• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Routed /48 suddenly broken, routed /64 works.

Started by slaxative, February 18, 2011, 04:20:14 AM

Previous topic - Next topic

slaxative

I've had a functioning ipv6 config for years now.
All of a sudden, all machines behind the router on the /48 are unable to ping any ipv6 addresses.

ping6 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes
--- www.kame.net ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5008ms

Route info from machine behind firewall:
ip -6 route
2001:470:f001:beef::/64 dev eth0  proto kernel  metric 256  expires 86386sec mtu 1280 advmss 1220 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1280 advmss 1220 hoplimit 0
default via fe80::224:a5ff:fed7:9bce dev eth0  proto kernel  metric 1024  expires 22sec mtu 1280 advmss 1220 hoplimit 64

Ping from the router itself works fine, its running DDWRT.

ping6 www.kame.net
PING www.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7): 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: seq=0 ttl=55 time=167.369 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: seq=1 ttl=55 time=166.396 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: seq=2 ttl=55 time=166.590 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: seq=3 ttl=55 time=166.443 ms

Ping from my ipv6 box behind the router gets dns resolution of the ipv6 address but no reply.
I am also able to ping the router via ipv6.
Also, ipv6 forwarding is still enabled on my router.
Any help would be greatly appreciated.

cat /proc/sys/net/ipv6/conf/all/forwarding
1
radvd.conf
interface br0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvLinkMTU 1280;
AdvSendAdvert on;
prefix 2001:470:f001:beef::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
};
};


Thanks!


cholzhauer

Well, let's make sure of a couple things.

1) It looks like you're doing RA?  Did you double check that fe80::224:a5ff:fed7:9bce is the address of your IPv6 router?  (Just to make sure you don't have a rogue RA server)

2) Can you ping fe80::224:a5ff:fed7:9bce?  You mentioned that you could ping the router, but didn't say if you could ping the fe80 address or the 2001 address.

3) What does ipconfig/ifconfig look like on the computer that isn't working?

slaxative

#2
Thanks for the help..
That is in fact the ipv6 address of my router.

br0 interface of router:
br0       Link encap:Ethernet  HWaddr 00:24:A5:D7:9B:CE  
         inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: 2001:470:f001::/48 Scope:Global
         inet6 addr: 2001:470:f001:beef::/64 Scope:Global
         inet6 addr: fe80::224:a5ff:fed7:9bce/64 Scope:Link
         inet6 addr: 2001:470:d:5::1/64 Scope:Global
         UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
         RX packets:671757 errors:0 dropped:0 overruns:0 frame:0
         TX packets:728521 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:82203080 (78.3 MiB)  TX bytes:267533691 (255.1 MiB)


I can ping it... but only if I specify the interface eth0. I can ping the 2001 address without specifying the interface.


ping6 -I eth0 fe80::224:a5ff:fed7:9bce
PING fe80::224:a5ff:fed7:9bce(fe80::224:a5ff:fed7:9bce) from fe80::202:b3ff:fea0:e8be eth0: 56 data bytes
64 bytes from fe80::224:a5ff:fed7:9bce: icmp_seq=1 ttl=64 time=0.267 ms
64 bytes from fe80::224:a5ff:fed7:9bce: icmp_seq=2 ttl=64 time=0.204 ms
64 bytes from fe80::224:a5ff:fed7:9bce: icmp_seq=3 ttl=64 time=0.239 ms
^C
--- fe80::224:a5ff:fed7:9bce ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.204/0.236/0.267/0.031 ms

ifconfig on box...
/sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:02:B3:A0:E8:BE  
         inet addr:192.168.1.110  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: 2001:470:f001:beef:202:b3ff:fea0:e8be/64 Scope:Global
         inet6 addr: fe80::202:b3ff:fea0:e8be/64 Scope:Link
         inet6 addr: 2001:470:f001:beef::dead/64 Scope:Global
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:52100 errors:0 dropped:0 overruns:0 frame:0
         TX packets:47939 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:32945379 (31.4 Mb)  TX bytes:7763090 (7.4 Mb)




cholzhauer

Have you always had the "  inet6 addr: 2001:470:f001::/48 Scope:Global" on br0?  Is the 2001:470:d:5::1 your routed /64?

Quote
I can ping it... but only if I specify the interface eth0.

Yep, that's how it's supposed to be.


slaxative

Yes, i've always had it setup that way. I have a routed /48 which i've turned into a 64 that i'm advertising with radvd.

  inet6 addr: 2001:470:f001::/48 Scope:Global
inet6 addr: 2001:470:f001:beef::/64 Scope:Global

slaxative

I think i've confirmed this is an issue with my routed  /48.
From the looking glass on tunnelbroker.net I cant see my routed 48 at all.
I am able to see my routed /64.
I've sent an email to he support.

slaxative

more info...

test with /48

traceroute6 -s 2001:470:f001:beef:: irc.ipv6.he.net
traceroute to irc.ipv6.he.net (2001:470:0:6667::2) from 2001:470:f001:beef::, 30 hops max, 16 byte packets
1  *


test /64

traceroute6 -s 2001:470:d:5::1 irc.ipv6.he.net     
traceroute to irc.ipv6.he.net (2001:470:0:6667::2) from 2001:470:d:5::1, 30 hops max, 16 byte packets
slaxative-1.tunnel.tserv15.lax1.ipv6.he.net (2001:470:c:5::1)  48.5 ms  46.825 ms  47.095 ms
gige-g4-6.core1.lax1.he.net (2001:470:0:9d::1)  44.306 ms  45.342 ms  51.86 ms
10gigabitethernet2-2.core1.fmt2.he.net (2001:470:0:18d::1)  910.09 ms  52.5 ms  52.436 ms
gige-g4-18.core1.fmt1.he.net (2001:470:0:2d::1)  58.831 ms  53.86 ms  52.593 ms



The /48 gets nowhere while the allocated /64 works fine.

slaxative

Also confirmed that machines behind router when allocated an address from my /48 do not work, while addresses allocated from my /64 do.

cholzhauer


slaxative

This is taken care of now. He resolved the problem on their end.