|
Unable to route out SixXS Tunnel
![[us]](/s/countries/us.gif) Carmen Sandiego on Monday, 17 September 2007 13:23:01
HI all,
I seem to be unable to route out the SixXS Tunnel on a Cisco 2620, however another tunnel is working correctly with Hurricane Electric.
I seem to be reachable from SixXS traceroute utility but im just unable to go out it seems. Can anyone see if I have something wrong here?
Output from SixXS trace to me:
IPv6 traceroute
IPv6 traceroute from usewr01.sixxs.net @ OCCAID Inc., AS30071 to 2001:4830:1600:c7::2 :
Hop Node Loss% Sent Last Avg Best Worst StDev ASN Organisation
1. 2001:4830:e2:29::1 0.0% 5 0.9 0.9 0.8 1.0 0.1 [.us] United States 30071 TowardEX Technologies Network
bbr01-g0-3.nwrk01.occaid.net.
2. 2001:4830:ff:f150::2 0.0% 5 6.6 6.6 6.5 6.7 0.1 [.us] United States 30071 TowardEX Technologies Network
bbr01-g1-0.asbn01.occaid.net.
3. 2001:504:0:2:0:3:3437:1 0.0% 5 7.2 7.2 7.1 7.2 0.1 [.us] United States EQUINIX-IX-V6
equi6ix.dc.hotnic.net.
4. 2001:4830:e6:7::2 0.0% 5 7.7 7.6 7.4 7.7 0.1 [.us] United States 30071 TowardEX Technologies Network
sixxs-asbnva-gw.customer.occaid.net.
5. 2001:4830:1600:c7::2 0.0% 5 101.4 101.1 100.7 101.6 0.4 [.us] United States 30071 OCCAID Inc.
cl-200.qas-01.us.sixxs.net.
Attempt to trace out from router to SixXS after setting rout to go over tunnel 2
The route was added because all attempts to reach it were being router thru Hurricane Electric.
MQE-CR-01(config)#ipv6 route 2001:4830:e6:7::2/64 tunnel 2
MQE-CR-01(config)#^Z
MQE-CR-01#traceroute ipv6 2001:4830:e6:7::2
Type escape sequence to abort.
Tracing the route to 2001:4830:E6:7::2
1 * * *
2 * * *
3 * * *
4 * * *
5 * *
Attempts to ping the endpoint:
MQE-CR-01#ping ipv6 2001:4830:1600:C7::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:4830:1600:C7::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Tunnel Configuration:
interface Tunnel2
description IPv6 uplink to SixXS
no ip address
keepalive 10 3
ipv6 address 2001:4830:1600:C7::2/64
ipv6 enable
tunnel source 64.242.192.1
tunnel destination 66.117.47.228
tunnel mode ipv6ip
!
Static Routes:
ipv6 route 2001:4830:E6:7::/64 Tunnel2
ipv6 route 2001:4830:1100::/40 Tunnel2
ipv6 route 2001:4830:1200::/40 Tunnel2
ipv6 route 2001:4830:1500::/40 Tunnel2
ipv6 route 2001:4830:1600::/40 Tunnel2
ipv6 route 2000::/3 2001:4830:1600:C7::1
ipv6 route ::/0 Tunnel0
Tunnel0 is Hurricane Electric... Attempts to set ::/0 to use Tunnel2 also fail.
MQE-CR-01#sh ipv6 route static
IPv6 Routing Table - 859 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
Timers: Uptime/Expires
S 2001:4830:E6:7::/64 [1/0]
via ::, Tunnel2, 00:11:51/never
S 2001:4830:1100::/40 [1/0]
via ::, Tunnel2, 02:55:41/never
S 2001:4830:1200::/40 [1/0]
via ::, Tunnel2, 02:55:14/never
S 2001:4830:1500::/40 [1/0]
via ::, Tunnel2, 02:55:25/never
S 2001:4830:1600::/40 [1/0]
via ::, Tunnel2, 02:55:02/never
S 2000::/3 [1/0]
via 2001:4830:1600:C7::1, Null, 03:18:08/never
S ::/0 [1/0]
via ::, Tunnel0, 02:45:14/never
I do receive the full IPv6 routing table from Hurricane Electric if that makes a difference, but I wouldnt think it would since I have the static routes in place. Please correct me if I am wrong though.
MQE-CR-01#sh ipv6 route 2001:4830:1600:C7::1
IPv6 Routing Table - 859 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
Timers: Uptime/Expires
C 2001:4830:1600:C7::/64 [0/0]
via ::, Tunnel2, 03:38:45/never
The only thing that I notice offhand that might be an issue is that Tunnel 2 has an MTU of 1514 and SixXS uses 1280, However SixXS wont allow me to set 1514 and Cisco refuses to allow me to set 1280 so I dont know what to do with that.
Tunnel2 is up, line protocol is up
Hardware is Tunnel
Description: IPv6 uplink to SixXS
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec), retries 3
Tunnel source 64.242.192.1, destination 66.117.47.228
Tunnel protocol/transport IPv6/IP, key disabled, sequencing disabled
Tunnel TTL 255
Checksumming of packets disabled
Last input 00:08:28, output 00:05:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
235 packets input, 28708 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
990 packets output, 366152 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
MQE-CR-01#conf t
Enter configuration commands, one per line. End with CNTL/Z.
MQE-CR-01(config)#int tunnel 2
MQE-CR-01(config-if)#mtu 1280
% Interface Tunnel2 does not support adjustable maximum datagram size
Any input would be appreciated.
Thanks,
Unable to route out SixXS Tunnel
Try reading the FAQ: Transit / I have some other tunnels and now it doesn't work
An MTU of 1514 is impossible, as default Ethernet only carries 1500 and 1280 is the minimum IPv6 packet size, as such inclusive between 1280 and 1500 is accepted.
If you have 1514 configured your setup is definitely broken.
Also you might want to change your tunnel TTL to 64 or something else sane.
See the FAQ which covers those questions.
Unable to route out SixXS Tunnel
Carmen Sandiego on Monday, 17 September 2007 13:37:15
Ill take a look at the FAQ, i must have missed it.
The MTU is the Cisco Default for Tunnel interfaces. I was able to set ipv6 mtu 1280 but that made no difference. The TTL setting was also the default setting.
Unable to route out SixXS Tunnel
Carmen Sandiego on Monday, 17 September 2007 14:42:23
The FAQ suggests using source routing which I would think the static routes would solve.
I did shutdown tunnel 0 and clear my bgp table just to test and eventhough sh ipv6 routes clearly say tunnel 2 no response is received from the POP
MQE-CR-01#sh ipv6 route
IPv6 Routing Table - 14 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
Timers: Uptime/Expires
L 2001:470:1F01:461::1/128 [0/0]
via ::, FastEthernet0/0, 1d11h/never
C 2001:470:1F01:461::/64 [0/0]
via ::, FastEthernet0/0, 1d11h/never
L 2001:470:1F03:1CD::2/128 [0/0]
via ::, Tunnel0, 00:51:23/never
C 2001:470:1F03:1CD::/64 [0/0]
via ::, Tunnel0, 00:51:26/never
S 2001:4830:E6:7::/64 [1/0]
via ::, Tunnel2, 01:31:00/never
S 2001:4830:1100::/40 [1/0]
via ::, Tunnel2, 04:14:50/never
S 2001:4830:1200::/40 [1/0]
via ::, Tunnel2, 04:14:23/never
S 2001:4830:1500::/40 [1/0]
via ::, Tunnel2, 04:14:34/never
L 2001:4830:1600:C7::2/128 [0/0]
via ::, Tunnel2, 04:55:47/never
C 2001:4830:1600:C7::/64 [0/0]
via ::, Tunnel2, 04:55:49/never
S 2001:4830:1600::/40 [1/0]
via ::, Tunnel2, 04:14:10/never
L FE80::/10 [0/0]
via ::, Null0, 7w0d/never
L FF00::/8 [0/0]
via ::, Null0, 7w0d/never
S ::/0 [1/0]
via ::, Tunnel0, 00:51:26/never
MQE-CR-01#clear ip bgp *
MQE-CR-01#ping ipv6 2001:4830:1600:C7::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:4830:1600:C7::1, timeout is 2 seconds:
..
Success rate is 0 percent (0/2)
MQE-CR-01#tracerou
MQE-CR-01#traceroute ipv6
Target IPv6 address: 2001:4830:1600:C7::1
Source IPv6 address: 2001:4830:1600:C7::2
Numeric display? [no]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [33434]:
Type escape sequence to abort.
Tracing the route to 2001:4830:1600:C7::1
1 * * *
2 * * *
3 * *
Unable to route out SixXS Tunnel
There are still a number of interfaces configured there which have nothing to do with SixXS and might be causing issues, most likely that is not the case though, but it might be.
Please check the "Reporting Problems" section on the site, check firewall settings, routing, tunnel configuration and the lot.
Which IOS version are you using btw?
"keepalive 10 3" on proto-41 tunnel makes no sense as there is nu such thing.
Unable to route out SixXS Tunnel
Carmen Sandiego on Monday, 17 September 2007 15:38:35
The IOS Version is 12.2(8)T5
I removed keepalive. Ill check the other interfaces more completely later today.
I did do shutdown on the other tunnel int as well as clear bgp and also tried setting default ::/0 to go thru tunnel 2 but it had no effect. I have no ipv6 specific ACL's
There are no errors or drops in the counters so I am not sure what the issue is.
I will take a look at the full config in more detail later and if I cant find anything I could create a ticket with all the details as well as the full router config if you think that would help.
Thanks
Unable to route out SixXS Tunnel
I mentioned checking the "Reporting Problems" list as it contains a list of items that one should check. Most likely in this case checking tcpdump is the best thing to try, to see if packets actually leave the box.
As for the failure/drop counters, they tend to be pretty much non-functional as there is no way to determine if packets get lost as there are no sequence numbers. ICMP is also far from reliable in measuring if something went wrong and if something went wrong what went wrong. Though a 'proto-41 unreachable' is of course pretty clear, if that actually gets counted is unknown.
Now when you have checked through that full list and are very very sure that your end of the tunnel is not the problem, thus is really sending tunneled packets outbound, then you might open a ticket.
But as the PoP is functioning perfectly fine for everybody else I really don't think that there is an issue on that side.
Unable to route out SixXS Tunnel
Carmen Sandiego on Tuesday, 18 September 2007 23:49:05
Just a followup this was related to the otehr tunnel being active. It apperantly had to have been using the wrong source address. i killed the other tunnel and now the one to SixXS works correctly. SixXS also has a lot less latency then HE.net's did.
Thanks ;)
|
![[ch]](/s/countries/ch.gif)
on Monday, 17 September 2007 13:34:38
Posting is only allowed when you are