he-ipv6  metric 1024  expires 21334325sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 21334235sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 21334238sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  metric 256  expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
[root@d75-152-109-214 ~]#

[root@d75-152-109-214 ~]# ping6 2001:470:1d:417::1
PING 2001:470:1d:417::1(2001:470:1d:417::1) 56 data bytes
From 2001:470:1d:417::2 icmp_seq=0 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=1 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=2 Time exceeded: Hop limit

[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(iw-in-x67.1e100.net) 56 data bytes
64 bytes from iw-in-x67.1e100.net: icmp_seq=0 ttl=54 time=101 ms
64 bytes from iw-in-x67.1e100.net: icmp_seq=1 ttl=54 time=101 ms
64 bytes from iw-in-x67.1e100.net: icmp_seq=2 ttl=54 time=101 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 9904ms
rtt min/avg/max/mdev = 101.299/101.556/101.728/0.185 ms, pipe 2
[root@d75-152-109-214 ~]#

cholzhauer

One thought I had...you have two different /64's on your tunnel page...what's the other one?  One is your tunnel /64 and the other is your routed /64 that you can use for hosts.

broquea

You have very odd 2002 and 3ffe routes on your system, yet I don't see a 6to4 interface, nor anything with 3ffe on it...only thing that pops into mind.

horsemen

   Server IPv4 address:    216.66.38.58
   Server IPv6 address:    2001:470:1c:417::1/64
   Client IPv4 address:    75.152.109.214
   Client IPv6 address:    2001:470:1c:417::2/64
Available DNS Resolvers
   Anycasted IPv6 Caching Nameserver:    2001:470:20::2
   Anycasted IPv4 Caching Nameserver:    74.82.42.42
Routed IPv6 Prefixes and rDNS Delegations
   Routed /48:    2001:470:b115::/48
   Routed /64:    2001:470:1d:417::/64

cholzhauer

Ah ha.

You need to be using 2001:470:1c:417::1 for your default route and 2001:470:1c:417::2 for he-ipv6

horsemen

Ok here we go again

[root@d75-152-109-214 ~]# modprobe ipv6
[root@d75-152-109-214 ~]# ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
[root@d75-152-109-214 ~]# ip link set he-ipv6 up
[root@d75-152-109-214 ~]# ip addr add 2001:470:1c:417::2/64  dev he-ipv6
[root@d75-152-109-214 ~]# ip route add ::/0 dev he-ipv6
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::1:1/64 dev eth0
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::2:1/64 dev eth1
[root@d75-152-109-214 ~]# ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:b115::1:1/64 scope global tentative
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fefb:c0cf/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:b115::2:1/64 scope global tentative
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fefb:c0d9/64 scope link
       valid_lft forever preferred_lft forever
5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
    inet6 2001:470:1c:417::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::4b98:6dd6/128 scope link
       valid_lft forever preferred_lft forever
[root@d75-152-109-214 ~]# sysctl -w net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
[root@d75-152-109-214 ~]# ip -6 route add :: via 2001:470:1c:417::1
[root@d75-152-109-214 ~]# ip route add 2000::/3 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add 2001:470:b115::/48 dev eth1
[root@d75-152-109-214 ~]#

This should be right now, I hope.

[root@d75-152-109-214 ~]# ping6 2001:470:1c:417::1
PING 2001:470:1c:417::1(2001:470:1c:417::1) 56 data bytes
64 bytes from 2001:470:1c:417::1: icmp_seq=0 ttl=64 time=63.3 ms
64 bytes from 2001:470:1c:417::1: icmp_seq=1 ttl=64 time=63.2 ms
64 bytes from 2001:470:1c:417::1: icmp_seq=2 ttl=64 time=62.8 ms

--- 2001:470:1c:417::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3194ms
rtt min/avg/max/mdev = 62.873/63.137/63.302/0.188 ms, pipe 2
[root@d75-152-109-214 ~]#

Thats better :)

[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(pw-in-x67.1e100.net) 56 data bytes
64 bytes from pw-in-x67.1e100.net: icmp_seq=0 ttl=50 time=148 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=1 ttl=50 time=149 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=2 ttl=50 time=148 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=3 ttl=50 time=148 ms

--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 11080ms
rtt min/avg/max/mdev = 148.711/148.858/149.111/0.414 ms, pipe 2
[root@d75-152-109-214 ~]#

still works

LAN host can still only ping 2001:470:b115::2:1

All the Time I have today need to goto work.
I'll get back at it tomorrow

broquea

Make sure sysctl is configured to enable ipv6 packet forwarding., and what is the IP of the LAN host?

horsemen

sysctl -w net.ipv6.conf.all.forwarding=1
[root@d75-152-109-214 ~]# cat /proc/sys/net/ipv6/conf/all/forwarding
1
[root@d75-152-109-214 ~]#

LAN host
2001:470:b115::2:2/64

broquea

Well mtr can reach 2001:470:b115::2:1 but not 2001:470:b115::2:2 so not sure, but at least the /48 is routed correctly on our side.

cholzhauer

It's probably either a firewall or routing issue..what does your routing table look like now

horsemen

[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1c:417::1 dev he-ipv6  metric 1024  expires 21312055sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1c:417::/64 via :: dev he-ipv6  metric 256  expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0  metric 256  expires 21312054sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1  metric 256  expires 21312054sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1  metric 1024  expires 21312057sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 dev he-ipv6  metric 1024  expires 21312055sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 21311958sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 21311962sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  metric 256  expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295

no firewall enabled on this machine

horsemen

LAN host routing

2001:470:b115::/64 dev eth0  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
default dev eth0  metric 1024  mtu 1500 advmss 1440 hoplimit 4294967295

horsemen

if this helps

  I-NET -------> eth0-------------CentOS Box----------------------------------------------------------------eth1----------------[switch]---------->LAN (one ipv6
                        75.152.109.214                                                                                                 2001:470:b115::2:1/64                 so far)
                        2001:470:b115::1:1/64(probably don't need)                                                                                                 2001:470:b115::2:2/64
                        he-ipv6(2001:470:1c:417::2/64)
                         

cholzhauer

This might be a different between FreeBSD and CentOS, but on my router, I specify the next hop.  For example, my default route points to my tunnel interface (gif1) but I've routed my /48 at the next router in the mix.


default                                   gif1                          US         gif1
2001:470:1f10:2aa::/64            link#6                        U          gif1
2001:470:c27d::/48                2001:470:c27d:d000:21d:a2ff:feaf:2ffd UGS        nfe0