|
Ticket ID: SIXXS #5562714 Ticket Status: User PoP: nlhaa01 - Leaseweb B.V. (Haarlem)
Tunnel does not route packets anymore
![[nl]](/s/countries/nl.gif) Shadow Hawkins on Wednesday, 14 September 2011 11:50:34
Dear Sirs,
discovered this morning that I cannot ping6 anymore the Sixxs ipv6 far end anymore. This worked yesterday.
Find below the troubleshooting I am doing on the cisco:
Tunnel Config:
interface Tunnel79278
description 6in4 tunnel to SixXS
no ip address
ip mtu 1280
ip tcp adjust-mss 1420
ipv6 address 2001:1AF8:FE00:2DD::2/64
ipv6 enable
tunnel source GigabitEthernet1/1
tunnel destination 94.75.219.73
tunnel mode ipv6ip
end
Switch#show int Tunnel79278
Tunnel79278 is up, line protocol is up
Hardware is Tunnel
Description: 6in4 tunnel to SixXS
MTU 17920 bytes, BW 100 Kbit, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 172.30.120.150 (GigabitEthernet1/1), destination 94.75.219.73
Tunnel protocol/transport IPv6/IP
Tunnel TTL 255
Tunnel transport MTU 1480 bytes
Last input never, output 00:00:49, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
140 packets output, 15318 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Switch#ping 2001:1AF8:FE00:2DD::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1AF8:FE00:2DD::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#ping 2001:1AF8:FE00:2DD::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1AF8:FE00:2DD::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
S
Can you help me ?
Kind Regards
W Herler
State change: user
The state of this ticket has been changed to user
Tunnel does not route packets anymore
You are behind some kind of NAT:
Tunnel source 172.30.120.150 (GigabitEthernet1/1), destination 94.75.219.73
That won't work properly most of the time.
Tunnel does not route packets anymore
Shadow Hawkins on Wednesday, 14 September 2011 12:13:37
Hi Jerroen,
thanks for the feedback.
You are very right, NAT is involved. However, I would not understand why NAT would disrupt a Tunnel, as normally the original IP is not put into the payload for verifications.
On the other hand, I presume all PC's etc connecting via SIXXs are as well behind a DSL router with NAT.
And it worked already. Is there no way to get it running via NAT ?
Kind Regards
W Herler
Tunnel does not route packets anymore
You are very right, NAT is involved. However, I would not understand why NAT would disrupt a Tunnel, as normally the original IP is not put into the payload for verifications.
It does not work because your NAT does not know where to send packets for this magical protocol 41 to. Most NATs solely support TCP and UDP and nothing else.
On the other hand, I presume all PC's etc connecting via SIXXs are as well behind a DSL router with NAT.
For those we have the AYIYA protocol.
And it worked already. Is there no way to get it running via NAT ?
Teach your NAT to forward all unknown packets to the IP that has the tunnel endpoint. This typically is called DMZ mode.
See the FAQ and forums for more details.
Tunnel does not route packets anymore
Shadow Hawkins on Wednesday, 14 September 2011 12:22:04
Hi Jeroen,
thanks, thats helpful !
Kind Regards
W Herler
|
![[ch]](/s/countries/ch.gif)
on Wednesday, 14 September 2011 11:51:54
Posting is only allowed when you are