|
Cisco, tunnel problem
![[se]](/s/countries/se.gif) Carmen Sandiego on Saturday, 17 June 2006 12:03:25
Hi IPv6 gurus!
I'm trying to setup a static tunnel on a Cisco 877 router running IOS 12.4(6)T2.
The tunnel interface is configued as (X.X.X.X is the routers external IP)
interface Tunnel0
description *** SixXS IPv6 Tunnel ***
no ip address
ipv6 address 2001:16D8:FF00:EB::2/64
ipv6 enable
tunnel source X.X.X.X
tunnel destination 82.95.56.14
tunnel mode ipv6ip
end
Routing is configured as
ipv6 route 2000::/3 2001:16D8:FF00:EB::1
ICMP and protocol 41 is allowed (- access-list applied on inbound for external traffic)
permit icmp any any
permit 41 host 82.96.56.14 host X.X.X.X
The access-list shows hits -
permit 41 host 82.96.56.14 host X.X.X.X (48099 matches)
The tunnel seems to be up
#sh ipv6 tunnel
Tun Route LastInp Packets Description
0 - never 0 *** SixXS IPv6 Tunnel ***
sh int tun0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Description: *** SixXS IPv6 Tunnel ***
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source X.X.X.X, destination 82.95.56.14
Tunnel protocol/transport IPv6/IP
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output 00:06:08, output hang never
Last clearing of "show interface" counters 3d13h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
49 packets output, 5196 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Still I am not getting any response on ipv6 ping on the PoPs side - 2001:16D8:FF00:EB::2
Looking at the "Tunnel Information" on www.sixxs.net, the tunnel is enabled, but shows 100% packetloss.
The strange thing is that I am not 'loosing' any credits, though it has been in this state for over 3weeks.
Any advice?
Thanks in advance
Mathias Kanstrup
Cisco, tunnel problem
![[us]](/s/countries/us.gif) Shadow Hawkins on Tuesday, 20 June 2006 04:54:48
Hi,
I could be incorrect here, as I am using a juniper router. (In a few weeks, when I have more credits, i can possibly set this up through a cisco 831, if you have not found an answer).. but here is a guess:
You state: (Although that could be a typo)
"Still I am not getting any response on ipv6 ping on the PoPs side - 2001:16D8:FF00:EB::2"
(You should probably be able to ping yourself)
but that is your end isn't it? if so, your access list is the problem, i would think.
Otherwise, for troubleshooting, change these one at a time:
first, your default route probably should reflect ::/0 rather than 2000::/3 to indicate the default route. (Although from a first look the /3 should allow what you want)
Second, if the cisco is at your "network edge" then remove the access list for a minute and see if you can ping the other end of your tunnel, just to eliminate the access list as a possible problem.
All of this assumes that your tunnel is configured on your routers external ethernet interface.
Hope this helps.
Gerry
Cisco, tunnel problem
Carmen Sandiego on Tuesday, 20 June 2006 11:42:13
Hi,
thanks for your answer.
The "Still I am not getting any response on ipv6 ping on the PoPs side - 2001:16D8:FF00:EB::2" was a typo, should have been 2001:16D8:FF00:EB::1
Yes, my cisco is on the network edge and I've tried removing the IPv4 access-list on my external interface, no luck.
The tunnel source is the IP-address of my external interface.
The strange thing is that I successfully set up IPv6 tunnels to other brokers like
Hurricane - http://www.tunnelbroker.net/
BT Exact - https://tb.ipv6.btexact.com/
Still I much rather go for sixxs as I could use a local PoP.
Regards
Mathias
Cisco, tunnel problem
Carmen Sandiego on Tuesday, 20 June 2006 20:32:39
Also, I did some debuging when ipv6 pinging 2001:16D8:FF00:EB::1 (PoP) from my router 2001:16D8:FF00:EB::2
Everything seems ok....but still no answer.
Jun 20 20:28:35 10.254.254.17 2773 87 [local0.debug] 2773: 2257900: *May 4 21:01:58.886 PCTime: IPv6: SAS picked source 2001:16D8:FF00:EB::2 for 2001:16D8:FF00:EB::1 (Tunnel0)
Jun 20 20:28:35 10.254.254.17 2774 87 [local0.debug] 2774: 2257901: *May 4 21:01:58.886 PCTime: IPV6: source 2001:16D8:FF00:EB::2 (local)
Jun 20 20:28:35 10.254.254.17 2777 87 [local0.debug] 2777: 2257904: *May 4 21:01:58.886 PCTime: IPv6: Sending on Tunnel0
Jun 20 20:28:35 10.254.254.17 2778 87 [local0.debug] 2778: 2257905: *May 4 21:01:58.886 PCTime: Tunnel0: IPv6/IP encapsulated X.X.X.X->82.95.56.14 (linktype=79, len=120)
Regards
Mathias
Cisco, tunnel problem
![[de]](/s/countries/de.gif) Shadow Hawkins on Tuesday, 04 July 2006 23:52:51
I've got the same problem with a Cisco 1720 using IOS "Version 12.3(19), RELEASE SOFTWARE (fc2)". Configuration is the same, just different endpoints and tunnel source/destination addresses. Strangely I can use the same tunnel with exactly the same configuration on a Cisco 1605 with IOS "Version 12.3(18), RELEASE SOFTWARE (fc3)".
I can ping the local IPv6 endpoint address from clients in my LAN, I cannot ping the POP IPv6 endpoint address from any machine. I noticed that if I ping an active IPv6 address inside my subnet from an external location the ICMP6 Packet enters through the tunnel, is sent to the correct machine, the answer is sent back to the Cisco router and the router routes, encapsulates and sends it through the tunnel - but it never reaches its destination. As if some IOS versions did the encapsulation wrong...
Cisco, tunnel problem
Carmen Sandiego on Monday, 18 September 2006 22:06:53
Hello Mathias,
if your problem's not solved yet, try to configure your tunnel source directive properly, aka "tunnel source Dialer1". Perhaps this may help.
:wq! PoC
Cisco, tunnel problem
Shadow Hawkins on Monday, 16 June 2008 16:23:20
"tunnel source Dialer1" would only be correct, if there is an Interface
"Dialer1" ... Just mention it, because on my Cisco 877, there ist no such
interface, because i have a line with "ip over ATM" as described in RFC1483
with static IPv4 address.
Cisco, tunnel problem
Shadow Hawkins on Monday, 16 June 2008 20:58:20
Do you have a line "ipv6 unicast-routing" in your configuration?
If not, try to add this line to your configuration.
|
Posting is only allowed when you are