SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #11543729
Ticket Status: User

PoP: dkcph01 - Availo (Copenhagen)

Route anomaly
[dk] Shadow Hawkins on Thursday, 01 May 2014 17:00:38
Please contact me by mail svenne@kracon.dk or phone +4521699040 (9-22 CEST) All ipv6 tunnels terminate at "dkcph01 - Availo". I have a problem with the tunnel with my inner address of 2001:16d8:dd00:220::2, as it seems not to be able to ping 2a00:fbe0::6
/// FROM (2001:16d8:dd00:220::2) [kracon@MikroTik] /ipv6 address> print where interface=sit1; Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 G 2001:16d8:dd00:220::2/64 sit1 no 1 DL fe80::26b:1b4e/128 sit1 no [kracon@MikroTik] /ipv6 address> /ping 2a00:fbe0::6 HOST SIZE TTL TIME STATUS timeout timeout timeout timeout timeout timeout timeout timeout sent=8 received=0 packet-loss=100% I can ping the upstream router [kracon@MikroTik] /ipv6 address> /ping 2001:470:12:43::2 HOST SIZE TTL TIME STATUS 2001:470:12:43::2 56 59 55ms echo reply 2001:470:12:43::2 56 59 55ms echo reply 2001:470:12:43::2 56 59 55ms echo reply 2001:470:12:43::2 56 59 55ms echo reply 2001:470:12:43::2 56 59 56ms echo reply 2001:470:12:43::2 56 59 54ms echo reply 2001:470:12:43::2 56 59 55ms echo reply 2001:470:12:43::2 56 59 55ms echo reply 2001:470:12:43::2 56 59 54ms echo reply 2001:470:12:43::2 56 59 55ms echo reply sent=10 received=10 packet-loss=0% min-rtt=54ms avg-rtt=54ms max-rtt=56ms I can ping other things as well [kracon@MikroTik] /ipv6 address> /ping 2a01:7e8:a0:400::56 HOST SIZE TTL TIME STATUS 2a01:7e8:a0:400::56 56 53 72ms echo reply 2a01:7e8:a0:400::56 56 53 66ms echo reply 2a01:7e8:a0:400::56 56 53 66ms echo reply 2a01:7e8:a0:400::56 56 53 66ms echo reply 2a01:7e8:a0:400::56 56 53 66ms echo reply 2a01:7e8:a0:400::56 56 53 67ms echo reply sent=6 received=6 packet-loss=0% min-rtt=66ms avg-rtt=67ms max-rtt=72ms And [kracon@MikroTik] /ipv6 address> /ping 2001:16d8:ddb1:79:2677:3ff:fe7d:7398 HOST SIZE TTL TIME STATUS 2001:16d8:ddb1:79:2677:3ff:fe7d:7398 56 62 34ms echo reply 2001:16d8:ddb1:79:2677:3ff:fe7d:7398 56 62 33ms echo reply 2001:16d8:ddb1:79:2677:3ff:fe7d:7398 56 62 33ms echo reply 2001:16d8:ddb1:79:2677:3ff:fe7d:7398 56 62 33ms echo reply 2001:16d8:ddb1:79:2677:3ff:fe7d:7398 56 62 33ms echo reply sent=5 received=5 packet-loss=0% min-rtt=33ms avg-rtt=33ms max-rtt=34ms
The trafic is not visible on the router before the ip (i.e. 2001:470:12:43::2) when I try to ping 2a00:fbe0::6, but I can ping the previous router (2001:470:12:43::2) just fine. Wierdly enough, I can traceroute it (and see the traffic just fine at the upstream router...
[kracon@MikroTik] /ipv6 address> /tool traceroute 2a00:fbe0::6 # ADDRESS RT1 RT2 RT3 STATUS 1 2001:16d8:dd00:220::1 23ms 21ms 22ms 2 2001:16d8:aaaa:5::2 22ms 22ms 21ms 3 2001:16d8:aaaa:5::1 23ms 22ms 23ms 4 2001:16d8:1:136a::1 149ms 208ms 214ms 5 2001:7f8::1b1b:0:1 34ms 40ms 46ms 6 2001:470::a5:0:0:0:2 35ms 36ms 37ms 7 2001:470:12:43::2 53ms 50ms 49ms 8 2a00:fbe0::6 51ms 51ms 51ms
The ip (2a00:fbe0::6) works normally from another of my tunnels
/// FROM WORKING TUNNEL (SAME POP) [sk@fanning ~]$ ip -6 a s dev wlp3s0 4: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 2001:16d8:ddb1:79:2677:3ff:fe7d:7398/64 scope global dynamic valid_lft 86394sec preferred_lft 14394sec inet6 fe80::2677:3ff:fe7d:7398/64 scope link valid_lft forever preferred_lft forever [sk@fanning ~]$ ping6 2a00:fbe0::6 PING 2a00:fbe0::6(2a00:fbe0::6) 56 data bytes 64 bytes from 2a00:fbe0::6: icmp_seq=1 ttl=57 time=43.2 ms 64 bytes from 2a00:fbe0::6: icmp_seq=2 ttl=57 time=40.7 ms 64 bytes from 2a00:fbe0::6: icmp_seq=3 ttl=57 time=44.4 ms 64 bytes from 2a00:fbe0::6: icmp_seq=4 ttl=57 time=41.4 ms ^C --- 2a00:fbe0::6 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 40.773/42.471/44.441/1.453 ms
That is very wierd... Maybe it is a BGP issue (that prefix 2a00:fbe0::/32 is announced directly by BGP), but works from any other location I have access to.
Route anomaly
[ch] Jeroen Massar SixXS Staff on Thursday, 01 May 2014 18:01:26
I have a problem with the tunnel with my inner address of 2001:16d8:dd00:220::2, as it seems not to be able to ping 2a00:fbe0::6
Don't forget to check your firewall rules, and routing tables. For debugging this though you will want to do a traceroute6 from the remote side too.
That is very wierd... Maybe it is a BGP issue (that prefix 2a00:fbe0::/32 is announced directly by BGP), but works from any other location I have access to.
I don't think so (directly at least. won't exclude it). It looks good in:
grh.sixxs.net> show bgp 2a00:fbe0::/32 BGP routing table entry for 2a00:fbe0::/32 Paths: (94 available, best #90, table Default-IP-Routing-Table) Not advertised to any peer 559 6939 62113 2001:620:0:c000::9 from 2001:620:0:c000::9 (130.59.32.30) Origin IGP, localpref 100, valid, external Community: 559:2 Last update: Thu May 1 16:44:53 2014
RIPE's RIS seems to think it is okay too.
Route anomaly
[dk] Shadow Hawkins on Thursday, 01 May 2014 20:19:33
2001:470:12:43::2 is the first router I have access to before 2a00:fbe0::6 (and it is the nexthop for that). As stated before, I cannot see the trafic at all when coming from the troublesome ip. I had thought about firewall issues, but that is not on my part (all is accepted right now as only testboxes have access to ipv6) - i.e. on 2001:470:12:43::2... Something wierd is going on.... when pinging the 4 address that do exist (::4 through ::7) I see no trafic at all (using tcpdump), when pinging something that doesn't exist I see the trafic flowing in as long as the last 32-bit group is 100 or larger... I wonder if that is a problem in the mikrotik firmware... Notice the 2001:470:12:43::2 is also a tunnel interface (Hurricane Electric are kind enough to offer full BGP ipv6 tunneling with ones own ipv6-prefix free-of-charge). Wierdly enough both directions of traceroute works okay, and outgoing SSH (from the mikrotik's perspective) works too for that address... Traceroute from 2a00:fbe0::6
traceroute to 2001:16d8:dd00:220::2 (2001:16d8:dd00:220::2), 30 hops max, 80 byte packets 1 actrtr.kracon.dk (2a00:fbe0::1) 0.743 ms 0.719 ms 0.850 ms 2 kracon-1.tunnel.tserv18.fra1.ipv6.he.net (2001:470:12:43::1) 15.007 ms 15.010 ms 15.226 ms 3 v305.core1.fra1.he.net (2001:470:0:a5::1) 19.974 ms 19.978 ms 19.972 ms 4 te1-2-decix.er0-r66.mejv-sto.se.ip6.p80.net (2001:7f8::3f16:0:1) 29.720 ms 29.718 ms 29.711 ms 5 2001:16d8:1:136a::2 (2001:16d8:1:136a::2) 30.849 ms 32.975 ms 33.188 ms 6 sixxs-cph-demarc0.cust.ip6.p80.net (2001:16d8:aaaa:5::2) 30.833 ms 29.337 ms 29.338 ms 7 gw-545.cph-01.dk.sixxs.net (2001:16d8:dd00:220::1) 28.953 ms 28.960 ms 29.176 ms 8 * * *
Traceroute from 2001:16d8:dd00:220::2
[kracon@Roarsvej24] > /tool traceroute 2a00:fbe0::6 # ADDRESS RT1 RT2 RT3 STATUS 1 2001:16d8:dd00:220::1 21ms 19ms 20ms 2 2001:16d8:aaaa:5::2 21ms 20ms 20ms 3 2001:16d8:aaaa:5::1 22ms 22ms 21ms 4 2001:16d8:1:136a::1 21ms 21ms 21ms 5 2001:7f8::1b1b:0:1 34ms 38ms 34ms 6 2001:470::a5:0:0:0:2 35ms 34ms 34ms 7 2001:470:12:43::2 48ms 48ms 50ms 8 2a00:fbe0::6 49ms 54ms 50ms
Route anomaly
[ch] Jeroen Massar SixXS Staff on Friday, 02 May 2014 11:18:40
As stated before, I cannot see the trafic at all when coming from the troublesome ip.
Did you tcpdump on both sides? (looking at the IPv4 interfaces, not the IPv6 interface where the tunneled-over-IPv4-packets arrive).

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker