• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

6to4 tunnel failure

Started by Jermin, September 02, 2011, 04:09:22 AM

Previous topic - Next topic

Jermin

I've flashed a toastman mod of tomato firmware (filename:tomato-K26-1.28.7821MIPSR1-Toastman-ND-MiniIPv6.trx) to my Baffalo WHR-HP-G54 in June and successful connected to the 6to4 anycast relay. The IPv6 settings are as followed:

IPv6 Service Type: 6to4 Anycast Relay
Prefix Length: 64
Static DNS: 2620:0:ccc::2 & 2620:0:ccd::2
Enable Router Announcements: Yes
Relay Anycast Address: 192.88.99.1
Tunnel MTU: 1280
Tunnel TTL:255


It has worked for about 2 months despite the connection speed changed back and forth. My LAN PCs and Android phone on WIFI are able to connect to IPv6 website and ping through IPv6 addresses without problem.

However, on the day before yesterday, I found that all my LAN devices are not able to ping through IPv6 addresses nor access IPv6 websites. But I could ping through 192.88.99.1 on my Win 7 PC:

Tracing route to 192.88.99.1 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms unknown [192.168.1.1]
2 305 ms 430 ms 430 ms 1.156.61.59.broad.fz.fj.dynamic.163data.com.cn [
59.61.156.1]
3 1 ms 1 ms 1 ms 220.160.91.57
4 1 ms 1 ms 1 ms 202.109.204.205
5 4 ms 4 ms 4 ms 202.109.204.37
6 13 ms 13 ms 13 ms 202.97.41.146
7 14 ms 13 ms 13 ms 202.97.33.118
8 14 ms 14 ms 14 ms 202.97.61.218
9 14 ms 14 ms 14 ms 202.97.60.26
10 603 ms 507 ms 402 ms 202.97.6.22
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 247 ms 246 ms 261 ms vdc.vn [123.29.11.10]
15 236 ms 240 ms 241 ms static.vdc.vn [123.30.63.109]
16 242 ms 244 ms 243 ms 192.88.99.1


And the router still successfully received an IPv6 address, which was shown in the overview page on router:


MAC Address00:1D:73:3A:AE:D7Connection TypePPPoEIP Address59.61.158.143Previous WAN IP59.61.163.100Subnet Mask255.255.255.255Gateway59.61.156.1IPv6 Address2002:3b3d:9e8f::1DNS8.8.8.8:53, 8.8.8.4:53MTU1492
On the Win 7 PC, I also received a LAN IPv6 address:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Jermin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : gogo6 Virtual Multi-Tunnel Adapter
Physical Address. . . . . . . . . : 02-50-F2-00-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
Physical Address. . . . . . . . . : 00-1F-D0-AD-BC-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:3b3d:9e8f:1:b1d7:a1ce:bd59:117b(Pr
erred)
Link-local IPv6 Address . . . . . : fe80::b1d7:a1ce:bd59:117b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 01, 2011 10:31:30 P
Lease Expires . . . . . . . . . . : Friday, September 02, 2011 10:31:30 PM
Default Gateway . . . . . . . . . : fe80::21d:73ff:fe3a:aed6%11
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-1F-D0-AD-BC-6B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes


This is what makes me feel weird. I can connect to the relay server and sccussfully get an IPv6 address. But I can not access IPv6 websites nor ping thourgh IPv6 addresses. And all of this happened all of a sudden.

Anyone has a clue how to fix this?

I'd like to try other relay servers. But the firmware has fixated the first 3 ranges of the relay server IP (192.88.99).

kasperd

What you describe is a typical failure scenario for 6to4. The problem is that 192.88.99.0/24 and 2002::/16 are anycast prefixes that anybody can announce into BGP without having to guarantee any kind of service level.

When a 6to4 host communicates with any host using a different kind of IPv6 connectivity the traffic has to go through 6to4 relays in both directions. In each direction the traffic will go through the relay which is closest to the sender. (Closest meaning whatever routes BGP found to the above prefixes).

Those relays can be hosted by two different third parties without any relation to the two parties communicating. It is difficult to find out which two relays are being used, and even if you can find out, there is not much you can do about the problems.

You'll probably get better results if you sign up for a tunnelbroker.net instead of 6to4. You could keep the 6to4 configuration as well and assign two IPv6 addresses to each host. I think the hosts will know to use their 6to4 address when communicating with another 6to4 address and use their tunnelbroker.net address when communicating with something that is not 6to4.

mtindle

Yes, your ISP is probably pointing to a broken (crashed?) 6to4 relay.  You can try to open a ticket with them to fix the issue.  Your traceroute looks like you're in CN and we do have a relay in Hong Kong which is announced through our peering there.  It's a tough sell, but if you can get to the right folks in your ISPs engineering, you might be able to get them to point to our relay instead. 

I can also look into speaking with your ISP or their upstreams in HK if we have a (potential?) peering relationship.  However, peering also takes time so that probably won't get resolved terribly quickly either unless the planets align.

Of course, as mentioned, it's far more stable if you setup an HE 6in4 tunnel to the server in Hong Kong directly if you are able to.