Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Unable to access from a 2002: IP...  (Read 4034 times)

avsuren

  • Newbie
  • *
  • Posts: 4
Unable to access from a 2002: IP...
« on: December 28, 2010, 02:43:18 PM »

Initially I set up an 2002: IPv6 network in my workplace and was able to access ipv6.google.com, ipv6.netflix.com, etc.,.

Recently, I got a 2001 IPv6 address from HE and configured one of the nodes with that address.  This node can also ping and traceroute ipv6.google.com and ipv6.netflix.com.  This node is NOT in the path or directly attached to the subnet with the 2002:: IPv6 address I had configured earlier.  I am UNABLE to successfully connect from the 2002: network nodes to this 2001: node.

I did a packet capture on the 2001 node and I notice the request and reply packets for the 2002 subnet, but they are not making it back to the 2002: network.  Any clues.   The 2002: network is configured to connect to 192.88.99.1 as the 6to4 relay.

Thanks much
Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 260
    • aRDy Music
Re: Unable to access from a 2002: IP...
« Reply #1 on: December 28, 2010, 06:09:07 PM »

errr is this node behind your 6to4? Is it directly connected to inet, with a default route pointing to the remote HE tunnel endpoint?

Can provide information to work with?
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2700
Re: Unable to access from a 2002: IP...
« Reply #2 on: December 28, 2010, 07:31:29 PM »

Yeah a copy of your routing tables and a rough diagram would help
Logged

avsuren

  • Newbie
  • *
  • Posts: 4
Re: Unable to access from a 2002: IP...
« Reply #3 on: December 28, 2010, 09:23:01 PM »

Hello,

Thanks for offering to take a look.

I have setup a linux box with dual stack.  It runs radvd.  Its IPv6 address is 2002:xxxx:yyyy::1(Tunnel IP).  Its lan interface has the IPv6 address 2002:xxxx:yyyy:1::1 and it advertises the route 2002:xxxx:yyyy:1::
The nodes in the subnet are able to configure themselves with IPv6 address and hints the clients to use stateful DHCPv6 for other stateful info(DNS and default route).  All this is working fine and the clients are able to ping, traceroute and http to ipv6.google.com and ipv6.netflix.com.

On a node in the DMZ, I have configured the tunnel with the 2001 IPv6 I got from HE.  This node is also able to ping and traceroute to ipv6.netflix.com and ipv6.google.com.  When I try to access this node from one of the nodes from 2002, this node receives the request and replies back, but the 2002 node does not recieve it the reply packets.

Let me know if you need additional info.

Thanks
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1719
Re: Unable to access from a 2002: IP...
« Reply #4 on: December 28, 2010, 09:37:56 PM »

Don't obfuscate, provide real information.

traceroute6s
mtrs
routing tables
ifconfig/ip output
etc.
Logged

avsuren

  • Newbie
  • *
  • Posts: 4
Re: Unable to access from a 2002: IP...
« Reply #5 on: December 29, 2010, 07:47:01 AM »

Let me get you more config info/details.

In the meantime can some access http on my HE's IPv6 address 2001:470:1f06:8b0::2 and let me know if that works?


Thanks
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2700
Re: Unable to access from a 2002: IP...
« Reply #6 on: December 29, 2010, 11:25:28 AM »

2001:470:1f06:8b0::2 gives me a webpage about telcordia -ar greenhouse
Logged

avsuren

  • Newbie
  • *
  • Posts: 4
Re: Unable to access from a 2002: IP...
« Reply #7 on: December 29, 2010, 12:06:24 PM »

Thanks all for helping out.  Problem is kind of identified.

Attn cholzhauer : Yes, I wanted to enable that site for IPv6.

The issue is when I use IPv4 derived IPv6 address
and use 192.88.99.1 as the 6to4 relay, I am UNABLE to reach the HE's IPv6 address, but ABLE to reach ipv6.google.com and ipv6.netflix.com
when I use HE's 6to4 relay 209.51.161.14, I am ABLE to reach my HE's IPv6 address, but UNABLE to reach ipv6.google.com and ipv6.netflix.com.

Does that mean I need to have multiple tunnels?   In any case, next I am going to experiment with multiple tunnels with appropriate routing table and see if I have a workaround.
Logged