Tickets - T14552: No IPv6 ping replies :: SixXS - IPv6 Deployment & Tunnel Broker

Ticket ID: SIXXS #685658
Ticket Status: User

PoP: nlede01 - BIT BV (Ede)

T14552: No IPv6 ping replies

Shadow Hawkins on Tuesday, 11 March 2008 17:12:07

I have read and followed the "Reporting Problems" section on the Contact page and am providing the following details for this report based on the list of items stated there: I'm BRG2-SIXXS, trying to get tunnel T14552 up. Running aiccu, using aiccu 2007.01.15 compiled from sources using gcc 4.3.0, doesn't indicate any problems: sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)" sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/2.6.24.3-1arksmp" sock_getline() : "200 Client Identity accepted" sock_printf() : "get unixtime" sock_getline() : "200 1205250975" sock_printf() : "starttls" sock_getline() : "400 This service is not SSL enabled (yet)" TIC Server does not support TLS but TLS is not required, continuing sock_printf() : "username BRG2-SIXXS" sock_getline() : "200 Choose your authentication challenge please" sock_printf() : "challenge md5" sock_getline() : "200 ********************************" sock_printf() : "authenticate md5 ********************************" sock_getline() : "200 Succesfully logged in using md5 as BRG2-SIXXS (Bernhard Rosenkraenzer) from 212.59.138.23" sock_printf() : "tunnel show T14552" sock_getline() : "201 Showing tunnel information for T14552" sock_getline() : "TunnelId: T14552" sock_getline() : "Type: 6in4-static" sock_getline() : "IPv6 Endpoint: 2001:7b8:2ff:1cf::2" sock_getline() : "IPv6 POP: 2001:7b8:2ff:1cf::1" sock_getline() : "IPv6 PrefixLength: 64" sock_getline() : "Tunnel MTU: 1280" sock_getline() : "Tunnel Name: My First Tunnel" sock_getline() : "POP Id: nlede01" sock_getline() : "IPv4 Endpoint: 212.59.138.23" sock_getline() : "IPv4 POP: 193.109.122.244" sock_getline() : "UserState: enabled" sock_getline() : "AdminState: enabled" sock_getline() : "202 Done" Succesfully retrieved tunnel information for T14552 Overriding Local IPv4 address from 212.59.138.23 to 212.59.138.23 sock_printf() : "QUIT Running Down That Hill" Tunnel Information for T14552: POP Id : nlede01 IPv6 Local : 2001:7b8:2ff:1cf::2/64 IPv6 Remote : 2001:7b8:2ff:1cf::1/64 Tunnel Type : 6in4-static Adminstate : enabled Userstate : enabled The aiccu interface does come up and has the correct IP address. Pinging the local IPv6 endpoint works, so does pinging the POP IPv4 endpoint -- but pinging the POP IPv6 endpoint never returns a reply. tcpdump shows the packets going out (it also shows attempts to access IPv6 sites, such as trying to visit www.sixxs.net with its IPv6 address), but no packets coming back: # tcpdump -n -v -i aiccu tcpdump: WARNING: aiccu: no IPv4 address assigned tcpdump: listening on aiccu, link-type RAW (Raw IP), capture size 96 bytes 17:04:42.299314 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:7b8:2ff:1cf::2 > 2001:7b8:2ff:1cf::1: ICMP6, echo request, length 64, seq 1 17:04:43.299630 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:7b8:2ff:1cf::2 > 2001:7b8:2ff:1cf::1: ICMP6, echo request, length 64, seq 2 17:04:44.300638 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:7b8:2ff:1cf::2 > 2001:7b8:2ff:1cf::1: ICMP6, echo request, length 64, seq 3 17:04:45.309630 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:7b8:2ff:1cf::2 > 2001:7b8:2ff:1cf::1: ICMP6, echo request, length 64, seq 4 17:04:46.309642 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:7b8:2ff:1cf::2 > 2001:7b8:2ff:1cf::1: ICMP6, echo request, length 64, seq 5 17:04:47.310776 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:7b8:2ff:1cf::2 > 2001:7b8:2ff:1cf::1: ICMP6, echo request, length 64, seq 6 17:04:48.309962 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:7b8:2ff:1cf::2 > 2001:7b8:2ff:1cf::1: ICMP6, echo request, length 64, seq 7 17:05:28.847781 IP6 (hlim 64, next-header TCP (6) payload length: 40) 2001:7b8:2ff:1cf::2.54230 > 2001:838:1:1:210:dcff:fe20:7c7c.80: S, cksum 0xd856 (correct), 1426750999:1426750999(0) win 4880 <mss 1220,sackOK,timestamp 7931735 0,nop,wscale 7> 17:05:31.848612 IP6 (hlim 64, next-header TCP (6) payload length: 40) 2001:7b8:2ff:1cf::2.54230 > 2001:838:1:1:210:dcff:fe20:7c7c.80: S, cksum 0xcc9e (correct), 1426750999:1426750999(0) win 4880 <mss 1220,sackOK,timestamp 7934735 0,nop,wscale 7> 17:05:37.847627 IP6 (hlim 64, next-header TCP (6) payload length: 40) 2001:7b8:2ff:1cf::2.54230 > 2001:838:1:1:210:dcff:fe20:7c7c.80: S, cksum 0xb52e (correct), 1426750999:1426750999(0) win 4880 <mss 1220,sackOK,timestamp 7940735 0,nop,wscale 7> 17:05:49.847627 IP6 (hlim 64, next-header TCP (6) payload length: 40) 2001:7b8:2ff:1cf::2.54230 > 2001:838:1:1:210:dcff:fe20:7c7c.80: S, cksum 0x864e (correct), 1426750999:1426750999(0) win 4880 <mss 1220,sackOK,timestamp 7952735 0,nop,wscale 7> I suspect the packets are being dropped somewhere on the way. My connection goes through a ZyXEL ZyWALL 5 (suspected culprit) that is configured to silently pass all packets for 212.59.138.23 to my machine without doing any firewalling. I'm running a development snapshot of Ark Linux, using kernel 2.6.24.3; uname -r says "Linux fastbuild.arklinux.org 2.6.24.3-1arksmp #1 SMP Wed Feb 27 02:22:43 UTC 2008 i686 GNU/Linux"

State change: user Locked

Jeroen Massar SixXS Staff

on Tuesday, 11 March 2008 22:02:23

The state of this ticket has been changed to user

T14552: No IPv6 ping replies

Jeroen Massar SixXS Staff

on Tuesday, 11 March 2008 22:07:35

From the Reporting problems Checklist/ 8<--------------------------------- Check with Wireshark or tcpdumps of the interface over which the tunnel runs. Use -n (numeric) as an option and don't filter returning ICMP which could also come from routers between your endpoint and the PoP and also use -s 1500 so that one gets the full packet. --------------------------------->8 That you can send traffic through a device is great, but it doesn't mean it is going anywhere in IPv4. Also if you think it is a firewall on your side, then why are you opening a ticket? Please read the firewalling FAQ for the details on what to open. If the firewall device in question is not under your command, then it is most likely the networks decision to not have you use these protocols and you then should not try and circumvent their network policy. Lastly, one can easily configure a static proto-41 tunnel manually, generally the distribution provides an easily scriptable way to configure these. AICCU can do it too, but it is a bit overkill to use it for that purpose.

Please note Posting is only allowed when you are logged in.