Broken IPv6 conectivty with SixXS site
Shadow Hawkins on Sunday, 24 August 2008 08:53:07
Hi. Today I found I cannot access SixXS website via IPv6. Other websites such as ietf.org and ipv6.google.com work fine (and I have verified I connect with them using IPv6), but IPv6 connections to SixXS just time out (and no packet is send back in response)
Ping to www.m.sixxs.net [2001:838:1:1:210:dcff:fe20:7c7c] also timeouts. Are you also experiencing this issue or is it a problem on my configuration? It used to work some days ago...
I use Windows XP SP3, and neither the IPv6 firewall nor the IPv4 firewall are droping packets.
Regards
Javier
Broken IPv6 conectivty with SixXS site
Shadow Hawkins on Sunday, 24 August 2008 09:05:12
Note: the tunnel information page reads
Your IPv4: Heartbeat, currently unknown (Tunnel not configured on PoP)
but if I trace route to an IPv6 host, it pass through the SixXS tunnel
C:\>tracert ietf.org
Tracing route to ietf.org [2001:1890:1112:1::20]
over a maximum of 30 hops:
1 181 ms 181 ms 183 ms gw-298.ewr-01.us.sixxs.net [2001:4830:1200:129::1]
2 212 ms 183 ms 183 ms bbr01-g0-3.nwrk01.occaid.net [2001:4830:e2:29::1]
3 188 ms 187 ms 185 ms r1.mdtnj.ipv6.att.net [2001:4830:e2:2a::2]
4 270 ms 291 ms 271 ms 2001:1890:61:9017::2
5 270 ms 271 ms 287 ms mail.ietf.org [2001:1890:1112:1::20]
Trace complete.
Broken IPv6 conectivty with SixXS site
Shadow Hawkins on Sunday, 24 August 2008 09:30:43
(there should be an edit option)
C:\>tracert sixxs.net
Tracing route to sixxs.net [2001:838:1:1:210:dcff:fe20:7c7c]
over a maximum of 30 hops:
1 184 ms 183 ms 204 ms gw-298.ewr-01.us.sixxs.net [2001:4830:1200:129::1]
2 181 ms 183 ms 183 ms bbr01-g0-3.nwrk01.occaid.net [2001:4830:e2:29::1]
and the other hops timeout.
Broken IPv6 conectivty with SixXS site
Shadow Hawkins on Sunday, 24 August 2008 18:59:15
Hate to just add an 'me too' in here, but I've been having this problem for many months. It comes and goes. I can always ping the server, but about 80% of the time I can not connect to it via IPv6. I'm using Mac OS 10.5, and Firefox (2.x,3.0,and 3.1 a1) as well as Safari, haven't tried it on my Xp machine, but that I don't boot it very much.
Never really paid that much attention to it, because I just login here from work most of the time, anyway.
Would be interested in knowing what the issue it, though, if you figure it out.
Broken IPv6 conectivty with SixXS site
Shadow Hawkins on Sunday, 24 August 2008 19:31:23
Indeed, VERY rare: I did tracert SixXS and it failed, then I read your message and did tracert again and it worked. By the same time I started receiving pings from the remote end-point... all of this with no change in my configuration (my first though was that something was broken in my TCP stack, or my ISP started dropping too much packets, both hypothesis contradicts the failure being only with the SixXs site, but since I use few IPv6 maybe I didn't notice failures with other hosts).
Now I can browse SixXS via IPv6 and the heartbeat end-point was updated (it shouldn't have failed because I use heartbeat over IPv4). If it happens again I will submit a ticket (I don't know why but my problem is solved now :-)
Which I don't understand about your issue is that you can ping SixXS but only TCP fails (I assume you ping the IPv6 address). When you try to get SixXS via IPv6 and it fails, do you receive some packet and then the connection fails, or you don't receive any packet at all?
I'm very confused about what happened.
Regards
Javier
Broken IPv6 conectivty with SixXS site
Jeroen Massar on Sunday, 24 August 2008 19:37:35
It would be very useful if people reported problems by filing Tickets. Of course, do include proper traceroutes and other such details that are needed to determine/reproduce the problem, without that, there is no way to know what a problem might be.
Broken IPv6 conectivty with SixXS site
Shadow Hawkins on Monday, 25 August 2008 03:26:34
Well I never sniffed the traffic to be sure, but my browser (Firefox) would make it to 'Waiting for reply' most of the time, occationally it would say 'Loading data' then nothing would happen until the browser timed out.
So I'm assuming most of the time I never got anything, but occationally I got a small something then nothing.
If it keeps up I'll start ticketing it. I never saw anyone else mention it, and since only rarely come here anymore as my setup has been working perfectly (aside from this) since I got the subnet working, so I don't think about it being broken when I'm at home to look into it.
Broken IPv6 conectivty with SixXS site
Shadow Hawkins on Sunday, 24 August 2008 19:38:38
I was seeing this problem as well on multiple OS configurations, and have cured most machines (all except Ubuntu) by setting the appropriate MTU setting on the interface (or in my case, in the FreeBSD RTADVD configuration so that the router advertisements specify the correct MTU since I am using a subnet with multiple hosts)
For one reason or another automatic Path MTU detection did not work at all for me (even with no firewall in the way on any of my hosts)
See https://www.sixxs.net/faq/connectivity/?faq=mtu for information on MTU usage.
Since I am also of the curious sort, if anyone has an IPv6 connectivity problem to sixxs.net (but no other ipv6 website) that is NOT solved by setting appropriate MTU, lets continue to discuss so perhaps we can get to the bottom of the issue.
Please report specifics such as:
OS and patch level
sixxs tunnel type
MTU setting on host
MTU setting on sixxs.net tunnel configuration
tracepath6 to www.ipv6.sixxs.net (if utility is available)
For the more adventurous, a wireshark capture or tcpdump might be in order, and in all cases any firewall should be temporarily disabled/uninstalled as necessary to eliminate that variable.
Perhaps together we can figure out if there are any additional issues besides Path MTU detection not working very well.
---Dave H
Broken IPv6 conectivty with SixXS site
Jeroen Massar on Sunday, 24 August 2008 19:46:08 ... have cured most machines ... by setting the appropriate MTU setting on the interface ... so that the router advertisements specify the correct MTU
That is the wrong approach. You should set the upstream interface correctly.
What you are doing now is limiting the MTU on the local link, thus when hosts on the same link are talking to each other their MTU is also limited.
Thus, configure the upstream interface correctly, which, in your case most likely is your tunnel interface. And of course remember that both sides of the tunnel have the same MTU. For SixXS tunnels the default MTU is 1280, one can raise that in the configuration interface.
As for connectivity issues, report those by filing Tickets, that is where that interface is for.
Broken IPv6 conectivty with SixXS site
Shadow Hawkins on Sunday, 24 August 2008 22:56:49
Jeroen, I was going to report a ticket when it was "automagically" fixed. Now I think it would be a waste of (your) time to submit it because (fortunately) I cannot reproduce the problem.
Besides, I realize I didn't reset the computer and I didn't reset the router, though the problem fixed itself without performing any of this steps (???), but maybe these steps would have helped. Next time I will try those steps first, and I will submit a ticket if they doesn't solve the problem.
David, I'm attaching diagnostic information because my MTU is 1280.
OS and patch level: Windows XP 5.1.2600 (SP3)
sixxs tunnel type: heartbeat with custom client
MTU setting on sixxs.net tunnel configuration: 1280
> ipv6 rt
::/0 -> 2/::66.55.128.25 pref 1if+0=1 life infinite, publish, no aging (manual)
tracert and capture results (firewall was enabled, but the capture works in promiscuous mode and sees packets *before* the firewall)
In short, I only received packets (when doing tracert) from gw-298.ewr-01.us.sixxs.net and bbr01-g0-3.nwrk01.occaid.net
Note 1: most results are translated to English, then some words may not be the same as in a true English version of the OS.
Note 2: 192.168.123.252 is the DMZ host where I receive IPv6 tunneled traffic, 192.168.123.3 is my computer (from where I send tunneled traffic).
I rewrite incoming packets before they leave my computer, while outgoing packets are rewritten by the router. This way I don't set my private IP in DMZ (my router does not support protocol forwarding)
This setup had been working for one week with no problems (Yes, I know about AYIYA, but I wanted to try something else ;-).
When I couldn't trace the results were:
netsh interface ipv6 show interface
Ãnd Met MTU State Name
--- ---- ----- ------------ ------
4 2 1280 Disconnected Teredo Tunneling Pseudo-Interface
3 1 1280 Connected 6to4 Pseudo-Interface
2 1 1280 Conected Automatic Tunneling Pseudo-Interfac
1 0 1500 Connected Loopback Pseudo-Interface
> tracert sixxs.net
Tracing route to sixxs.net [2001:838:1:1:210:dcff:fe20:7c7c]
over a maximum of 30 hops:
1 184 ms 183 ms 204 ms gw-298.ewr-01.us.sixxs.net [2001:4830:1200:129::1]
2 181 ms 183 ms 183 ms bbr01-g0-3.nwrk01.occaid.net [2001:4830:e2:29::1]
3 * * * timeout
TIME TUNNEL-SRC TUNNEL-DST SRC DST HLIM PROTO PORT* ACTION
T042637.578 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 1 3a 128(0) SEND
T042637.765 66.55.128.25 192.168.123.252 2001:4830:1200:129::1 2001:4830:1200:129::2 64 3a 3(0) RECV
T042637.765 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 1 3a 128(0) SEND
T042637.937 66.55.128.25 192.168.123.252 2001:4830:1200:129::1 2001:4830:1200:129::2 64 3a 3(0) RECV
T042637.953 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 1 3a 128(0) SEND
T042638.125 66.55.128.25 192.168.123.252 2001:4830:1200:129::1 2001:4830:1200:129::2 64 3a 3(0) RECV
T042641.046 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 1 3a 128(0) SEND
T042641.218 66.55.128.25 192.168.123.252 2001:4830:1200:129::1 2001:4830:1200:129::2 64 3a 3(0) RECV
T042641.234 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 1 3a 128(0) SEND
T042641.406 66.55.128.25 192.168.123.252 2001:4830:1200:129::1 2001:4830:1200:129::2 64 3a 3(0) RECV
T042641.406 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 1 3a 128(0) SEND
T042641.609 66.55.128.25 192.168.123.252 2001:4830:1200:129::1 2001:4830:1200:129::2 64 3a 3(0) RECV
T042642.406 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 2 3a 128(0) SEND
T042642.593 66.55.128.25 192.168.123.252 2001:4830:e2:29::1 2001:4830:1200:129::2 63 3a 3(0) RECV
T042642.593 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 2 3a 128(0) SEND
T042642.781 66.55.128.25 192.168.123.252 2001:4830:e2:29::1 2001:4830:1200:129::2 63 3a 3(0) RECV
T042642.781 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 2 3a 128(0) SEND
T042642.953 66.55.128.25 192.168.123.252 2001:4830:e2:29::1 2001:4830:1200:129::2 63 3a 3(0) RECV
T042643.781 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 3 3a 128(0) SEND
T042647.500 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 3 3a 128(0) SEND
T042651.500 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 3 3a 128(0) SEND
T042655.500 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 4 3a 128(0) SEND
T042704.546 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 4 3a 128(0) SEND
T042708.500 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 4 3a 128(0) SEND
T042712.500 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 5 3a 128(0) SEND
T042716.500 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 5 3a 128(0) SEND
T042720.500 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 5 3a 128(0) SEND
(*) PORT = type (code)
Now I can trace and the results are:
> tracert www.ipv6.sixxs.net
Tracing route to www.ipv6.sixxs.net [2001:838:1:1:210:dcff:fe20:7c7c]
over a maximum of 30 hops:
1 200 ms 203 ms 203 ms gw-298.ewr-01.us.sixxs.net [2001:4830:1200:129::1]
2 203 ms 203 ms 203 ms bbr01-g0-3.nwrk01.occaid.net [2001:4830:e2:29::1]
3 281 ms 281 ms 265 ms bbr01-p2-0.lndn01.occaid.net [2001:4830:fe:1010::1]
4 296 ms 296 ms 296 ms occaid.r1.ams2.nl.opencarrier.eu [2001:7f8:3a:e100::1]
5 281 ms 281 ms 281 ms ams-ix.ipv6.concepts.nl [2001:7f8:1::a501:2871:1]
6 281 ms 296 ms 312 ms 2001:838:0:10::2
7 281 ms 281 ms 296 ms noc.sixxs.net [2001:838:1:1:210:dcff:fe20:7c7c]
Trace complete.
When I tried connecting SixXS website (and failed), the capture was
TIME TUNNEL-SRC TUNNEL-DST SRC DST HLIM PROTO PORT* ACTION
T043601.109 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 128 6 1082 443 SEND
T043604.046 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 128 6 1082 443 SEND
T043610.078 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 128 6 1082 443 SEND
T043615.406 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 128 6 1083 443 SEND
T043618.328 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 128 6 1083 443 SEND
T043624.359 192.168.123.3 66.55.128.25 2001:4830:1200:129::2 2001:838:1:1:210:dcff:fe20:7c7c 128 6 1083 443 SEND
(*) PORT = source_port dest_port
Regards
Javier
Posting is only allowed when you are logged in. |