SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #711578
Ticket Status: Resolved

PoP: usqas01 - OCCAID Inc. (Ashburn, Virginia)

No Connectivity on Tunnel T14462
[us] Shadow Hawkins on Friday, 18 April 2008 20:53:31
After an IP change on one of my boxes, I'm not able to get one of its tunnels working. My NIC handle is JLB1-SIXXS and the tunnel is T14462. What's odd is that there is another tunnel on that same box that is working just fine after the IP change (Tunnel 14264). I'm running a FreeBSD 7.0 box behind a DSL modem, but it is set as the DMZ host. Interface Stats for gif1.. # ifconfig gif1 gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 tunnel inet 192.168.0.3 --> 66.117.47.228 inet6 2001:4830:1600:10f::2 --> 2001:4830:1600:10f::1 prefixlen 128 inet6 fe80::250:4ff:fe20:63bf%gif1 prefixlen 64 scopeid 0x6 Relevant routing table stats. # netstat -rnfinet6 Routing tables Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 ::1 ::1 UHL lo0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 2001:4830:1600:10f::1 link#6 UHL gif1 2001:4830:1600:10f::2 link#6 UHL lo0 2001:4978:f:b5::1 link#5 UHL gif0 2001:4978:f:b5::2 link#5 UHL lo0 IPv4 Traceroute # traceroute 66.117.47.228 traceroute to 66.117.47.228 (66.117.47.228), 64 hops max, 40 byte packets 1 192.168.0.1 (192.168.0.1) 1.376 ms 1.006 ms 0.940 ms 2 mpls-dsl-gw30-222.mpls.qwest.net (207.225.140.222) 42.121 ms 39.667 ms 41.016 ms 3 mpls-agw1.inet.qwest.net (65.103.30.233) 41.368 ms 51.331 ms 40.134 ms 4 * min-core-01.inet.qwest.net (205.171.128.129) 40.445 ms * 5 cer-core-01.inet.qwest.net (67.14.8.202) 50.652 ms 55.286 ms 50.813 ms 6 chp-brdr-02.inet.qwest.net (205.171.139.114) 75.770 ms 51.224 ms 71.799 ms 7 ge4-10-1000M.ar2.DCA3.gblx.net (64.208.110.61) 69.784 ms 50.035 ms 50.023 ms 8 CARPATHIA-HOSTING-INC.ge-5-0-0.405.ar1.DCA3.gblx.net (146.82.35.226) 77.891 ms 80.040 ms 80.861 ms 9 iad0-b0-ge0.hotnic.net (66.117.34.140) 79.220 ms 78.409 ms 78.188 ms 10 iad0-sixxs.hotnic.net (66.117.47.228) 79.607 ms 80.187 ms 79.981 ms I'm not able to ping the remote IPv6 address of the tunnel so therefore ping and traceroute don't show anything useful. The other tunnel (T14264) is working... # ping6 2001:4978:f:b5::1 PING6(56=40+8+8 bytes) 2001:4978:f:b5::2 --> 2001:4978:f:b5::1 16 bytes from 2001:4978:f:b5::1, icmp_seq=0 hlim=64 time=52.033 ms 16 bytes from 2001:4978:f:b5::1, icmp_seq=1 hlim=64 time=51.257 ms 16 bytes from 2001:4978:f:b5::1, icmp_seq=2 hlim=64 time=51.959 ms 16 bytes from 2001:4978:f:b5::1, icmp_seq=3 hlim=64 time=54.247 ms 16 bytes from 2001:4978:f:b5::1, icmp_seq=4 hlim=64 time=51.252 ms ^C --- 2001:4978:f:b5::1 ping6 statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 51.252/52.150/54.247/1.100 ms Thanks for your help in solving this.
No Connectivity on Tunnel T14462
[ch] Jeroen Massar SixXS Staff on Friday, 18 April 2008 23:10:58
The PoP is configured correctly, thus that should not cause a problem. But... First question here is of course, why two tunnels on one box? Second question is, how do you solve which traffic is going where? Next is of course, where is the rest of the "Reporting Problems Checklist" ?
No Connectivity on Tunnel T14462
[us] Shadow Hawkins on Saturday, 19 April 2008 00:32:30
1. The reason for two tunnels is because the first tunnel was to uschi02 and about a month or so ago the PoP was having major downtime issues and I therefore requested a tunnel to a new PoP. I did not delete the uschi02 tunnel due to the penalty for deleting a tunnel. 2. This is based on the routing table. Routing tables Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 ::1 ::1 UHL lo0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 2001:4830:1600:10f::1 link#6 UHL gif1 2001:4830:1600:10f::2 link#6 UHL lo0 2001:4978:f:b5::1 link#5 UHL gif0 2001:4978:f:b5::2 link#5 UHL lo0 Traffic going to uschi02 (2001:4978:f:b5::1) goes out gif0 properly as I can ping the remote end of the tunnel... # ping6 2001:4978:f:b5::1 PING6(56=40+8+8 bytes) 2001:4978:f:b5::2 --> 2001:4978:f:b5::1 16 bytes from 2001:4978:f:b5::1, icmp_seq=0 hlim=64 time=52.564 ms 16 bytes from 2001:4978:f:b5::1, icmp_seq=1 hlim=64 time=51.977 ms 16 bytes from 2001:4978:f:b5::1, icmp_seq=2 hlim=64 time=52.367 ms ^C --- 2001:4978:f:b5::1 ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 51.977/52.303/52.564/0.244 ms Traffic going to usqas01 (2001:4830:1600:10f::2) goes out gif1, but for some reason I cannot ping the remote end which is the problem for this ticket. ]# ping6 2001:4830:1600:10f::1 PING6(56=40+8+8 bytes) 2001:4830:1600:10f::2 --> 2001:4830:1600:10f::1 ^C --- 2001:4830:1600:10f::1 ping6 statistics --- 5 packets transmitted, 0 packets received, 100.0% packet loss If you're talking about past the PoP I was using the usqas01 tunnel, but since I cannot get it to work I cannot use it of course. If I set the default route using the uschi02 tunnel, I'm able to get out past the PoP... # route add -inet6 default 2001:4978:f:b5::1 add net default: gateway 2001:4978:f:b5::1 # ping6 noc.ipv6.sixxs.net PING6(56=40+8+8 bytes) 2001:4978:f:b5::2 --> 2001:838:1:1:210:dcff:fe20:7c7c 16 bytes from 2001:838:1:1:210:dcff:fe20:7c7c, icmp_seq=0 hlim=56 time=154.367 ms 16 bytes from 2001:838:1:1:210:dcff:fe20:7c7c, icmp_seq=1 hlim=56 time=154.406 ms 16 bytes from 2001:838:1:1:210:dcff:fe20:7c7c, icmp_seq=2 hlim=56 time=154.093 ms ^C --- noc.ipv6.sixxs.net ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 154.093/154.289/154.406/0.139 ms But of course I cannot use the usqas01 tunnel for the default route because I cannot get to the remote end of the tunnel. In an effort to solve this, I've deleted the interface gif1 and recreated it based on the tunnel information page and the tunnel still does not work. 3. Reporting Problems Checklist What other information is helpful here? # ifconfig xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9<RXCSUM,VLAN_MTU> ether 00:50:04:20:63:bf inet6 fe80::250:4ff:fe20:63bf%xl0 prefixlen 64 scopeid 0x1 inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204 gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 tunnel inet 192.168.0.3 --> 216.14.98.22 inet6 fe80::250:4ff:fe20:63bf%gif0 prefixlen 64 scopeid 0x5 inet6 2001:4978:f:b5::2 --> 2001:4978:f:b5::1 prefixlen 128 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 inet6 fe80::250:4ff:fe20:63bf%tun0 prefixlen 64 scopeid 0x7 inet 10.8.8.6 --> 10.8.8.5 netmask 0xffffffff Opened by PID 1087 gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 tunnel inet 192.168.0.3 --> 66.117.47.228 inet6 2001:4830:1600:10f::2 --> 2001:4830:1600:10f::1 prefixlen 128 inet6 fe80::250:4ff:fe20:63bf%gif1 prefixlen 64 scopeid 0x6 You already have the routing table info above. Firewall info: # pfctl -sr scrub in all fragment reassemble block return all pass out all flags S/SA keep state block drop in quick on ! lo inet6 from ::1 to any block drop in quick on ! lo inet from 127.0.0.0/8 to any block drop in quick inet6 from ::1 to any block drop in quick on lo0 inet6 from fe80::1 to any block drop in quick inet from 127.0.0.1 to any pass in on xl0 inet proto ipv6 from 216.14.98.22 to (xl0) keep state pass in on xl0 inet proto ipv6 from 66.117.47.228 to (xl0) keep state pass in on xl0 inet proto tcp from any to (xl0) port = ssh flags S/SA keep state pass in on xl0 inet proto tcp from any to (xl0) port = smtp flags S/SA keep state pass in on xl0 inet proto tcp from any to (xl0) port = domain flags S/SA keep state pass in on xl0 inet proto udp from any to (xl0) port = domain keep state pass in on xl0 inet proto udp from any to (xl0) port = 4520 keep state pass in on xl0 inet proto udp from any to (xl0) port = 4569 keep state pass in on xl0 inet proto udp from any to (xl0) port = sip keep state pass in on tun0 inet proto tcp from any to any port = ssh flags S/SA keep state pass in on tun0 inet proto tcp from any to any port = smtp flags S/SA keep state pass in on tun0 inet proto tcp from any to any port = domain flags S/SA keep state pass in on tun0 inet proto udp from any to any port = domain keep state pass in on tun0 inet proto udp from any to any port = 4520 keep state pass in on tun0 inet proto udp from any to any port = 4569 keep state pass in on tun0 inet proto udp from any to any port = sip keep state pass in on xl0 inet6 proto tcp from any to (xl0) port = ssh flags S/SA keep state pass in on xl0 inet6 proto tcp from any to (xl0) port = smtp flags S/SA keep state pass in on xl0 inet6 proto tcp from any to (xl0) port = domain flags S/SA keep state pass in on xl0 inet6 proto udp from any to (xl0) port = domain keep state pass in on xl0 inet6 proto udp from any to (xl0) port = 4520 keep state pass in on xl0 inet6 proto udp from any to (xl0) port = 4569 keep state pass in on xl0 inet6 proto udp from any to (xl0) port = sip keep state pass in on gif0 inet6 proto tcp from any to any port = ssh flags S/SA keep state pass in on gif0 inet6 proto tcp from any to any port = smtp flags S/SA keep state pass in on gif0 inet6 proto tcp from any to any port = domain flags S/SA keep state pass in on gif1 inet6 proto tcp from any to any port = ssh flags S/SA keep state pass in on gif1 inet6 proto tcp from any to any port = smtp flags S/SA keep state pass in on gif1 inet6 proto tcp from any to any port = domain flags S/SA keep state pass in on gif0 inet6 proto udp from any to any port = domain keep state pass in on gif0 inet6 proto udp from any to any port = 4520 keep state pass in on gif0 inet6 proto udp from any to any port = 4569 keep state pass in on gif0 inet6 proto udp from any to any port = sip keep state pass in on gif1 inet6 proto udp from any to any port = domain keep state pass in on gif1 inet6 proto udp from any to any port = 4520 keep state pass in on gif1 inet6 proto udp from any to any port = 4569 keep state pass in on gif1 inet6 proto udp from any to any port = sip keep state pass in on lo inet from 127.0.0.0/8 to any flags S/SA keep state pass in inet from 192.168.0.0/24 to any flags S/SA keep state pass in inet from 10.8.8.0/24 to any flags S/SA keep state pass in inet6 from 2001:4978:120:5609::/64 to any flags S/SA keep state pass in inet proto icmp all icmp-type echoreq keep state pass in inet6 proto ipv6-icmp all icmp6-type echoreq keep state pass in inet6 proto ipv6-icmp all icmp6-type echorep keep state pass in inet6 proto ipv6-icmp all icmp6-type neighbradv keep state pass in inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state pass out inet6 proto ipv6-icmp all icmp6-type echoreq keep state pass out inet6 proto ipv6-icmp all icmp6-type echorep keep state pass out inet6 proto ipv6-icmp all icmp6-type neighbradv keep state pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state pass quick on xl0 all no state Here's tcpdump info from tcpdump -Xns 1500 -i xl0 You can see the echo requests but no replies. 17:29:36.721117 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, echo request, seq 0, length 16 0x0000: 4500 004c 5eb9 0000 1e29 0acc c0a8 0003 E..L^....)...... 0x0010: 4275 2fe4 6000 0000 0010 3a40 2001 4830 Bu/.`.....:@..H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8000 a948 ...............H 0x0040: 6f30 0000 4809 20d0 000a ffd4 o0..H....... 17:29:37.721369 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, echo request, seq 1, length 16 0x0000: 4500 004c 5ebe 0000 1e29 0ac7 c0a8 0003 E..L^....)...... 0x0010: 4275 2fe4 6000 0000 0010 3a40 2001 4830 Bu/.`.....:@..H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8000 a810 ................ 0x0040: 6f30 0001 4809 20d1 000b 010a o0..H....... 17:29:38.722654 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, echo request, seq 2, length 16 0x0000: 4500 004c 5ec1 0000 1e29 0ac4 c0a8 0003 E..L^....)...... 0x0010: 4275 2fe4 6000 0000 0010 3a40 2001 4830 Bu/.`.....:@..H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8000 a324 ...............$ 0x0040: 6f30 0002 4809 20d2 000b 05f4 o0..H....... 17:29:39.720670 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, echo request, seq 3, length 16 0x0000: 4500 004c 5ec4 0000 1e29 0ac1 c0a8 0003 E..L^....)...... 0x0010: 4275 2fe4 6000 0000 0010 3a40 2001 4830 Bu/.`.....:@..H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8000 aad0 ................ 0x0040: 6f30 0003 4809 20d3 000a fe46 o0..H......F 17:29:40.721436 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, echo request, seq 4, length 16 0x0000: 4500 004c 5ed5 0000 1e29 0ab0 c0a8 0003 E..L^....)...... 0x0010: 4275 2fe4 6000 0000 0010 3a40 2001 4830 Bu/.`.....:@..H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8000 a7f6 ................ 0x0040: 6f30 0004 4809 20d4 000b 011e o0..H....... 17:29:41.719224 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, neighbor solicitation, who has 2001:4830:1600:10f::1, length 24 0x0000: 4500 0054 5ed8 0000 1e29 0aa5 c0a8 0003 E..T^....)...... 0x0010: 4275 2fe4 6000 0000 0018 3aff 2001 4830 Bu/.`.....:...H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8700 fae7 ................ 0x0040: 0000 0000 2001 4830 1600 010f 0000 0000 ......H0........ 0x0050: 0000 0001 .... 17:29:41.720909 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, echo request, seq 5, length 16 0x0000: 4500 004c 5ed9 0000 1e29 0aac c0a8 0003 E..L^....)...... 0x0010: 4275 2fe4 6000 0000 0010 3a40 2001 4830 Bu/.`.....:@..H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8000 a98a ................ 0x0040: 6f30 0005 4809 20d5 000a ff88 o0..H....... 17:29:42.718587 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, neighbor solicitation, who has 2001:4830:1600:10f::1, length 24 0x0000: 4500 0054 5edc 0000 1e29 0aa1 c0a8 0003 E..T^....)...... 0x0010: 4275 2fe4 6000 0000 0018 3aff 2001 4830 Bu/.`.....:...H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8700 fae7 ................ 0x0040: 0000 0000 2001 4830 1600 010f 0000 0000 ......H0........ 0x0050: 0000 0001 .... 17:29:42.720570 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, echo request, seq 6, length 16 0x0000: 4500 004c 5edd 0000 1e29 0aa8 c0a8 0003 E..L^....)...... 0x0010: 4275 2fe4 6000 0000 0010 3a40 2001 4830 Bu/.`.....:@..H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8000 aacf ................ 0x0040: 6f30 0006 4809 20d6 000a fe41 o0..H......A 17:29:43.718215 IP 192.168.0.3 > 66.117.47.228: IP6 2001:4830:1600:10f::2 > 2001:4830:1600:10f::1: ICMP6, neighbor solicitation, who has 2001:4830:1600:10f::1, length 24 0x0000: 4500 0054 5ee8 0000 1e29 0a95 c0a8 0003 E..T^....)...... 0x0010: 4275 2fe4 6000 0000 0018 3aff 2001 4830 Bu/.`.....:...H0 0x0020: 1600 010f 0000 0000 0000 0002 2001 4830 ..............H0 0x0030: 1600 010f 0000 0000 0000 0001 8700 fae7 ................ 0x0040: 0000 0000 2001 4830 1600 010f 0000 0000 ......H0........ 0x0050: 0000 0001 .... What other information would be helpful here?
No Connectivity on Tunnel T14462
[ch] Jeroen Massar SixXS Staff on Saturday, 19 April 2008 15:36:31
09:35:52.686618 IP 66.117.47.228 > 97.116.0.151: IP6 2001:4830:1600:10f::1 > 2001:4830:1600:10f::2: ICMP6, echo request, seq 0, length 16 09:35:53.687250 IP 66.117.47.228 > 97.116.0.151: IP6 2001:4830:1600:10f::1 > 2001:4830:1600:10f::2: ICMP6, echo request, seq 1, length 16 09:35:54.686988 IP 66.117.47.228 > 97.116.0.151: IP6 2001:4830:1600:10f::1 > 2001:4830:1600:10f::2: ICMP6, echo request, seq 2, length 16 09:35:55.686763 IP 66.117.47.228 > 97.116.0.151: IP6 2001:4830:1600:10f::1 > 2001:4830:1600:10f::2: ICMP6, echo request, seq 3, length 16 We don't see anything coming back.
No Connectivity on Tunnel T14462
[us] Shadow Hawkins on Saturday, 19 April 2008 22:05:20
I've tried removing both gif interfaces and just bringing up the usqas01 tunnel on gif0, rebooting several times, and still no luck. I believe I've tried all the suggestions on the FAQ pages. Can you give me any pointers on how to proceed from here? All 3 of my other tunnels aren't having any problems, including one on my other box that goes to usqas01 so I'm fairly confident in my skills to get these tunnels working.
No Connectivity on Tunnel T14462
[us] Shadow Hawkins on Monday, 28 April 2008 02:17:22
I got the tunnel working. You can close this ticket.
State change: user Locked
[ch] Jeroen Massar SixXS Staff on Friday, 18 April 2008 23:11:02
Message is Locked
The state of this ticket has been changed to user
State change: resolved Locked
[ch] Jeroen Massar SixXS Staff on Monday, 28 April 2008 12:54:43
Message is Locked
The state of this ticket has been changed to resolved

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker