SixXS::Sunset 2017-06-06

Heartbeat Issue
[de] Shadow Hawkins on Thursday, 17 November 2011 09:46:20
Hello, I have a Cisco router 1841 (IOS 15.1(4)M) which uses tcl scripting to send the heartbeats every 60 sec. But I came to a conclusion that this heartbeats are not working. When my Internet connection reconnects, I cannot ping any IPv6 address. Then I have to start the windows utility to start the hearbeats and in a minute or less the connection is UP. when the connection is UP, disabling the windows utility does not disconnect the connection. I then assumed that the time stamps are not accurate (more than 120 sec) in the Cisco router but that was not the case as far as the debugs told me. Then I checked the md5 value for the password and it was also exact the same as the one which AICCU client produced. So im interested to know where and how the problem could be. anyway I can solve this mystery with AICCU. But curious to know why. Thanks in advance... Sooraj ;)
Heartbeat Issue
[ch] Jeroen Massar SixXS Staff on Thursday, 17 November 2011 09:52:53
Can you show the running configuration of the tunnel before, thus when it works, and after, thus when it does not any more? I would not be surprised if your IP address changes and the local tunnel endpoint doesn't get updated. If that is the case you could try to not have a local address or at least base the local address on the interface or lasty, update the TCL script to detect this and change the local address. Greets, Jeroen
Heartbeat Issue
[de] Shadow Hawkins on Thursday, 17 November 2011 23:57:44
If that is the case you could try to not have a local address or at least base the local address on the interface or lasty, update the TCL script to detect this and change the local address.
I read this sentence many times... but frankly i did not understand. what i did not understand is... the term LOCAL ADDRESS. so let me think ... i double checked the traffic going out from the AICCU client and the one generated by the tcl script and they are the same from the point of view of the udp payload. The difference is that the AICCU client is behind NAT and the tcl scripter (1841) has a public address. as far as u know... and saw that the IPv4 address is not included in the heartbeat payload when it is transmitted... so then the question arises ... old ipv4 source address = X new ipv4 source address = Y do u think that the tcl script sends the udp packet with an address of X even if the current address is Y? thanks and sorry that u have to also take time to understand me :) Sooraj ;)
Heartbeat Issue
[ch] Jeroen Massar SixXS Staff on Friday, 18 November 2011 12:08:42
what i did not understand is... the term LOCAL ADDRESS.
The IPv4 or IPv6 address on the local (your) side of the tunnel. In this case I mean with local address the one you configure as "tunnel source".
do u think that the tcl script sends the udp packet with an address of X even if the current address is Y?
That could also be the case. The simple thing you need to check is simply if the local address (tunnel source) has changed. Thus the public address that you have towards the internet. Showing before and after packet dumps and configuration would help a lot here as then it could likely be pointed out what goes wrong.
Heartbeat Issue
[de] Shadow Hawkins on Friday, 18 November 2011 17:11:52
interface Tunnel66 no ip address ipv6 address 2001:4DD0:FF00:C11::2/64 ipv6 enable tunnel source Dialer1 tunnel mode ipv6ip tunnel destination 78.35.24.124 end interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer idle-timeout 0 dialer persistent ppp authentication chap callin ppp chap hostname DELETED ppp chap password 0 DELETED end
The IPv4 address (local address) is changed each time i reconnect from my ISP. In my setup the AICCU software is installed on a computer, which is using RFC 1918 address, this is then translated to the address of the dialer.
> do u think that the tcl script sends the udp packet with an address of X even if the current address is Y? That could also be the case.
do u think that IOS can send a packet with a source address of X when it never has an interface with address of X? with my limited knowledge, i think no it cannot unless NATed.
Heartbeat Issue
[ch] Jeroen Massar SixXS Staff on Friday, 18 November 2011 17:16:53
tunnel source Dialer1
If that is there then it should work with changing IPs. But, the only way to see that for sure is to check the running configuration aka looking at one of the many 'show' commands, eg 'show interfaces Dialer1" and "show interfaces Tunnel66" should show you what is currently configured.
do u think that IOS can send a packet with a source address of X when it never has an interface with address of X? with my limited knowledge, i think no it cannot unless NATed.
Lots of OSs try that, I would not be surprised if it would. Only way to determine this is to grab packets of the link. PS: you might want to check what the MTU of your tunnel interface is.
Heartbeat Issue
[de] Shadow Hawkins on Friday, 18 November 2011 18:03:33
one thing what i found is... the tcl script send the udp packet to destination of 3741. so i changed it back to 3740... but still it does not work ... i think so to make things easier .... im going to stop the AICCU software and just use the tcl script... with the hope that u could see the heartbeats which my router sends.
Heartbeat Issue
[de] Shadow Hawkins on Friday, 18 November 2011 18:08:14
SO now at 18:04 i cleared the dialer interface to change the ip. the AICCU sw is also disabled on the pc. just the tcl script runs now. in the debug i can see that it uses the correct destination udp port. so whats now :( im using ipv4 to write this post
Heartbeat Issue
[de] Shadow Hawkins on Friday, 18 November 2011 18:31:41
at 18:31I started the AICCU sw and the ipv6 is up... strange
Heartbeat Issue
[ch] Jeroen Massar SixXS Staff on Friday, 18 November 2011 21:44:20
Sounds to me that your TCL script on the cisco does not work. Did you make sure that your IOS supports UDP packets, as there was a specific IOS version needed for that.
Heartbeat Issue
[de] Shadow Hawkins on Friday, 18 November 2011 22:44:13
*Nov 18 18:16:02: IP: s=85.180.105.61 (local), d=78.35.24.124 (Dialer1), len 118, output feature *Nov 18 18:16:02: UDP src=59297, dst=3740 EEA03E10: 45000076 00000000 E..v.... EEA03E20: FF1195E6 55B4693D 4E23187C E7A10E9C ...fU4i=N#.|g!.. EEA03E30: 006268E5 48454152 54424541 54205455 .bheHEARTBEAT TU EEA03E40: 4E4E454C 20323030 313A3464 64303A66 NNEL 2001:4dd0:f EEA03E50: 6630303A 6331313A 3A322073 656E6465 f00:c11::2 sende EEA03E60: 72203133 32313633 36353030 20393935 r 1321636500 995 EEA03E70: 61376634 64666639 66383662 64323837 a7f4dff9f86bd287 EEA03E80: 38616363 36333931 38626633 370A 8acc63918bf37. , Dialer idle reset(84), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
this is the capture of what the router generated
*Nov 18 21:06:33: IP: s=192.168.1.200 (FastEthernet0/0), d=78.35.24.124, len 117, input feature *Nov 18 21:06:33: UDP src=60459, dst=3740 EEA04480: 0025 8446DAD0 .%.FZP EEA04490: 0219D15F A67E0800 45000075 076A0000 ..Q_&~..E..u.j.. EEA044A0: 7F110AFF C0A801C8 4E23187C EC2B0E9C ....@(.HN#.|l+.. EEA044B0: 00616245 48454152 54424541 54205455 .abEHEARTBEAT TU EEA044C0: 4E4E454C 20323030 313A3464 64303A66 NNEL 2001:4dd0:f EEA044D0: 6630303A 6331313A 3A322073 656E6465 f00:c11::2 sende EEA044E0: 72203133 32313634 36383232 20353235 r 1321646822 525 EEA044F0: 63303639 34346635 36383433 37323637 c06944f568437267 EEA04500: 36353264 35373861 34333362 66 652d578a433bf , MCI Check(80), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE *Nov 18 21:06:33: FIBipv4-packet-proc: route packet from FastEthernet0/0 src 192.168.1.200 dst 78.35.24.124 *Nov 18 21:06:33: FIBfwd-proc: packet routed by adj to Dialer1 0.0.0.0 *Nov 18 21:06:33: FIBipv4-packet-proc: packet routing succeeded *Nov 18 21:06:33: IP: s=85.180.100.208 (FastEthernet0/0), d=78.35.24.124 (Dialer1), len 117, output feature *Nov 18 21:06:33: UDP src=60459, dst=3740 EEA04480: 0025 8446DAD0 .%.FZP EEA04490: 0219D15F A67E0800 45000075 076A0000 ..Q_&~..E..u.j.. EEA044A0: 7F1112EB 55B464D0 4E23187C EC2B0E9C ...kU4dPN#.|l+.. EEA044B0: 00616A31 48454152 54424541 54205455 .aj1HEARTBEAT TU EEA044C0: 4E4E454C 20323030 313A3464 64303A66 NNEL 2001:4dd0:f EEA044D0: 6630303A 6331313A 3A322073 656E6465 f00:c11::2 sende EEA044E0: 72203133 32313634 36383232 20353235 r 1321646822 525 EEA044F0: 63303639 34346635 36383433 37323637 c06944f568437267 EEA04500: 36353264 35373861 34333362 66 652d578a433bf , Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE *Nov 18 21:06:33: IP: s=85.180.100.208 (FastEthernet0/0), d=78.35.24.124 (Dialer1), len 117, output feature *Nov 18 21:06:33: UDP src=60459, dst=3740
and this is the transit packet generated by the AICCU sw. we can see that it comes from a 1918 address and then being translated. So i really do not understand this strange situation. once the AICCU software sends the initial HB and the tunnel gets up, the tcl script handles the case. to prove this ... i disabled AICCU sw on the computer. now if the HBs are not sent the tunnel must be down ... right so lets see if my POP can ping me... to make sure that no ipv6 packets are generated from the internal network (becuse of the assumption that this will act as a keepalive) im also going to disable the protocol on all devices other than the router. so if the tunnel gets down then the tcl has a problem ... but if it is UP then this is a mysterious mYsTeRy!
Heartbeat Issue
[de] Shadow Hawkins on Saturday, 19 November 2011 06:18:43
THE TUNNEL WAS UP THE WHOLE NIGHT
Heartbeat Issue
[de] Shadow Hawkins on Saturday, 19 November 2011 07:58:46
does the heartbeat have to work for the tunnel to be alive? i disabled the tcl script and the AICCU sw on the computer for about an hour ... but still until now the tunnel is UP. sometimes things are strange, strange enough to attract interest ;)
Heartbeat Issue
[ch] Jeroen Massar SixXS Staff on Saturday, 19 November 2011 12:30:57
does the heartbeat have to work for the tunnel to be alive?
If no valid heartbeat packets are received on the PoP the tunnel is disabled. That is the whole point of heartbeat tunnels.
but still until now the tunnel is UP.
How do you define 'up'?
Heartbeat Issue
[de] Shadow Hawkins on Saturday, 19 November 2011 14:59:15
I thus define the tunnel is up :)
pArIchA#ping heise.de Translating "heise.de"...domain server (8.8.8.8) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2A02:2E0:3FE:100::8, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms *Nov 19 09:05:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 09:10:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 09:15:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 09:35:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 09:40:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 09:45:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 10:05:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 10:10:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 10:15:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 10:35:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 10:40:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 10:45:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 11:05:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 11:10:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 11:15:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 11:35:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 11:40:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 11:45:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 12:05:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 12:10:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 12:15:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 12:35:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 12:40:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 12:45:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 13:05:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 13:10:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 13:15:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 13:35:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 13:40:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 13:45:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 14:05:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 14:10:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 14:15:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 14:35:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets *Nov 19 14:40:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 6 packets *Nov 19 14:45:16: %IPV6_ACL-6-ACCESSLOGDP: list METER_ICMP/20 permitted icmpv6 2001:4DD0:1234:3::42 -> 2001:4DD0:FF00:C11::2 (128/0), 2 packets c:\>tracert heise.de Tracing route to heise.de [2a02:2e0:3fe:100::8] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 2001:4dd0:ff00:8c11::250 2 32 ms 31 ms 31 ms gw-3090.cgn-01.de.sixxs.net [2001:4dd0:ff00:c11::1] 3 33 ms 35 ms 31 ms 2001:4dd0:1234:3::42 4 31 ms 32 ms 31 ms 2001:4dd0:1234:3::42 5 32 ms 32 ms 32 ms core-eup2-ge1-22.netcologne.de [2001:4dd0:1234:3:dc40::a] 6 32 ms 35 ms 32 ms core-pg1-te4-3.netcologne.de [2001:4dd0:a2b:1d:dc10::1] 7 123 ms 203 ms 208 ms rtint3-te1-4.netcologne.de [2001:4dd0:a2b:8:dc10::b] 8 32 ms 33 ms 32 ms gi1-15.c1.d.de.plusline.net [2001:7f8:8::3012:0:1] 9 38 ms 36 ms 35 ms 2a02:2e0:20:0:c::1 10 35 ms 36 ms 35 ms 2a02:2e0:10:1:c::2 11 36 ms 35 ms 36 ms te6-2.c13.f.de.plusline.net [2a02:2e0:1::22] 12 36 ms 35 ms 35 ms redirector.heise.de [2a02:2e0:3fe:100::8] Trace complete.
even NOW at this SECOND from my knowledge no heartbeats are sent from my side!!! so please can u verify that u receive any HBs?
Heartbeat Issue
[de] Shadow Hawkins on Thursday, 24 November 2011 17:26:09
If no valid heartbeat packets are received on the PoP the tunnel is disabled. That is the whole point of heartbeat tunnels.
From my practical experience this is not true. I would really like to hear a comment regarding this. I observed the following: When I connect to Internet and send no heartbeat, then it is not possible to ping any external IPv6 address. eg. ip from heise.de 2a02:2e0:3fe:100::8 Then I start the AICCU sw, it sends heartbeats, in a couple of seconds heise.de is pingable Now even if I disable AICCU, the pings WORK, until my IPv4 address changes.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker