CentOS routing help

cholzhauer · December 21, 2010, 12:41:08 PM


[carl@mars ~]$ ping6  2001:470:b115::2:2
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:b115::2:2
^C
--- 2001:470:b115::2:2 ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss

horsemen · December 21, 2010, 12:48:06 PM

Ok I restarted

setup config:
[root@d75-152-109-214 ~]# modprobe ipv6
[root@d75-152-109-214 ~]# ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
[root@d75-152-109-214 ~]# ip link set he-ipv6 up
[root@d75-152-109-214 ~]# ip addr add 2001:470:1d:417::2/64 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add ::/0 dev he-ipv6
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::1:1/64 dev eth0
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::2:1/64 dev eth1
[root@d75-152-109-214 ~]# ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:b115::1:1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefb:c0cf/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:b115::2:1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefb:c0d9/64 scope link
valid_lft forever preferred_lft forever
5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
inet6 2001:470:1d:417::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4b98:6dd6/128 scope link
valid_lft forever preferred_lft forever
[root@d75-152-109-214 ~]# sysctl -w net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
[root@d75-152-109-214 ~]# ip -6 route add :: via 2001:470:1d:417::1
[root@d75-152-109-214 ~]# ip route add 2000::/3 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add 2001:470:b115::/48 dev eth1
[root@d75-152-109-214 ~]#

[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1d:417::1 dev he-ipv6 metric 1024 expires 21334325sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1d:417::/64 via :: dev he-ipv6 metric 256 expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0 metric 256 expires 21334324sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1 metric 256 expires 21334324sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1 metric 1024 expires 21334325sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 dev he-ipv6 metric 1024 expires 21334325sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21334235sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21334238sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
[root@d75-152-109-214 ~]#

[root@d75-152-109-214 ~]# ping6 2001:470:1d:417::1
PING 2001:470:1d:417::1(2001:470:1d:417::1) 56 data bytes
From 2001:470:1d:417::2 icmp_seq=0 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=1 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=2 Time exceeded: Hop limit

[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(iw-in-x67.1e100.net) 56 data bytes
64 bytes from iw-in-x67.1e100.net: icmp_seq=0 ttl=54 time=101 ms
64 bytes from iw-in-x67.1e100.net: icmp_seq=1 ttl=54 time=101 ms
64 bytes from iw-in-x67.1e100.net: icmp_seq=2 ttl=54 time=101 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 9904ms
rtt min/avg/max/mdev = 101.299/101.556/101.728/0.185 ms, pipe 2
[root@d75-152-109-214 ~]#

cholzhauer · December 21, 2010, 01:00:33 PM

One thought I had...you have two different /64's on your tunnel page...what's the other one? One is your tunnel /64 and the other is your routed /64 that you can use for hosts.

broquea · December 21, 2010, 01:17:02 PM

You have very odd 2002 and 3ffe routes on your system, yet I don't see a 6to4 interface, nor anything with 3ffe on it...only thing that pops into mind.

horsemen · December 21, 2010, 01:17:58 PM

   Server IPv4 address:    216.66.38.58
   Server IPv6 address:    2001:470:1c:417::1/64
   Client IPv4 address:    75.152.109.214
   Client IPv6 address:    2001:470:1c:417::2/64
Available DNS Resolvers
   Anycasted IPv6 Caching Nameserver:    2001:470:20::2
   Anycasted IPv4 Caching Nameserver:    74.82.42.42
Routed IPv6 Prefixes and rDNS Delegations
   Routed /48:    2001:470:b115::/48
   Routed /64:    2001:470:1d:417::/64

cholzhauer · December 21, 2010, 01:19:42 PM

Ah ha.

You need to be using 2001:470:1c:417::1 for your default route and 2001:470:1c:417::2 for he-ipv6

horsemen · December 21, 2010, 01:42:26 PM

Ok here we go again

[root@d75-152-109-214 ~]# modprobe ipv6
[root@d75-152-109-214 ~]# ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
[root@d75-152-109-214 ~]# ip link set he-ipv6 up
[root@d75-152-109-214 ~]# ip addr add 2001:470:1c:417::2/64 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add ::/0 dev he-ipv6
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::1:1/64 dev eth0
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::2:1/64 dev eth1
[root@d75-152-109-214 ~]# ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:b115::1:1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefb:c0cf/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:b115::2:1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefb:c0d9/64 scope link
valid_lft forever preferred_lft forever
5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
inet6 2001:470:1c:417::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4b98:6dd6/128 scope link
valid_lft forever preferred_lft forever
[root@d75-152-109-214 ~]# sysctl -w net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
[root@d75-152-109-214 ~]# ip -6 route add :: via 2001:470:1c:417::1
[root@d75-152-109-214 ~]# ip route add 2000::/3 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add 2001:470:b115::/48 dev eth1
[root@d75-152-109-214 ~]#

This should be right now, I hope.

[root@d75-152-109-214 ~]# ping6 2001:470:1c:417::1
PING 2001:470:1c:417::1(2001:470:1c:417::1) 56 data bytes
64 bytes from 2001:470:1c:417::1: icmp_seq=0 ttl=64 time=63.3 ms
64 bytes from 2001:470:1c:417::1: icmp_seq=1 ttl=64 time=63.2 ms
64 bytes from 2001:470:1c:417::1: icmp_seq=2 ttl=64 time=62.8 ms

--- 2001:470:1c:417::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3194ms
rtt min/avg/max/mdev = 62.873/63.137/63.302/0.188 ms, pipe 2
[root@d75-152-109-214 ~]#

Thats better :)

[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(pw-in-x67.1e100.net) 56 data bytes
64 bytes from pw-in-x67.1e100.net: icmp_seq=0 ttl=50 time=148 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=1 ttl=50 time=149 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=2 ttl=50 time=148 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=3 ttl=50 time=148 ms

--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 11080ms
rtt min/avg/max/mdev = 148.711/148.858/149.111/0.414 ms, pipe 2
[root@d75-152-109-214 ~]#

still works

LAN host can still only ping 2001:470:b115::2:1

All the Time I have today need to goto work.
I'll get back at it tomorrow

broquea · December 21, 2010, 01:43:11 PM

Make sure sysctl is configured to enable ipv6 packet forwarding., and what is the IP of the LAN host?

horsemen · December 21, 2010, 01:51:23 PM

sysctl -w net.ipv6.conf.all.forwarding=1
[root@d75-152-109-214 ~]# cat /proc/sys/net/ipv6/conf/all/forwarding
1
[root@d75-152-109-214 ~]#

LAN host
2001:470:b115::2:2/64

broquea · December 21, 2010, 01:56:24 PM

Well mtr can reach 2001:470:b115::2:1 but not 2001:470:b115::2:2 so not sure, but at least the /48 is routed correctly on our side.

cholzhauer · December 21, 2010, 03:56:23 PM

It's probably either a firewall or routing issue..what does your routing table look like now

horsemen · December 21, 2010, 11:47:52 PM

[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1c:417::1 dev he-ipv6 metric 1024 expires 21312055sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1c:417::/64 via :: dev he-ipv6 metric 256 expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0 metric 256 expires 21312054sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1 metric 256 expires 21312054sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1 metric 1024 expires 21312057sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 dev he-ipv6 metric 1024 expires 21312055sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21311958sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21311962sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295

no firewall enabled on this machine

horsemen · December 21, 2010, 11:54:48 PM

LAN host routing

2001:470:b115::/64 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
default dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295

horsemen · December 22, 2010, 12:35:48 AM

if this helps

I-NET -------> eth0-------------CentOS Box----------------------------------------------------------------eth1----------------[switch]---------->LAN (one ipv6
75.152.109.214 2001:470:b115::2:1/64 so far)
2001:470:b115::1:1/64(probably don't need) 2001:470:b115::2:2/64
he-ipv6(2001:470:1c:417::2/64)

cholzhauer · December 22, 2010, 04:52:56 AM

This might be a different between FreeBSD and CentOS, but on my router, I specify the next hop. For example, my default route points to my tunnel interface (gif1) but I've routed my /48 at the next router in the mix.

Code Select


default                                   gif1                          US         gif1
2001:470:1f10:2aa::/64            link#6                        U          gif1
2001:470:c27d::/48                2001:470:c27d:d000:21d:a2ff:feaf:2ffd UGS        nfe0

News:

CentOS routing help