• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Intermittent connectivity on a single host on my LAN via HE Tunnel

Started by Midnight, April 22, 2014, 11:30:39 AM

Previous topic - Next topic

Midnight

Hello,

To whom it may concern.  I have been having intermittent connectivity issues from a single host on my LAN to a host I have an HE Tunnel terminated on.

My setup.  I am no longer using HE Tunnel at home as I had acquired a DOCSIS 3.0 cable modem back in 2010. Since Comcast (my ISP) started providing IPv6 on residential connections via dual stack late October of 2012 I have been using that instead.  While it isn't 100% ideal (not static IPs nor long lasting dynamic like their supposedly dynamic IPv4 addresses that can last months and no reverse DNS delegation), it does work.

However, recently my delegated IPv6 subnet changed and all my machines at home re-IP'ed themselves using the new /64 prefix assigned to me via Comcast.  It was about that time my primary computer started having issues connecting to my Amazon host I have had a working HE IPv6 tunnel on for the past 2 years or so.  Every other machine on my LAN using the same /64 prefix delegated to me can connect just fine.  But my desktop cannot.

I can sign into the Amazon host via ssh and ping6 back to any host except my desktop.  I get an ICMP UNREACHABLE error.

[sly@ec2] ~ % ping6 kentsfield.midnightnetworks.com                                             
PING kentsfield.midnightnetworks.com(2601:3:640:6f:230:1bff:febc:c68e) 56 data bytes
From if-ae30.2.tcore2.AEQ-Ashburn.ipv6.as6453.net icmp_seq=1 Destination unreachable: Address unreachable
From if-ae30.2.tcore2.AEQ-Ashburn.ipv6.as6453.net icmp_seq=2 Destination unreachable: Address unreachable
From if-ae30.2.tcore2.AEQ-Ashburn.ipv6.as6453.net icmp_seq=3 Destination unreachable: Address unreachable
From if-ae30.2.tcore2.AEQ-Ashburn.ipv6.as6453.net icmp_seq=6 Destination unreachable: Address unreachable
From if-ae30.2.tcore2.AEQ-Ashburn.ipv6.as6453.net icmp_seq=7 Destination unreachable: Address unreachable
From if-ae30.2.tcore2.AEQ-Ashburn.ipv6.as6453.net icmp_seq=8 Destination unreachable: Address unreachable
^C
--- kentsfield.midnightnetworks.com ping statistics ---
9 packets transmitted, 0 received, +6 errors, 100% packet loss, time 8459ms

Why is only 1 host on my network at home unreachable, when successful connections to other hosts on my LAN require the same routing and path as they're all on the same /64 prefix and traverse the same cable modem and firewall/gateway?

I can attach tcpdumps if necessary.  I would like to get this resolved.  Rebooting my desktop does not help.  Problem does not appear to be with my equipment either as the error is reported by if-ae30.2.tcore2.AEQ-Ashburn.ipv6.as6453.net.

Sincerely,
Midnight

Midnight

Ok I sort of fixed it by having Network Manager on the affected machine assign IPv6 Privacy address to the same interface and making it the preferred address.

I believe this is a misconfiguration on a router or some ACL/firewall rule that probably needs to be removed.

Observe the interface configuration of the affected machine:

% ifconfig p17p1
p17p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.82.100  netmask 255.255.255.0  broadcast 192.168.82.255
        inet6 2601:3:640:6f:230:1bff:febc:c68e  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::230:1bff:febc:c68e  prefixlen 64  scopeid 0x20<link>
        inet6 2601:3:640:6f:7057:83af:73c9:5683  prefixlen 64  scopeid 0x0<global>
        ether 00:30:1b:bc:c6:8e  txqueuelen 1000  (Ethernet)
        RX packets 70169383  bytes 45772865114 (42.6 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 40435087  bytes 99615492448 (92.7 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 17 

Then observe how ICMPv6 fail to the SLAAC address bu succeed to the SLAAC Privacy address:

% ping6 -c3 2601:3:640:6f:230:1bff:febc:c68e
PING 2601:3:640:6f:230:1bff:febc:c68e(2601:3:640:6f:230:1bff:febc:c68e) 56 data bytes
From 2001:5a0:600:500::1 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:5a0:600:500::1 icmp_seq=3 Destination unreachable: Address unreachable

--- 2601:3:640:6f:230:1bff:febc:c68e ping statistics ---
3 packets transmitted, 0 received, +2 errors, 100% packet loss, time 12000ms

% ping6 -c3 2601:3:640:6f:7057:83af:73c9:5683
PING 2601:3:640:6f:7057:83af:73c9:5683(2601:3:640:6f:7057:83af:73c9:5683) 56 data bytes
64 bytes from 2601:3:640:6f:7057:83af:73c9:5683: icmp_seq=1 ttl=53 time=48.0 ms
64 bytes from 2601:3:640:6f:7057:83af:73c9:5683: icmp_seq=2 ttl=53 time=46.8 ms
64 bytes from 2601:3:640:6f:7057:83af:73c9:5683: icmp_seq=3 ttl=53 time=51.3 ms

--- 2601:3:640:6f:7057:83af:73c9:5683 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2054ms
rtt min/avg/max/mdev = 46.823/48.748/51.399/1.945 ms

Of course the router that's kicking this back with an ICMP unreachable is not my own.  I perform a whois on 2001:5a0:600:500::1 and it returns this:

TATA COMMUNICATIONS (AMERICA) INC TATAC6-ARIN-1 (NET6-2001-5A0-1) 2001:5A0:: - 2001:5A0:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
Teleglobe Inc. GLBE-V6-AEQ (NET6-2001-5A0-600-1) 2001:5A0:600:: - 2001:5A0:6FF:FFFF:FFFF:FFFF:FFFF:FFFF
TATA Communications Ltd ASHBURN-AEQ-TATAC (NET6-2001-5A0-600-500-1) 2001:5A0:600:500:: - 2001:5A0:600:5FF:FFFF:FFFF:FFFF:FFFF

Ok, so on second thought I suppose this isn't a misconfiguration on the part of Hurricane Electric, this appears to be an issue with Tata Communications.  I will try to get ahold of them.  Thanks again.