SixXS::Sunset 2017-06-06

can't use the subnet
[de] Shadow Hawkins on Sunday, 05 April 2009 13:42:30
Moin, I have a tunnel since 2 weeks and this works fine at my router. Since this week a have a subnet, but even a think that the configuration is OK it does not work. First: the router name is 'kuiper' (debian) One of the kubuntu boxes name is 'mars' The relevant interfaces at kuiper: eth0 Link encap:Ethernet HWaddr 00:50:BA:73:74:60 inet addr:192.168.5.1 Bcast:192.168.5.255 Mask:255.255.255.0 inet6 addr: 2001:db8::1/64 Scope:Global inet6 addr: fe80::250:baff:fe73:7460/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:318625 errors:0 dropped:10 overruns:0 frame:4 TX packets:355770 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:45988975 (43.8 MiB) TX bytes:304118436 (290.0 MiB) Interrupt:4 Base address:0x340 sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: 2001:6f8:900:c7d::2/64 Scope:Global inet6 addr: fe80::4f8:900:c7d:2/64 Scope:Link UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:2198 errors:0 dropped:0 overruns:0 frame:0 TX packets:3531 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:230110 (224.7 KiB) TX bytes:358899 (350.4 KiB) The interface at mars: wlan0 Link encap:Ethernet HWaddr 00:1f:3b:6c:1a:75 inet addr:192.168.5.98 Bcast:192.168.5.255 Mask:255.255.255.0 inet6 addr: fe80::21f:3bff:fe6c:1a75/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:39759 errors:0 dropped:0 overruns:0 frame:0 TX packets:40505 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:13069003 (12.4 MB) TX bytes:9251947 (8.8 MB) From mars, I find the the router: renner@mars:~$ ping6 -I wlan0 ff02::2 PING ff02::2(ff02::2) from fe80::21f:3bff:fe6c:1a75 wlan0: 56 data bytes 64 bytes from fe80::250:baff:fe73:7460: icmp_seq=1 ttl=64 time=7.10 ms 64 bytes from fe80::250:baff:fe73:7460: icmp_seq=2 ttl=64 time=4.38 ms (I find the address at kuipers interface eth0). I also can ping (or connect using ssh or so) kuiper via IPv6. But while I can ping IPv6 addresses from the router it is not possible from mars. I started radvd with a higher debug level, but there is no output exept this: kuiper:/var/log# /usr/sbin/radvd -u radvd -d 5 -p /var/run/radvd/radvd.pid [Apr 05 13:08:26] radvd: failed to set LinkMTU (1280) for eth0 [Apr 05 13:08:26] radvd: failed to set CurHopLimit (64) for eth0 The /etc/radvd.conf contains: interface eth0 { AdvSendAdvert on; AdvLinkMTU 1280; MaxRtrAdvInterval 300; #prefix 2001:6f8:1112::/64 prefix 2001:6f8:1112::/48 { AdvOnLink on; AdvAutonomous on; }; }; I see outgoing ICMP packages at the sixxs interface, but no single package comes back: kuiper:~# tcpdump -i sixxs tcpdump: WARNING: arptype 65534 not supported by libpcap - falling back to cooked socket tcpdump: WARNING: sixxs: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sixxs, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 13:40:47.695981 IP6 2001:6f8:1112:0:250:daff:fee3:fd6d > www.six.heise.de: ICMP6, echo request, seq 1, length 64 13:40:47.754428 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 1, length 64 13:40:47.754519 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 1, length 64 13:40:48.705107 IP6 2001:6f8:1112:0:250:daff:fee3:fd6d > www.six.heise.de: ICMP6, echo request, seq 2, length 64 13:40:48.756922 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 2, length 64 13:40:48.757020 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 2, length 64 13:40:49.707294 IP6 2001:6f8:1112:0:250:daff:fee3:fd6d > www.six.heise.de: ICMP6, echo request, seq 3, length 64 13:40:49.759694 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 3, length 64 13:40:49.759793 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 3, length 64 Any hint? Thanks!
can't use the subnet
[de] Shadow Hawkins on Sunday, 05 April 2009 15:08:04
I see outgoing ICMP packages at the sixxs interface, but no single package comes back: kuiper:~# tcpdump -i sixxs tcpdump: WARNING: arptype 65534 not supported by libpcap - falling back to cooked socket tcpdump: WARNING: sixxs: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sixxs, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 13:40:47.695981 IP6 2001:6f8:1112:0:250:daff:fee3:fd6d > www.six.heise.de: ICMP6, echo request, seq 1, length 64 13:40:47.754428 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 1, length 64 13:40:47.754519 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 1, length 64 13:40:48.705107 IP6 2001:6f8:1112:0:250:daff:fee3:fd6d > www.six.heise.de: ICMP6, echo request, seq 2, length 64 13:40:48.756922 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 2, length 64 13:40:48.757020 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 2, length 64 13:40:49.707294 IP6 2001:6f8:1112:0:250:daff:fee3:fd6d > www.six.heise.de: ICMP6, echo request, seq 3, length 64 13:40:49.759694 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 3, length 64 13:40:49.759793 IP6 www.six.heise.de > 2001:6f8:1112:0:250:daff:fee3:fd6d: ICMP6, echo reply, seq 3, length 64
Stupid, there are reply packages. But they sign up only at the sixxs interfaces, not at eth0.
solved
[de] Shadow Hawkins on Sunday, 05 April 2009 16:35:39
Moin, I found the error. Somehow, I don't know how, it was necessary to reset the forward files under /proc/sys/net/ipv6/conf to '0'. The stored state in /var/run/radvd/saved-settings was '1' and this caused the problem. Just for the archive: I placed the line find /proc/sys/net/ipv6/ -name forwarding -exec echo 0 > {} \; to /etc/init.d/radvd to avoid such a problem in the future.
solved
[ch] Jeroen Massar SixXS Staff on Sunday, 05 April 2009 19:25:37
You definitely have to enable forwarding (aka set it to 1) if you want forwarding to work. Do check that you have an address out of the RA /64 on the interface of the router itself.
solved
[de] Shadow Hawkins on Sunday, 05 April 2009 20:51:47
Moin Jeroen,
You definitely have to enable forwarding (aka set it to 1) if you want forwarding to work.
Yes, this is correct. It must be '1' as long as radvd runns. But I found out that routing won't work if the stored state is also '1'. It seems to me that there is a 'reset' required between the stop and the start of radvd. Check it out by editing /var/run/radvd/saved-settings: set every lint to '1' and stop and start radvd! CU
can't use the subnet
[ch] Jeroen Massar SixXS Staff on Sunday, 05 April 2009 18:58:19
inet6 addr: 2001:db8::1/64 Scope:Global
I don't think that should be on your interface.
The /etc/radvd.conf contains:
interface eth0
{
AdvSendAdvert on;
AdvLinkMTU 1280;
MaxRtrAdvInterval 300;
Why these three?
#prefix 2001:6f8:1112::/64
prefix 2001:6f8:1112::/48
This should be a /64, never a /48. Autoconfiguration only works with /64s.
{
AdvOnLink on;
AdvAutonomous on;
};
};
These options are also not needed.
can't use the subnet
[de] Shadow Hawkins on Sunday, 05 April 2009 21:07:22
Moin,
> AdvSendAdvert on;
AdvLinkMTU 1280;
MaxRtrAdvInterval 300;
Why these three?
AdvSendAdvert is essential. I get an
renner@mars:~$ ping6 www.six.heise.de connect: Network is unreachable
error without.
> prefix 2001:6f8:1112::/48 This should be a /64, never a /48. Autoconfiguration only works with /64s.
Strange. In my sixxs settings it is definitely a /48. I check this again ..... Thanks!
can't use the subnet
[ch] Jeroen Massar SixXS Staff on Sunday, 05 April 2009 23:46:21
Strange. In my sixxs settings it is definitely a /48. I check this again .....
That is because you get allocated 65536 /64s, making up one /48. Per interface/link though you use a /64. See Wiki : Subnet for a pretty good explanation. "AdvLinkMTU 1280" you definitely won't need as that can be discovered by pMTU discovery (unless you configure your tunnel interface MTU wrong).
can't use the subnet
[de] Shadow Hawkins on Saturday, 11 April 2009 07:52:16
Moin, thanks for your help! The tunnel as well as the subnet is running in a good condition now! Thanks for the link to the documentation. Now I understand more! CU
can't use the subnet
[be] Shadow Hawkins on Wednesday, 31 August 2011 10:38:42
Reviving this old thread, as it is the one which clarifies some things (I haven't understood all of it ... yet) on a problem I have while configuring a setup with radvd (radvd.conf) and ISC's dhcpd (i.e. it's instance being configured for IPv6). Maybe the FAQ could be extended, or the wiki page could be "promoted" in some FAQ page ? This is just a suggestion, triggered by me having browsed the list and having seen several people struggling with the idea that one gets assigned a /48 Sixxs range, all while some "warning" is missing that one should not 1-to-1 use that /48 prefix in radvd.conf. Especially in this thread it becomes clear that one single interface should never have anything else than a /64 prefix in its address. This rings THE bell against not configuring radvd.conf with Sixxs' allocated prefix of /48...
can't use the subnet
[ch] Jeroen Massar SixXS Staff on Wednesday, 31 August 2011 11:26:16
Where are you missing this warning and thus where would it be the most logical to see this? Effectively the /64, /48 etc thing is a 'base IPv6 knowledge' issue. All the examples about radvd (even in their manual page) have /64s shown, nothing else. Note though, that the /64 is only a requirement when one wants to use IPv6 autoconfiguration. Otherwise, any prefix size will work just fine.
can't use the subnet
[be] Shadow Hawkins on Wednesday, 31 August 2011 21:59:45
If it'd be added, I'd suggest to add it somewhere here. What I'm still figuring out is the link between IPv6's autoconfiguration (a nice improvement over it's several IPv4 "equivalents", like ARP), it's prefix and the possibilities (and limitations) of dhcpv6. So especially in the case(s) where stateful and stateless configuration are combined (the importance and influence of the -M and O- flags of this link). Not that I'm not willing to suggest some text, but it would for sure have to be endorsed by someone with "decent" knowledge on the matter. In the meantime, I'm experimenting and having a look at the influence of the different dhcpd.conf and radvd.conf parameters by means of tcpdump :-)
can't use the subnet
[ch] Jeroen Massar SixXS Staff on Thursday, 01 September 2011 01:20:35
What I'm still figuring out is the link between IPv6's autoconfiguration (a nice improvement over it's several IPv4 "equivalents", like ARP)
The IPv6 equivalent of IPv4 ARP is Neighbor Discovery (ND). Auto-configuration, comes in two forms, link-local and global, the latter is Router-Advertisement based and only available for IPv6, the first is available for both IPv4 and IPv6 ( see Wikipedia Link-Local Address).
it's prefix and the possibilities (and limitations) of dhcpv6.
You require RA to do DHCPv6. In that mode RA only tells the network 'the router is at X, please use DHCPv6 for an address"
So especially in the case(s) where stateful and stateless configuration are combined (the importance and influence of the -M and O- flags of this link).
M = Managed, this indicates that DHCPv6 is used. The O indicates that other details can also be retrieved that way, you'll need both if you want to use DHCPv6.
Not that I'm not willing to suggest some text, but it would for sure have to be endorsed by someone with "decent" knowledge on the matter. In the meantime, I'm experimenting and having a look at the influence of the different dhcpd.conf and radvd.conf parameters by means of tcpdump :-)
The wiki is always a good place to add text to, otherwise DHCPv6 stateful autoconfiguration seems to be a quite decent description.
can't use the subnet
[be] Shadow Hawkins on Thursday, 01 September 2011 11:20:23
M = Managed, this indicates that DHCPv6 is used. The O indicates that other details can also be retrieved that way, you'll need both if you want to use DHCPv6.
I can be wrong, but this contradicts my findings, as I have already had a configuration (see further) with radvd.conf's M (AdvManagedFlag) = 1 and O (AdvOtherConfigFlag) = 0 and where I used ISC's dhcpd (in IPv6 mode) and a client obtained an IPv6 address from dhcpd and could browse the internet (it obtained IPv6 address 2001:DB8:FFFF:555F::5:70). radvd.conf extract of that setup: ================================= interface eth1 { AdvManagedFlag on; AdvOtherConfigFlag off; . . . prefix 2001:DB8:FFFF::/48 { AdvValidLifetime 40; AdvPreferredLifetime 20; AdvAutonomous on; }; }; dhcpd.conf extract of that setup: ================================= authoritative; ddns-update-style none; ddns-updates off; log-facility local7; option dhcp6.name-servers 2001:DB8:FFFF::1:1; option dhcp6.info-refresh-time 60; option dhcp6.preference 255; option dhcp-renewal-time 30; option dhcp-rebinding-time 50; host brsport { host-identifier option dhcp6.client-id 00:01:00:01:4e:46:b1:13:60:69:07:b8:74:dd; fixed-address6 2001:DB8:FFFF::2:10; } shared-network LAN { subnet6 2001:DB8:FFFF:0::/64 { default-lease-time 60; max-lease-time 65; } subnet6 2001:DB8:FFFF:1::/64 { default-lease-time 60; max-lease-time 65; } subnet6 2001:DB8:FFFF:2::/64 { default-lease-time 60; max-lease-time 65; } subnet6 2001:DB8:FFFF:555F::/64 { default-lease-time 60; max-lease-time 65; range6 2001:DB8:FFFF:555F::5:70 2001:DB8:FFFF:555F::5:71; } }
can't use the subnet
[ch] Jeroen Massar SixXS Staff on Thursday, 01 September 2011 11:22:13
Some of the DHCPv6 Client implementations don't bother with looking for the flags; there has also been quite some discussion about these flags in the IETF, thus which combos work exactly how is not entirely set in stone...
can't use the subnet
[be] Shadow Hawkins on Thursday, 01 September 2011 11:32:57
... which facilitates learning ... we're flexible :-) P.S. : Now tht was a prompt response. Budd'anct.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker