• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Debian loses public IPv6 access once BGP tunnel is established

Started by wrtpoona, May 11, 2019, 10:03:30 AM

Previous topic - Next topic


I'd use a Vultr VM back in the day to peer with he.net (AS6939) and it worked fine, except I used OpenBSD and bgpd.
I'm currently trying to set this up on Debian (9.9) with Bird6 (1.6.3)

I've now moved to a different provider and requested HE.net support to use the old LOA and I can see Bird6 establish the link now.
debian@fra:~$ sudo birdc6
BIRD 1.6.3 ready.
bird> show protocols
name     proto    table    state  since       info
kernel1  Kernel   master   up     11:04:22   
device1  Device   master   up     11:04:22   
static1  Static   master   up     11:04:22   
he_net   BGP      master   up     11:04:26    Established

However my machine loses IPv6 internet access after that but I can ping inside my own allocation.
$ ping ipv6.google.com
connect: No route to host

$ ping bgp-de.wrtpoona.in
PING bgp-de.wrtpoona.in ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=63 time=0.505 ms
64 bytes from ( icmp_seq=2 ttl=63 time=0.455 ms
64 bytes from ( icmp_seq=3 ttl=63 time=0.450 ms

Some IPv6 data off the box:

$ sudo ip -6 r **snipped***
unreachable 2001::/32 dev lo proto bird metric 1024  error -113 pref medium
unreachable 2001:4:112::/48 dev lo proto bird metric 1024  error -113 pref medium
unreachable 2c0f:fff0::/32 dev lo proto bird metric 1024  error -113 pref medium
fe80::/64 dev he-ipv6 proto kernel metric 256  pref medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium
default via 2001:470:12:1cc::1 dev he-ipv6 metric 1024  pref medium

$ sudo ip -6 n

$ sudo rdisc6 eth0
Soliciting ff02::2 (ff02::2) on eth0...
Timed out.
Timed out.
Timed out.
No response.

$ ping6 ff02::2%eth0
PING ff02::2%eth0(ff02::2%eth0) 56 data bytes
--- ff02::2%eth0 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5125ms

What am I missing here?


  • use ping6 instead of ping.
  • apparently bird is blocking some addresses, like most of 2001::/32.  That doesn't, at least for me, include google
  • I recommend "ip -6 route" instead of "sudo ip -6 r", etc. 

    • you don't need root to query
    • abbreviations may confuse people