• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

ISP blocking tunnel traffic?

Started by fraggod, December 22, 2008, 08:57:19 AM

Previous topic - Next topic

fraggod

Hi, thanks for great service and, prehaps, answers, in advance :)


I happen to be connected to several ISPs, most time using just one of them as a primary gw with other as an ssh-backdoor in case something happens to the primary one.
I'm not a net/routing guru, so feel free to bash me for my lack of expertise or laziness, I probably deserve it.

I've set up a tunnel via primary one (for the moment) and, well, nothing worked - I can see icmp6 requests leaving on tunnel interface and same packets (proto 41) on wan interface, but, alas, no answers. I assumed it was just my flawed setup.
Today I've cut some time to dig a bit deeper into a problem and set up a second tunnel via second (backup) ISP and this one worked right away.

On both ISPs I have wan ('white') IP assigned right to the ethernet interface, both IPs are clearly visible from the rest of the net and no ports blocked as far as I know. So far, services, offered by both of them, looked virtually identical from my point of view.
I've contacted first ISP support, but they seemed completely oblivious to the problem, if there is any, of course.


So the questions:
Is it possible and/or likely that first ISP just blocks certain traffic, required for this tunnel?
I understand that no one here is probably in a position to speak for my ISP, but prehaps it's a case of "supported by all routers by default since 19XX!", or a completely reverse one...?
Where exactly problem usually lies, and is there any way to confirm it?

Could anything be done about it?
Here I mean this, exact, type of tunneling, SIT, I believe. Prehaps it can be wrapped into something or have certain useful tweaks that'll magically make it work with some ill-behaved links, like the one I have.

Are there any real alternatives, aside from using different ISP?
Most sources I've seen thus far seem to be telling about same tunneling mechanisms as I try to use here, or there are some subtle differences that make them much more compatible?


Thanks.

piojan

How about writing what ISP that might be.
Some one might also be using it with a working (or not) tunnel.
Some people already mentioned some problems like: http://www.tunnelbroker.net/forums/index.php?topic=162.0

fraggod

#2
Quote from: piojan on December 22, 2008, 11:55:53 AM
How about writing what ISP that might be.
Some one might also be using it with a working (or not) tunnel.
Some people already mentioned some problems like: http://www.tunnelbroker.net/forums/index.php?topic=162.0

ISP is extrim.it. It's not really a large one even among locals, but traces show that it's traffic is routed via stream - much larger russian internet provider.
The problem is not quite as bad as in topic you've linked, since normal IPv4 traffic seem to be able to circulate between my machine and all HE gateways (I've done tr to all of them to find out which is optimal for me) just fine.

Here's the trace (a hundred of them, actually) to a .de gateway:

HOST: anathema                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. 10.255.128.65                 0.0%   100    5.3   5.8   0.7 168.9  25.2
  2. 212.49.126.65                 0.0%   100    1.4   2.2   1.3  36.9   4.1
  3. 212.49.126.249                0.0%   100    1.6   2.7   1.4  49.1   5.2
  4. 212.49.126.233                0.0%   100   12.5   1.2   0.8  12.5   1.7
  5. core-bb00.r09.epn.ru          0.0%   100    0.8   2.0   0.8  78.9   8.1
  6. 87.226.227.121                0.0%   100    1.1  15.3   1.0 191.7  32.5
  7. ae-1.m7-ar1.msk.ip.rosteleco  0.0%   100   71.5  72.2  71.4  89.4   2.4
  8. 195.34.38.165                 0.0%   100   29.8  31.4  29.5  76.2   7.2
  9. bor-cr01-po4.spb.stream-inte  0.0%   100   37.9  42.9  37.2 234.5  23.5
10. anc-cr01-po3.ff.stream-inter  0.0%   100   82.7  87.5  82.1 135.4  12.4
11. de-cix.he.net                 0.0%   100   83.0  83.9  82.4 115.7   3.9
12. tserv6.fra1.ipv6.he.net       0.0%   100   83.6  83.7  82.8  86.4   0.6


I'd like to do something like 'IPv6 tunnel trace', but tr6 just shows asterisks both from me to HE and via looking glass to me, so there's no telling if one of these routers is blocking anything. I wonder if there's any other way to check it...