• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

[SOLVED] Routing behind a Debian Lenny gateway: Need help with strange things

Started by marcusw, January 22, 2011, 02:32:51 PM

Previous topic - Next topic

marcusw

Hi, got a tunnel working just fine. I set up using the ifconfig commands form the Tunnel Details page. Everything seems to be working perfectly and I'm no longer subject to port 80 and 25 blocking by my ISP. Woot. Anyway, my address is 2001:470:7:a0c::2/64. My routed /64 is 2001:470:8:a0c::/64. One bit difference in the prefix. Kinda nice. I did
apt-get install radvd
and put
interface eth0
{
 AdvSendAdvert on;
 prefix 2001:470:8:a0c::/64
 {
 };
};

in my /etc/radvd.conf. All hosts on the network immediately picked up addresses with the 2001:470:8:a0c:: prefix. And now for the evidence:
The Debian Lenny (wh.lo) is connected directly to the internet through eth1 and serves DHCP to the local network on eth0.
I have enabled IPv6 forwarding on wh.lo.
I can ping6 ipv6.google.com from wh.lo (and I get 15ms as opposed to 20ms with IPv4...the nearest tunnel endpoint is very close).
Hosts on the network can ping6 each other with their respective IPv6 addresses.
Hosts on the network can ping6 wh.lo at 2001:470:7:a0c::2.
wh.lo can NOT ping hosts on the network:
root@wanners ~ # ping6 2001:470:8:a0c:2c0:4fff:fe38:741e
PING 2001:470:8:a0c:2c0:4fff:fe38:741e(2001:470:8:a0c:2c0:4fff:fe38:741e) 56 data bytes
From 2001:470:7:a0c::2 icmp_seq=1 Time exceeded: Hop limit
From 2001:470:7:a0c::2 icmp_seq=2 Time exceeded: Hop limit
From 2001:470:7:a0c::2 icmp_seq=3 Time exceeded: Hop limit
^C

Hosts on the network can NOT access any IPv6 addresses aside from those on the network and that of the router.
Hosts on the network default to IPv6, causing delays when accessing any IPv6 capable site.
I have tried changing the radvd prefix to the one with the 7 and this doesn't help.
The Looking Glass can't ping any of the machines with 2001:470:8:a0c:: prefixes but can reach wh.lo at 2001:470:7:a0c::2

I have been unable to find any internet docs about this. What do?

EDIT:
The fix is below, but for googlers:
route -6 add 2001:470:8:a0c::/64 eth0
Where eth0 is the LAN interface and 2001:470:8:a0c::/64 is the "Routed /64" from the tunnel details page. This makes everything work fine.

comptech

From a traceroute to the IP you gave it looks like there might be a routing problem on wh.lo

core1.chi1.he.net> traceroute ipv6 2001:470:8:a0c:2c0:4fff:fe38:741e

Tracing the route to IPv6 node  from 1 to 30 hops

  1    25 ms   24 ms   34 ms 10gigabitethernet2-4.core1.nyc4.he.net [2001:470:0:4e::2]
  2    28 ms   28 ms   28 ms 10gigabitethernet2-3.core1.ash1.he.net [2001:470:0:36::1]
  3    30 ms   30 ms   29 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
  4    50 ms   45 ms   48 ms marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
  5    58 ms   50 ms   50 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
  6    *       76 ms   *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
  7    70 ms   69 ms   68 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
  8    *       *       *     ?
  9    96 ms   86 ms   86 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
10   111 ms   *      117 ms marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
11   107 ms  105 ms  114 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
12    *       *       *     ?
13   138 ms  132 ms  137 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
14    *       *       *     ?
15   148 ms  142 ms  137 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
16    *       *       *     ?
17   161 ms  158 ms  161 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
18    *       *       *     ?
19   223 ms  182 ms  188 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
20    *       *       *     ?
21   195 ms  194 ms  196 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
22    *       *       *     ?
23   234 ms  210 ms   *     gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
24    *      290 ms   *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
25   231 ms  233 ms  242 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
26   248 ms   *       *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
27   257 ms  259 ms  264 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
28   273 ms   *       *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
29   277 ms   *      285 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
30   285 ms   *       *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]


Can you paste what "route -6" outputs on wh.lo?

marcusw

Quote from: comptech on January 22, 2011, 03:12:12 PM
core1.chi1.he.net> traceroute ipv6 2001:470:8:a0c:2c0:4fff:fe38:741e

Tracing the route to IPv6 node  from 1 to 30 hops

  1    25 ms   24 ms   34 ms 10gigabitethernet2-4.core1.nyc4.he.net [2001:470:0:4e::2]
  2    28 ms   28 ms   28 ms 10gigabitethernet2-3.core1.ash1.he.net [2001:470:0:36::1]
  3    30 ms   30 ms   29 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
  4    50 ms   45 ms   48 ms marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
  5    58 ms   50 ms   50 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
  6    *       76 ms   *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
  7    70 ms   69 ms   68 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
  8    *       *       *     ?
  9    96 ms   86 ms   86 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
10   111 ms   *      117 ms marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
11   107 ms  105 ms  114 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
12    *       *       *     ?
13   138 ms  132 ms  137 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
14    *       *       *     ?
15   148 ms  142 ms  137 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
16    *       *       *     ?
17   161 ms  158 ms  161 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
18    *       *       *     ?
19   223 ms  182 ms  188 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
20    *       *       *     ?
21   195 ms  194 ms  196 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
22    *       *       *     ?
23   234 ms  210 ms   *     gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
24    *      290 ms   *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
25   231 ms  233 ms  242 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
26   248 ms   *       *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
27   257 ms  259 ms  264 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
28   273 ms   *       *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]
29   277 ms   *      285 ms gige-gbge0.tserv13.ash1.ipv6.he.net [2001:470:0:90::2]
30   285 ms   *       *     marcusw-1-pt.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a0c::2]


Nasty nasty...that's a problem all right.

Quote from: comptech on January 22, 2011, 03:12:12 PM
Can you paste what "route -6" outputs on wh.lo?


root@wanners ~ # route -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
::/96                          ::                         Un   256 0     0 sit0
2001:470:7:a0c::/64            ::                         Un   256 0  1608 sit1
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         U    256 0     0 eth1
fe80::/64                      ::                         Un   256 0     0 sit1
::/0                           ::                         U    1   0     0 sit1
::/0                           ::                         !n   -1  1 40426 lo
::1/128                        ::                         Un   0   1  1341 lo
::10.8.0.1/128                 ::                         Un   0   1     0 lo
::68.226.67.198/128            ::                         Un   0   1     0 lo
::127.0.0.1/128                ::                         Un   0   1     0 lo
::192.168.1.1/128              ::                         Un   0   1     0 lo
2001:470:7:a0c::/128           ::                         Un   0   1     0 lo
2001:470:7:a0c::2/128          ::                         Un   0   1  5248 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::a08:1/128                ::                         Un   0   1  2098 lo
fe80::44e2:43c6/128            ::                         Un   0   1     0 lo
fe80::c0a8:101/128             ::                         Un   0   1     0 lo
fe80::219:fdff:fe49:b812/128   ::                         Un   0   1     0 lo
fe80::f2ad:4eff:fe00:e6d/128   ::                         Un   0   1   158 lo
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 eth1
ff00::/8                       ::                         U    256 0     0 sit1
::/0                           ::                         !n   -1  1 40426 lo


A traceroute to ipv6.google.com on one of the LAN machine comes up with dots on all accounts. It causes syslog spam on wh.lo though:


Jan 22 19:06:47 wh kernel: [511331.356871] icmpv6_send: no reply to icmp error
Jan 22 19:06:47 wh kernel: [511331.356886] icmpv6_send: no reply to icmp error
Jan 22 19:06:47 wh kernel: [511331.360408] icmpv6_send: no reply to icmp error
Jan 22 19:06:47 wh kernel: [511331.366896] icmpv6_send: no reply to icmp error
Jan 22 19:06:47 wh kernel: [511331.369896] icmpv6_send: no reply to icmp error

No idea what that means.

Thanks for your help!

marcusw

Ok. After your showing of route -6 to me and my application of my route command knowledge, I was able to come up with a fix:
route -6 add 2001:470:8:a0c::/64 eth0
That makes everything work perfectly. Thanks for pointing me the right way.