Hi chaps, I have been scratching my head over this one for the last week and I'm sure it is something incredibly obvious that I am missing here; so, I will attempt to explain the problem. I have a 6in4 tunnel with Hurricane Electric that allows me to announce my /32 prefix from RIPE over BGP; the routing from the Internet to the machine which terminates the tunnel is fine. A quick network diagram: HE Tunnel Endpoint [2001:470:14:8a::1/64] -- is connected to -- gw2 sit1 [2001:470:14:8a::2/64] gw2 vlan62 [2a01:568:fff:f002::2/64] -- is connected to -- cr1 vlan62 [2a01:568:fff:f002::3/64] cr1 vlan3 [2a01:568::1/64] -- is connected to -- xen1-6 bond0 [2a01:568::f/64] xen1-6 br0 [2a01:568:0:e::1/64] -- is connected to -- xenguest eth0 [2a01:568:0:e::2/64] Some notes: gw2 is advertising 2a01:568::/32 via BGP to HE. gw2 advertises a single route (2000::/3) via OSPFv3 to cr1 and cr1 sends all internal routes which live within 2a01:568::/32 to gw2 via OSPFv3. cr1 has a static route for 2a01:568:0:e::1/64 to 2a01:568::f/64. xen1-6 has a static route for 2000::/3 via 2a01:568::1/64 defined. xenguest has a static route for 2000::/3 via 2a01:568:0:e::1 defined. IPv6 forwarding is enabled on gw2, cr1 and xen1-6. gw2 and cr1 are running Quagga's zebra, ospfd, ospf6d and bgpd daemons. The ip6tables policy on all hosts above (all are running RHEL5) have icmpv6 explicitly allowed on the INPUT chain and all IPv6 traffic is permitted on the FORWARD and OUTPUT chains. The problem I have is as follows: If I try to ping6 2a01:568:0:e::2, I get absolutely no response - a traceroute from an external IPv6-enabled machine stops at cr1. If I ssh into cr1 and ping6 2a01:568::f, it responds with ICMPv6 replies and the ping6 to 2a01:568:0:e::2 from the external machine starts responding immediately - the traceroute also finishes at xenguest as expected. Running Wireshark on cr1 tells me that ICMPv6 echoes from the external machine are not being relayed through to the vlan3 interface and more importantly, I'm not even seeing an attempt to perform an IPv6 Neighbor Solicitation - however, if I run the ping6 locally from cr1 to the same IPv6 address, I do see the IPv6 Neighbor Solicitation message being transmitted on vlan3, xen1-6 responds to it with an IPv6 Router Advertisement and all starts working. I don't think it is multicast-related as I have OSPFv3 working on another VLAN interface belonging to the same physical interface - and surely, if it was multicast-related, the local ping6 test would fail also. I am aware of the following bug (https://bugzilla.redhat.com/show_bug.cgi?id=243526) and have worked around it by replacing IPV6_DEFAULTGW with the static route for 2000::/3 as previously mentioned. Does this particular problem sound familiar to anybody ? Regards, Terry Froy Spilsby Internet Solutions http://www.spilsby.net/