subnet: not quite there yet
Shadow Hawkins on Monday, 31 March 2008 17:49:37
Hi all,
I can't seem to get my subnet working. The client (running Ubuntu) appears to getting a valid IPv6 lease and route, but I can't, for example, ping6 the relevant ethernet inferface on my server:
$ ping6 2001:610:645:3:2e0:4cff:fe43:c09a
PING 2001:610:645:3:2e0:4cff:fe43:c09a(2001:610:645:3:2e0:4cff:fe43:c09a) 56 data bytes
From 2001:610:645:3:20f:b0ff:fe99:41fb icmp_seq=1 Destination unreachable: Address unreachable
From 2001:610:645:3:20f:b0ff:fe99:41fb icmp_seq=2 Destination unreachable: Address unreachable
From 2001:610:645:3:20f:b0ff:fe99:41fb icmp_seq=3 Destination unreachable: Address unreachable
At this point, I don't have the foggiest idea where to look, what to try or even what information might be helpful to help debug the problem.
Suggestions anyone?
subnet: not quite there yet
Jeroen Massar on Monday, 31 March 2008 17:54:30
Well, 2001:610:645:3:20f:b0ff:fe99:41fb, which I guess is your router (or the localhost you are pinging from), is telling you that it can't send packets to 2001:610:645:3:2e0:4cff:fe43:c09a
Most important thing, is to start looking at your routing tables.
See the Contact page's "Reporting Problems Checklist". That checklist goes through the most common issues that might occur and where to look for problems.
Most likely you have a routing issue, or you are just trying to reach the wrong address in the first place.
Also: the more information you look at the better, and you will actually learn something from it in the process.
subnet: not quite there yet
Shadow Hawkins on Monday, 31 March 2008 20:12:41
On which node are you running that ping ?
What IP does it how ? How did it get it ?
What is the IP address(es) of the router ?
More info, more help ;)
subnet: not quite there yet
Shadow Hawkins on Monday, 31 March 2008 23:20:58
I've been assigned this subnet: 2001:610:645::/48
The three internal network interfaces on my FreeBSD box I configure for rtadvd like this:
$ cat /etc/rtadvd.conf
rl0:\
:addrs#1:addr="2001:610:645:1::":prefixlen#64:tc=ether:
rl1:\
:addrs#1:addr="2001:610:645:2::":prefixlen#64:tc=ether:
ath0:\
:addrs#1:addr="2001:610:645:3::":prefixlen#64:tc=ether:
The fourth NIC, facing the WAN, I has my tunnel endpoint IP:
$ ifconfig fxp0 | grep inet6
inet6 fe80::202:55ff:feeb:6e65%fxp0 prefixlen 64 scopeid 0x1
inet6 2001:610:600:46e::2 prefixlen 64
FWIW, here is my GIF tunnel, which works fine:
$ ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 78.27.18.102 --> 192.87.102.107
inet6 2001:610:600:46e::2 --> 2001:610:600:46e::1 prefixlen 128
inet6 fe80::202:55ff:feeb:6e65%gif0 prefixlen 64 scopeid 0x7
Now, on my Ubuntu client, this is what it gets via dhcp:
$ ifconfig | grep inet6
inet6 addr: 2001:610:645:3:20f:b0ff:fe99:41fb/64 Scope:Global
inet6 addr: fe80::20f:b0ff:fe99:41fb/64 Scope:Link
inet6 addr: ::1/128 Scope:Host
Here is the routing table:
$ route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 1 10 lo
2001:610:645:3:20f:b0ff:fe99:41fb/128 :: Un 0 1 0 lo
2001:610:645:3::/64 :: UAe 256 0 20 eth0
fe80::20f:b0ff:fe99:41fb/128 :: Un 0 1 0 lo
fe80::/64 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth0
::/0 fe80::2e0:4cff:fe43:c09a UGDAe 1024 0 1 eth0
::/0 :: !n -1 1 1 lo
Does anything catch anyone's eye?
TIA
subnet: not quite there yet
Jeroen Massar on Tuesday, 01 April 2008 00:06:20 ::/0 fe80::2e0:4cff:fe43:c09a UGDAe 1024 0 1 eth0 ::/0 :: !n -1 1 1 lo
Two defaults, with one going to the blackhole. Remove the one over lo.
Of course, also check that you have forwarding enabled. (See sysctl -a ...)
subnet: not quite there yet
Shadow Hawkins on Tuesday, 01 April 2008 21:18:03 ::/0 :: !n -1 1 1 lo
Two defaults, with one going to the blackhole. Remove the one over lo. Of course, also check that you have forwarding enabled. (See sysctl -a ...)
Yes I did that already.
Thanks for your help.
subnet: not quite there yet
Shadow Hawkins on Tuesday, 01 April 2008 17:30:17
1.) do not configure anything on hosts, they must work automatically
2.) current aicc has a bug, until the new version is available, the workaround is to stop aicc and the start it again
3.) what is this GIF thing ? Are you running it at the same time as the sixxs tunnel ?
4.) posting complete config (of the router) would help more:
- complete output of "ifconfig" (when sixxs tunnel is running)
- aicc.conf (do not post you password !)
- routing table
Basicaly this is what should have been done to make subnets work:
- client : no setup needed (except enabling IPv6)
- router : 1) rtadvd.conf
2) each nic mentioned in rtadvd.conf must have an inet6 address from its subnet. If this does not happen automatically, add them manually.
subnet: not quite there yet
Shadow Hawkins on Tuesday, 01 April 2008 21:31:22 3.) what is this GIF thing ? Are you running it at the same time as the sixxs tunnel ?
GIF is the BSD Generic Tunneling interface; this is the 6-in-4 tuunel. See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ipv6.html
4.) posting complete config (of the router) would help more: - complete output of "ifconfig" (when sixxs tunnel is running)
OK, here it is:
$ ifconfig
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:02:55:eb:6e:65
inet6 fe80::202:55ff:feeb:6e65%fxp0 prefixlen 64 scopeid 0x1
inet 78.27.18.102 netmask 0xff000000 broadcast 78.255.255.255
inet6 2001:610:600:46e::2 prefixlen 64
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:19:e0:11:f8:8d
inet6 fe80::219:e0ff:fe11:f88d%rl0 prefixlen 64 scopeid 0x2
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2001:610:645:3:219:e0ff:fe11:f88d prefixlen 64 autoconf
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
ath0: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC> metric 0 mtu 1500
ether 00:19:e0:8d:d5:1d
inet6 fe80::219:e0ff:fe8d:d51d%ath0 prefixlen 64 scopeid 0x3
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet6 2001:610:645:3:219:e0ff:fe8d:d51d prefixlen 64 autoconf
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: associated
ssid venus channel 9 (2452 Mhz 11g) bssid 00:19:e0:8d:d5:1d
authmode OPEN privacy OFF txpower 31.5 scanvalid 60 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5
protmode CTS burst dtimperiod 1
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:e0:4c:43:c0:9a
inet6 fe80::2e0:4cff:fe43:c09a%rl1 prefixlen 64 scopeid 0x4
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
inet6 2001:610:645:3:2e0:4cff:fe43:c09a prefixlen 64 autoconf
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 78.27.18.102 --> 192.87.102.107
inet6 2001:610:600:46e::2 --> 2001:610:600:46e::1 prefixlen 128
inet6 fe80::202:55ff:feeb:6e65%gif0 prefixlen 64 scopeid 0x7
- aicc.conf (do not post you password !)
$ cat /usr/local/etc/aiccu.conf
# AICCU Configuration
#
# 21 Feb 2008
# Login information
username CBB3-SIXXS
password ***********
# Interface names to use
# ipv6_interface is the name of the interface that will be used as a tunnel interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface gif0
# The tunnel_id to use
# (only required when there are multiple tunnels in the list)
#tunnel_id Txxxx
# Be verbose?
verbose true
# Daemonize?
daemonize true
# Automatic Login and Tunnel activation?
automatic true
# Require TLS?
requiretls false
- routing table $ netstat -r -f inet6
Routing tables
Internet6:
Destination Gateway Flags Netif Expire
:: localhost UGRS lo0 =>
default gw-1135.ams-05.nl. UGS gif0
localhost localhost UHL lo0
::ffff:0.0.0.0 localhost UGRS lo0
gw-1135.ams-05.nl. link#7 UHL gif0
cl-1135.ams-05.nl. 00:02:55:eb:6e:65 UHL lo0
2001:610:645:3:: link#3 UC ath0
2001:610:645:3:219 00:19:e0:11:f8:8d UHL lo0
2001:610:645:3:219 00:19:e0:8d:d5:1d UHL lo0
2001:610:645:3:2e0 00:e0:4c:43:c0:9a UHL lo0
fe80:: localhost UGRS lo0
fe80::%fxp0 link#1 UC fxp0
fe80::202:55ff:fee 00:02:55:eb:6e:65 UHL lo0
fe80::%rl0 link#2 UC rl0
fe80::219:e0ff:fe1 00:19:e0:11:f8:8d UHL lo0
fe80::%ath0 link#3 UC ath0
fe80::219:e0ff:fe8 00:19:e0:8d:d5:1d UHL lo0
fe80::%rl1 link#4 UC rl1
fe80::2e0:4cff:fe4 00:e0:4c:43:c0:9a UHL lo0
fe80::%lo0 fe80::1%lo0 U lo0
fe80::1%lo0 link#5 UHL lo0
fe80::%gif0 link#1 UC fxp0
fe80::202:55ff:fee link#7 UHL lo0
ff01:1:: link#1 UC fxp0
ff01:2:: link#2 UC rl0
ff01:3:: link#3 UC ath0
ff01:4:: link#4 UC rl1
ff01:5:: localhost UC lo0
ff01:7:: link#1 UC fxp0
ff02:: localhost UGRS lo0
ff02::%fxp0 link#1 UC fxp0
ff02::%rl0 link#2 UC rl0
ff02::%ath0 link#3 UC ath0
ff02::%rl1 link#4 UC rl1
ff02::%lo0 localhost UC lo0
ff02::%gif0 link#1 UC fxp0
subnet: not quite there yet
Jeroen Massar on Tuesday, 01 April 2008 21:38:14
What does: "inet6 2001:610:600:46e::2 prefixlen 64" do on fxp0? That definitely is a tunnel address and should only exist on your tunnel.
2001:610:645:3:219:e0ff:fe11:f88d/64 on rl0
2001:610:645:3:219:e0ff:fe8d:d51d/64 on ath0
2001:610:645:3:2e0:4cff:fe43:c09a/64 on rl1
Unless those interfaces in some kind of bridge that definitely is wrong.
use 2001:610:645:xxxx:..../64 per interface xxxx indeed means hex and means you have 65536 combinations to use.
Strangely enough you only have:
2001:610:645:3:: link#3 UC ath0 2001:610:645:3:219 00:19:e0:11:f8:8d UHL lo0 2001:610:645:3:219 00:19:e0:8d:d5:1d UHL lo0 2001:610:645:3:2e0 00:e0:4c:43:c0:9a UHL lo0
Thus for some weird reason the 2001:610:645:3::/64 only exists on ath0.
Clean up your routing and interfaces, that will help a lot.
Btw, when listing things like routes, interfaces and firewall entries, use '-n' or the equivalent option for numeric to avoid resolving hostnames as it makes it unclear what is really what.
subnet: not quite there yet
Shadow Hawkins on Tuesday, 21 October 2008 16:02:37
Hi,
I have exactly the same problem, my tunnel works (IPv6-in-IPv4), but i can't ping my addresses.
I have a Ubuntu 8.04 box running and this is my subnet:
IPv6 Them2001:7b8:2ff:23d::2 (T17131)
Prefix2001:7b8:3b3::/48
First my ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:48:86:0b:26
inet addr:85.92.128.48 Bcast:85.92.128.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe86:b26/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12558 errors:0 dropped:0 overruns:0 frame:0
TX packets:1511 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2628383 (2.5 MB) TX bytes:1567182 (1.4 MB)
Interrupt:16
eth1 Link encap:Ethernet HWaddr 00:30:48:86:0b:27
inet6 addr: 2001:7b8:3b3::1/64 Scope:Global
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:165 errors:0 dropped:0 overruns:0 frame:0
TX packets:165 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17455 (17.0 KB) TX bytes:17455 (17.0 KB)
sixxs Link encap:IPv6-in-IPv4
inet6 addr: 2001:7b8:2ff:23d::2/64 Scope:Global
inet6 addr: fe80::555c:8030/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:304 (304.0 B) TX bytes:0 (0.0 B)
I can ping IPv6 addresses like ipv6.google.com, that is working fine.
Now i added my subnet to my eth1 wich is not connected to a network at the moment, but when the routing works i want to start testing some Cisco equipment behind it.
When i try to ping the address on eth1, i get:
PING 2001:7b8:3b3::1(2001:7b8:3b3::1) 56 data bytes
From 2001:7b8:2ff:23d::2 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:7b8:2ff:23d::2 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:7b8:2ff:23d::2 icmp_seq=3 Destination unreachable: Address unreachable
I get a response back from my tunnel?
So i checked my IPv6 routing table and it looks like this:
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:7b8:2ff:23d::/64 :: Un 256 0 1 sixxs
2001:7b8:3b3::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: Un 256 0 0 sixxs
fe80::/64 :: U 256 0 0 eth1
::/0 2001:7b8:2ff:23d::1 UG 1024 0 0 sixxs
::/0 :: !n -1 1 10 lo
::1/128 :: Un 0 1 10 lo
2001:7b8:2ff:23d::/128 :: Un 0 2 0 lo
2001:7b8:2ff:23d::2/128 :: Un 0 1 12 lo
fe80::/128 :: Un 0 2 0 lo
fe80::/128 :: Un 0 2 0 lo
fe80::555c:8030/128 :: Un 0 1 0 lo
fe80::230:48ff:fe86:b26/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 sixxs
ff00::/8 :: U 256 0 0 eth1
::/0 :: !n -1 1 10 lo
I also have a default route into lo, wich is pretty strange.
I have forwarding enabled on my router in /proc
When i ping my address on eth1, the "hitcount" on the route to lo goes up, so the kernel seems to route it all into a blackhole, why!?
To make the post complete, my interfaces file:
auto eth0
iface eth0 inet static
address 85.92.128.48
netmask 255.255.255.0
gateway 85.92.128.4
auto sixxs
iface sixxs inet6 v4tunnel
address 2001:7b8:2ff:23d::2
netmask 64
endpoint 193.109.122.244
ttl 64
up ip link set mtu 1280 dev sixxs
up ip route add default via 2001:7b8:2ff:23d::1 dev sixxs
iface eth1 inet6 static
address 2001:7b8:3b3:0::1
netmask 64
This seems to me like a valid configuration?
What is going wrong here?
subnet: not quite there yet
Jeroen Massar on Tuesday, 21 October 2008 17:15:02 eth1 Link encap:Ethernet HWaddr 00:30:48:86:0b:27 inet6 addr: 2001:7b8:3b3::1/64 Scope:Global UP BROADCAST MULTICAST MTU:1500 Metric:1
The interface is not in RUNNING state, thus no packets will go there. Plug it in and it should work. Your tunnel is on the default route, thus that one is chosen for outbound packets, and then you get replies from it.
The defaults to 'lo' are marked with !n, thus they are backups for when there is no default. Use 'ip -6 ro sho' to see a full table. Also try 'ip -6 ro get 2001:7b8:3b3::1' to get the entry that gets chosen for that destination.
auto sixxs iface sixxs inet6 v4tunnel address 2001:7b8:2ff:23d::2 netmask 64 endpoint 193.109.122.244 ttl 64 up ip link set mtu 1280 dev sixxs up ip route add default via 2001:7b8:2ff:23d::1 dev sixxs
works, but that should be:
up ip -6 route add default via 2001:7b8:2ff:23d::1 dev sixxs
Posting is only allowed when you are logged in. |