SixXS::Sunset 2017-06-06

Why cannot ping between endpoints.
[nl] Shadow Hawkins on Friday, 26 April 2013 15:41:44
I have two nlams05 tunnels, each with its own subnet. I cannot ping one endpoint from the other endpoint/subnet. Endpoints are pingable from the Internet. Both endpoints can ping6 to www.kame.net. When my nlams04 tunnel was working (PoP is now down), both endpoints/subnets could ping the other endpoint. Any clue? Subnets are firewalled and don't respond to ping, endpoints are firewalled, but they allow IPv6 ping echo reply.
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Friday, 26 April 2013 22:50:14
More details: Linux ping says "no route" and Windows ping says target network is not reachable.
Why cannot ping between endpoints.
[ch] Jeroen Massar SixXS Staff on Saturday, 27 April 2013 09:39:22
Please show your interface tables, routing tables, traceroutes, etc. For your textual description the only answer is "something is likely misconfigured".
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Saturday, 27 April 2013 09:58:28
Traceren van de route naar cl-***.ams-05.nl.sixxs.net [2001:610:600:***::*] via maximaal 30 hops: 1 Het doelnetwerk is niet bereikbaar. De trace is voltooid. But tracert to www.kame.net works without any problem. With the same configuration (except for IP and subnets addresses and having one Surfnet and one Scarlet tunnel instead of two Surfnet tunnels) ping worked ok. It seems that Surfnet does not like ping/traceroute from Surfnet endpoints.
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Saturday, 27 April 2013 10:06:31
The configuration of one Surfnet subnet did not change at all, so it should be at least able to ping the other Surfnet endpoint. At least, it was able to ping the Scarlet endpoint when the Scarlet PoP was working.
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Saturday, 27 April 2013 10:08:24
My IPv6 firewall is shown at http://www.dd-wrt.com/phpBB2/viewtopic.php?p=664358 (under slobodan post).
Why cannot ping between endpoints.
[ch] Jeroen Massar SixXS Staff on Sunday, 28 April 2013 09:27:50
I'll repeat:
Please show your interface tables, routing tables, traceroutes, etc.
The first part is very important. Please show them on both hosts involved.
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Sunday, 28 April 2013 14:05:18
At one side: 1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000 inet6 fe80::225:9cff:????:????/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000 inet6 fe80::225:9cff:????:????/64 scope link valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000 inet6 fe80::225:9cff:????:????/64 scope link valid_lft forever preferred_lft forever 8: vlan1@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 fe80::225:9cff:????:????/64 scope link valid_lft forever preferred_lft forever 9: vlan2@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 fe80::225:9cff:????:????/64 scope link valid_lft forever preferred_lft forever 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 2001:610:???::/64 scope global valid_lft forever preferred_lft forever inet6 fe80::225:9cff:????:????/64 scope link valid_lft forever preferred_lft forever 18: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500 inet6 2001:610:600:???::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::410:600:???:2/64 scope link valid_lft forever preferred_lft forever 1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:25:9c:??:??:?? brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:25:9c:??:??:?? brd ff:ff:ff:ff:ff:ff 4: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:25:9c:??:??:?? brd ff:ff:ff:ff:ff:ff 5: teql0: <NOARP> mtu 1500 qdisc noop qlen 100 link/void 6: tunl0: <NOARP> mtu 1480 qdisc noop link/ipip 0.0.0.0 brd 0.0.0.0 7: gre0: <NOARP> mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 8: vlan1@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:25:9c:??:??:?? brd ff:ff:ff:ff:ff:ff 9: vlan2@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc htb link/ether 00:25:9c:??:??:?? brd ff:ff:ff:ff:ff:ff 10: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether 00:25:9c:??:??:?? brd ff:ff:ff:ff:ff:ff 16: imq0: <NOARP,UP,10000> mtu 1500 qdisc htb qlen 30 link/void 17: imq1: <NOARP> mtu 1500 qdisc noop qlen 30 link/void 18: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qdisc pfifo_fast qlen 500 link/[65534] At the other side: 1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000 inet6 fe80::e2cb:4eff:????:????/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000 inet6 fe80::e2cb:4eff:????:????/64 scope link valid_lft forever preferred_lft forever 8: vlan1@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 fe80::e2cb:4eff:????:????/64 scope link valid_lft forever preferred_lft forever 9: vlan2@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 fe80::e2cb:4eff:????:????/64 scope link valid_lft forever preferred_lft forever 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 2001:610:600:???::/64 scope global valid_lft forever preferred_lft forever inet6 fe80::e2cb:4eff:????:????/64 scope link valid_lft forever preferred_lft forever 12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500 inet6 2001:610:600:???::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::410:600:???:2/64 scope link valid_lft forever preferred_lft forever 1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether e0:cb:4e:??:??:?? brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether e0:cb:4e:??:??:?? brd ff:ff:ff:ff:ff:ff 4: teql0: <NOARP> mtu 1500 qdisc noop qlen 100 link/void 5: tunl0: <NOARP> mtu 1480 qdisc noop link/ipip 0.0.0.0 brd 0.0.0.0 6: gre0: <NOARP> mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 7: vlan0@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop link/ether e0:cb:4e:??:??:?? brd ff:ff:ff:ff:ff:ff 8: vlan1@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether e0:cb:4e:??:??:?? brd ff:ff:ff:ff:ff:ff 9: vlan2@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether e0:cb:4e:??:??:?? brd ff:ff:ff:ff:ff:ff 10: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue link/ether e0:cb:4e:??:??:?? brd ff:ff:ff:ff:ff:ff 12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qdisc pfifo_fast qlen 500 link/[65534] To be precise, my firewall is in the last slobodan post at the indicated URL.
Why cannot ping between endpoints.
[ch] Jeroen Massar SixXS Staff on Sunday, 28 April 2013 14:20:43
11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 2001:610:???::/64 scope global
valid_lft forever preferred_lft forever
12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500
inet6 2001:610:600:???::2/64 scope global
valid_lft forever preferred_lft forever
11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 2001:610:600:???::/64 scope global
valid_lft forever preferred_lft forever
12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500
inet6 2001:610:600:???::2/64 scope global
As you masked out the important bits, they are all the same, as such, nothing much can be said about this. These are the interfaces, the routing tables are in this case actually more important. If you want to mask out things, for whatever mysterious reason that might be, then replace the prefixes completely with AAAA::/64 and BBBB::/64 etc, don't just remove things.
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Sunday, 28 April 2013 16:37:53
The addresses are: 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 2001:610:AAA::/64 scope global valid_lft forever preferred_lft forever 12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500 inet6 2001:610:600:BBB:CCC::2/64 scope global valid_lft forever preferred_lft forever 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 2001:610:600:DDD:EEEE::/64 scope global valid_lft forever preferred_lft forever 12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500 inet6 2001:610:600:DDD:EEEE::2/64 scope global ip -6 route at one point is: 2001:610:BBB:CCC::/64 dev sixxs metric 256 expires 42680299sec 2001:610:AAA::/64 dev br0 metric 256 2001:610:AAA::/64 dev br0 metric 1024 expires 42680299sec unreachable 2001:610:AAA::/48 dev lo metric 1024 expires 42680300sec error -128 fe80::/64 dev eth0 metric 256 expires 42680260sec fe80::/64 dev eth2 metric 256 expires 42680263sec fe80::/64 dev vlan1 metric 256 expires 42680263sec fe80::/64 dev eth1 metric 256 expires 42680263sec fe80::/64 dev br0 metric 256 expires 42680263sec fe80::/64 dev vlan2 metric 256 expires 42680266sec fe80::/64 dev sixxs metric 256 expires 42680300sec ff00::/8 dev eth0 metric 256 expires 42680260sec ff00::/8 dev eth2 metric 256 expires 42680263sec ff00::/8 dev vlan1 metric 256 expires 42680263sec ff00::/8 dev eth1 metric 256 expires 42680263sec ff00::/8 dev br0 metric 256 expires 42680263sec ff00::/8 dev vlan2 metric 256 expires 42680266sec ff00::/8 dev sixxs metric 256 expires 42680300sec default via 2001:610:BBB:CCC::1 dev sixxs metric 1024 expires 42680300sec unreachable default dev lo metric -1 error -128 At the other end I don't have access right now, but I assume it is pretty much the same, with DDD:EEEE instead of both AAA and BBB:CCC.
Why cannot ping between endpoints.
[ch] Jeroen Massar SixXS Staff on Sunday, 28 April 2013 17:43:13
The addresses are:
11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 2001:610:AAA::/64 scope global
valid_lft forever preferred_lft forever
One should never configure the lowest address (2001:610:AAA:: in this case) on an interface as that is the subnet anycast address. Using <prefix>::1 is common practice.
11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 2001:610:600:DDD:EEEE::/64 scope global
valid_lft forever preferred_lft forever
12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500
inet6 2001:610:600:DDD:EEEE::2/64 scope global
I assume these '11 and 12' are on another host, given that they have the same interface IDs. Again, do not use the subnet anycast address. Why did you configure the tunnel prefix (2001:610:600:DDD:EEEE::/64 on the br0 interface? Please use the Subnet Prefix here.
ip -6 route at one point is:
2001:610:BBB:CCC::/64 dev sixxs metric 256 expires 42680299sec
2001:610:AAA::/64 dev br0 metric 256
2001:610:AAA::/64 dev br0 metric 1024 expires 42680299sec
...
default via 2001:610:BBB:CCC::1 dev sixxs metric 1024 expires 42680300sec
Where did the routes for 2001:610:600:DDD:EEEE::/64 go?
At the other end I don't have access right now, but I assume it is pretty much the same, with DDD:EEEE instead of both AAA and BBB:CCC.
Assumptions are not enough, please actually check if it is also wrong.
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Sunday, 28 April 2013 19:33:42
Jeroen Massar wrote:
> The addresses are:
11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 2001:610:AAA::/64 scope global
valid_lft forever preferred_lft forever
One should never configure the lowest address (2001:610:AAA:: in this case) on an interface as that is the subnet anycast address. Using <prefix>::1 is common practice.
Point taken, but it always worked like this.
>11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 2001:610:600:DDD:EEEE::/64 scope global
valid_lft forever preferred_lft forever
12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500
inet6 2001:610:600:DDD:EEEE::2/64 scope global
I assume these '11 and 12' are on another host, given that they have the same interface IDs. Again, do not use the subnet anycast address. Why did you configure the tunnel prefix (2001:610:600:DDD:EEEE::/64 on the br0 interface? Please use the Subnet Prefix here.
You're right, it's not the same address, but in fact it was: 11: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 2001:610:600:FDDD:EEEE::/64 scope global valid_lft forever preferred_lft forever 12: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500 inet6 2001:610:600:DDD:EEEE::2/64 scope global
> ip -6 route at one point is:
2001:610:BBB:CCC::/64 dev sixxs metric 256 expires 42680299sec
2001:610:AAA::/64 dev br0 metric 256
2001:610:AAA::/64 dev br0 metric 1024 expires 42680299sec
...
default via 2001:610:BBB:CCC::1 dev sixxs metric 1024 expires 42680300sec
Where did the routes for 2001:610:600:DDD:EEEE::/64 go?
I don't understand. Should I have routes from 2001:610:BBB:CCC to 2001:610:600:DDD:EEEE? Why? I just want to ping it once in a while, not to establish a permanent connection.
> At the other end I don't have access right now, but I assume it is pretty much the same, with DDD:EEEE instead of both AAA and BBB:CCC. Assumptions are not enough, please actually check if it is also wrong.
True, as noted above, one has a DDD:EEEE address while the other has FDDD:EEEE address. I will reconfigure connections with ::1 behind.
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Sunday, 28 April 2013 19:36:59
By the way, I got rid of redirecting /48 to lo, it didn't seem to work.
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Sunday, 28 April 2013 19:51:09
After reconfiguring with ::1/64 ping works. Problem solved.
Why cannot ping between endpoints.
[ch] Jeroen Massar SixXS Staff on Sunday, 28 April 2013 20:44:05
Tudor Georgescu wrote:
By the way, I got rid of redirecting /48 to lo, it didn't seem to work.
What did not work? Routing the whole /48 to lo (loopback) is done so that packets destined for that /48 that are not routed anywhere specifically are not sent back up the tunnel. As such, this always performs it's task. (unless wrongly set up of course).
Why cannot ping between endpoints.
[nl] Shadow Hawkins on Monday, 29 April 2013 11:32:33
Jeroen Massar wrote:
What did not work? Routing the whole /48 to lo (loopback) is done so that packets destined for that /48 that are not routed anywhere specifically are not sent back up the tunnel. As such, this always performs it's task. (unless wrongly set up of course).
Ok, I have reinstated the /48 redirection at one router, at the other one it is /64 being redirected, since the subnet is /64, not /48. I seems that the /48 redirection was blacklisting the IP of the first router.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker