Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Routed /48 suddenly broken, routed /64 works.  (Read 5685 times)

slaxative

  • Newbie
  • *
  • Posts: 28
Routed /48 suddenly broken, routed /64 works.
« on: February 18, 2011, 04:20:14 AM »

I've had a functioning ipv6 config for years now.
All of a sudden, all machines behind the router on the /48 are unable to ping any ipv6 addresses.

ping6 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes
--- www.kame.net ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5008ms
 
Route info from machine behind firewall:
ip -6 route
2001:470:f001:beef::/64 dev eth0  proto kernel  metric 256  expires 86386sec mtu 1280 advmss 1220 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1280 advmss 1220 hoplimit 0
default via fe80::224:a5ff:fed7:9bce dev eth0  proto kernel  metric 1024  expires 22sec mtu 1280 advmss 1220 hoplimit 64

Ping from the router itself works fine, its running DDWRT.

 ping6 www.kame.net
PING www.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7): 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: seq=0 ttl=55 time=167.369 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: seq=1 ttl=55 time=166.396 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: seq=2 ttl=55 time=166.590 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: seq=3 ttl=55 time=166.443 ms

Ping from my ipv6 box behind the router gets dns resolution of the ipv6 address but no reply.
I am also able to ping the router via ipv6.
Also, ipv6 forwarding is still enabled on my router.
Any help would be greatly appreciated.

cat /proc/sys/net/ipv6/conf/all/forwarding
1
 radvd.conf
interface br0 {
 MinRtrAdvInterval 3;
 MaxRtrAdvInterval 10;
 AdvLinkMTU 1280;
 AdvSendAdvert on;
 prefix 2001:470:f001:beef::/64 {
 AdvOnLink on;
 AdvAutonomous on;
 AdvValidLifetime 86400;
 AdvPreferredLifetime 86400;
 };
 };


Thanks!

« Last Edit: February 19, 2011, 09:33:44 AM by slaxative »
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2742
Re: Suddenly machines behind router cant ping out.
« Reply #1 on: February 18, 2011, 05:06:50 AM »

Well, let's make sure of a couple things.

1) It looks like you're doing RA?  Did you double check that fe80::224:a5ff:fed7:9bce is the address of your IPv6 router?  (Just to make sure you don't have a rogue RA server)

2) Can you ping fe80::224:a5ff:fed7:9bce?  You mentioned that you could ping the router, but didn't say if you could ping the fe80 address or the 2001 address.

3) What does ipconfig/ifconfig look like on the computer that isn't working?
Logged

slaxative

  • Newbie
  • *
  • Posts: 28
Re: Suddenly machines behind router cant ping out.
« Reply #2 on: February 18, 2011, 05:19:35 AM »

Thanks for the help..
That is in fact the ipv6 address of my router.

br0 interface of router:
br0       Link encap:Ethernet  HWaddr 00:24:A5:D7:9B:CE  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:470:f001::/48 Scope:Global
          inet6 addr: 2001:470:f001:beef::/64 Scope:Global
          inet6 addr: fe80::224:a5ff:fed7:9bce/64 Scope:Link
          inet6 addr: 2001:470:d:5::1/64 Scope:Global
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:671757 errors:0 dropped:0 overruns:0 frame:0
          TX packets:728521 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:82203080 (78.3 MiB)  TX bytes:267533691 (255.1 MiB)


 I can ping it... but only if I specify the interface eth0. I can ping the 2001 address without specifying the interface.


ping6 -I eth0 fe80::224:a5ff:fed7:9bce
PING fe80::224:a5ff:fed7:9bce(fe80::224:a5ff:fed7:9bce) from fe80::202:b3ff:fea0:e8be eth0: 56 data bytes
64 bytes from fe80::224:a5ff:fed7:9bce: icmp_seq=1 ttl=64 time=0.267 ms
64 bytes from fe80::224:a5ff:fed7:9bce: icmp_seq=2 ttl=64 time=0.204 ms
64 bytes from fe80::224:a5ff:fed7:9bce: icmp_seq=3 ttl=64 time=0.239 ms
^C
--- fe80::224:a5ff:fed7:9bce ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.204/0.236/0.267/0.031 ms

ifconfig on box...
/sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:02:B3:A0:E8:BE  
          inet addr:192.168.1.110  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:470:f001:beef:202:b3ff:fea0:e8be/64 Scope:Global
          inet6 addr: fe80::202:b3ff:fea0:e8be/64 Scope:Link
          inet6 addr: 2001:470:f001:beef::dead/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52100 errors:0 dropped:0 overruns:0 frame:0
          TX packets:47939 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32945379 (31.4 Mb)  TX bytes:7763090 (7.4 Mb)



« Last Edit: February 18, 2011, 05:24:15 AM by slaxative »
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2742
Re: Suddenly machines behind router cant ping out.
« Reply #3 on: February 18, 2011, 05:24:09 AM »

Have you always had the "  inet6 addr: 2001:470:f001::/48 Scope:Global" on br0?  Is the 2001:470:d:5::1 your routed /64?

Quote
I can ping it... but only if I specify the interface eth0.

Yep, that's how it's supposed to be.

Logged

slaxative

  • Newbie
  • *
  • Posts: 28
Re: Suddenly machines behind router cant ping out.
« Reply #4 on: February 18, 2011, 05:25:27 AM »

Yes, i've always had it setup that way. I have a routed /48 which i've turned into a 64 that i'm advertising with radvd.

  inet6 addr: 2001:470:f001::/48 Scope:Global
 inet6 addr: 2001:470:f001:beef::/64 Scope:Global
Logged

slaxative

  • Newbie
  • *
  • Posts: 28
Re: Suddenly machines behind router cant ping out.
« Reply #5 on: February 19, 2011, 06:48:32 AM »

I think i've confirmed this is an issue with my routed  /48.
From the looking glass on tunnelbroker.net I cant see my routed 48 at all.
I am able to see my routed /64.
I've sent an email to he support.
Logged

slaxative

  • Newbie
  • *
  • Posts: 28
Re: Suddenly machines behind router cant ping out.
« Reply #6 on: February 19, 2011, 09:18:36 AM »

more info...

test with /48

traceroute6 -s 2001:470:f001:beef:: irc.ipv6.he.net
traceroute to irc.ipv6.he.net (2001:470:0:6667::2) from 2001:470:f001:beef::, 30 hops max, 16 byte packets
 1  *


test /64

traceroute6 -s 2001:470:d:5::1 irc.ipv6.he.net     
traceroute to irc.ipv6.he.net (2001:470:0:6667::2) from 2001:470:d:5::1, 30 hops max, 16 byte packets
 1  slaxative-1.tunnel.tserv15.lax1.ipv6.he.net (2001:470:c:5::1)  48.5 ms  46.825 ms  47.095 ms
 2  gige-g4-6.core1.lax1.he.net (2001:470:0:9d::1)  44.306 ms  45.342 ms  51.86 ms
 3  10gigabitethernet2-2.core1.fmt2.he.net (2001:470:0:18d::1)  910.09 ms  52.5 ms  52.436 ms
 4  gige-g4-18.core1.fmt1.he.net (2001:470:0:2d::1)  58.831 ms  53.86 ms  52.593 ms



The /48 gets nowhere while the allocated /64 works fine.
Logged

slaxative

  • Newbie
  • *
  • Posts: 28
/48 is broken suddenly.
« Reply #7 on: February 19, 2011, 09:31:23 AM »

Also confirmed that machines behind router when allocated an address from my /48 do not work, while addresses allocated from my /64 do.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2742
Re: Routed /48 suddenly broken, routed /64 works.
« Reply #8 on: February 19, 2011, 12:58:10 PM »

Email IPv6@he.net and see if they see anything wrong?
Logged

slaxative

  • Newbie
  • *
  • Posts: 28
Re: Routed /48 suddenly broken, routed /64 works.
« Reply #9 on: February 19, 2011, 03:06:44 PM »

This is taken care of now. He resolved the problem on their end.
Logged