Ticket ID: SIXXS #1197995 Ticket Status: User PoP: nlams05 - SURFnet (Amsterdam)
POP replies with ICM port unreachable
Shadow Hawkins on Monday, 07 September 2009 16:34:53
Hello,
My heartbeat tunnel (T13227) suddenly stopped working, all ipv6 packets are answered with ICMP Destination unreachable (Port unreachable):
0.000000 2001:610:600:429::2 -> 2001:610:600:429::1 ICMPv6 Echo request
0.018005 192.87.102.107 -> 212.123.165.169 ICMP Destination unreachable (Port unreachable)
1.008258 2001:610:600:429::2 -> 2001:610:600:429::1 ICMPv6 Echo request
1.027903 192.87.102.107 -> 212.123.165.169 ICMP Destination unreachable (Port unreachable)
The remote endpoint is reachable using ipv4:
PING 192.87.102.107 (192.87.102.107) 56(84) bytes of data.
64 bytes from 192.87.102.107: icmp_seq=1 ttl=59 time=18.5 ms
64 bytes from 192.87.102.107: icmp_seq=2 ttl=59 time=17.9 ms
64 bytes from 192.87.102.107: icmp_seq=3 ttl=59 time=17.2 ms
--- 192.87.102.107 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 17.298/17.945/18.595/0.540 ms
The clock is synchronized:
aeon ~ # ntpdate -q chime1.surfnet.nl
server 192.87.106.2, stratum 1, offset -0.006659, delay 0.04379
Running aiccu test fails at step 6, pinging the local endpoint works, pinging the remote endpoint does not work, as shown above. I already restarted aiccu several times. The tunnel is created correctly, as far as I can tell, but it doesn't work.
Did I miss something, or is there something weird going on at the POP?
Regards,
Michel Wilson.
State change: user
Jeroen Massar on Monday, 07 September 2009 16:39:19
The state of this ticket has been changed to user
POP replies with ICM port unreachable
Jeroen Massar on Monday, 07 September 2009 16:41:26 My heartbeat tunnel (T13227) suddenly stopped working, all ipv6 packets are answered with ICMP Destination unreachable (Port unreachable):
Only TCP, UDP and SCTP have a concept of 'ports' thus how exactly can an ICMPv6 ping result in a IPv4 port unreachable with a proto-41 tunnel!?
Can you provide 'tcpdump -vvXns 1500 -i eth0' output? As that contains the raw dump and not the translations of the ICMP errors. (replace 'eth0' with the interface that your tunnel runs over, thus the IPv4 interface, NOT the IPv6 interface, aka the tunnel itself)
POP replies with ICM port unreachable
Shadow Hawkins on Monday, 07 September 2009 16:46:45
I know, the 'port unreachable' doesn't make sense. But! It suddenly started working again, just after installing tcpdump :( !! So, the ticket can be closed... If it ever happens again I'll try to collect more information.
Regards,
Michel.
POP replies with ICM port unreachable
Shadow Hawkins on Tuesday, 29 September 2009 14:51:00
OK, 2nd try
I've got more or less the same problem with my tunnel. I configured my static tunnel in /etc/network/interfaces (virtual Debian host on Xen) and after a networking restart it shows and works for about an hour. Then I get the same ICMP messages from the SURFnet PoP and the tunnel is broken. I did the tcpdump and it can be found at: dump.
As the problem behaves like a NAT problem I did try the solution provided in the FAQ, but they didn't work. Protocol 41 is accepted in my firewall. With the NAT solutions in place the connection does show with conntrack -L. I'm not sure if it should.
POP replies with ICM port unreachable
Jeroen Massar on Tuesday, 29 September 2009 14:53:29
Please use the forums for these kind of issues. They are not a problem on our side.
Posting is only allowed when you are logged in. |