SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #9789390
Ticket Status: User

PoP: gblon03 - Gyron Internet LTD - Limited UK Company (London)

Tunnel reported as down but isn't?
[gb] Shadow Hawkins on Monday, 22 July 2013 08:25:25
I have managed to get one of my routers to establish a link, but it is still reported as down on SixXS (and I'm getting the downtime emails). I am on an IPv6 enabled connection at work and can ping without any problems:
C:\Windows\System32>tracert -6 omg.me.uk Tracing route to omg.me.uk [2a00:14f0:e000:127::2] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2001:15e0:10::12 2 <1 ms <1 ms <1 ms 2001:15e0:10::11 3 <1 ms 1 ms 1 ms 2001:15e0:10::a 4 1 ms 1 ms 1 ms g0-1-1.ipv6.btn-fn1gw.spn.kcom.com [2001:15e0:0:4::1] 5 2 ms 2 ms 1 ms g0-3.ipv6.crw-fn1gw.spn.kcom.com [2001:15e0:0:3::9] 6 2 ms 2 ms 2 ms g0-2.ipv6.tun-fn1gw.spn.kcom.com [2001:15e0:0:3::5] 7 4 ms 4 ms 5 ms g0-3.ipv6.lon-gs1rt.spn.kcom.com [2001:15e0:0:3::1] 8 50 ms 47 ms 47 ms g6-11.ipv6.lon-gs1cr.spn.kcom.com [2001:15e0:0:135::30] 9 15 ms 6 ms 4 ms vl801.ipv6.lon-th1cr.spn.kcom.com [2001:15e0:0:135::] 10 5 ms 5 ms 5 ms xe-0-0-3.border-1.sov.lon.uk.as29017.net [2001:7f8:4::7159:1] 11 12 ms 7 ms 6 ms xe-0-0-1.core-2.centro.hml.uk.as29017.net [2a00:14f0:0:1::a] 12 6 ms 6 ms 6 ms gblon03.sixxs.net [2a00:14f0:1:2::5] 13 6 ms 6 ms 6 ms gw-296.lon-03.gb.sixxs.net [2a00:14f0:e000:127::1] 14 23 ms 24 ms 23 ms cl-296.lon-03.gb.sixxs.net [2a00:14f0:e000:127::2] Trace complete.
I thought at first it could have been my OpenVPN tunnel taking the traffic, but the trace route above confirms it to be working (and continues to work with the VPN disconnected). I cannot see what is going wrong... FYI, instructions followed were from my ISP's forums, using the router they supplied: details here
Tunnel reported as down but isn't?
[ch] Jeroen Massar SixXS Staff on Monday, 22 July 2013 08:28:53
but it is still reported as down on SixXS (and I'm getting the downtime emails).
Please read the FAQ: Tunnel endpoint didn't ping
I cannot see what is going wrong...
Not reading the FAQ is one, not reading the big yellow box which asks for providing a lot of details is the other.
FYI, instructions followed were from my ISP's forums, using the router they supplied: details here
Step 4 there notes what you need to do, but more importantly check the FAQ mentioned above.
Tunnel reported as down but isn't?
[gb] Shadow Hawkins on Monday, 22 July 2013 08:36:42
I think you are missing the point - it *does* respond to ping.
Tunnel reported as down but isn't?
[ch] Jeroen Massar SixXS Staff on Monday, 22 July 2013 08:41:17
Please actually read the FAQ and provide the requested details. If it properly replied to the pings and these made it back to the PoP, your graphs (see your user home -> tunnel details) would not be showing 100% packet loss. From the Live Tunnel Status (see again the user home -> tunnel details):
Packet In : 2013-07-22 08:22:42 (1374481362; 0 days 00:16:24 ago) Packets In : 0 Octets In : 0 Packet Out : 2013-07-22 08:38:08 (1374482288; 0 days 00:00:58 ago) Packets Out : 7 Octets Out : 7336 Latency Pkt Sent : 7 Latency Pkt Recv : 0 ... ICMPv4 Errors Received : 16720, last: 212.159.0.243 2013-07-21 10:27:07 (1374402427; 0 days 22:11:59 ago) ICMPv4 Echo Req. Recv. : 14, last: 128.9.168.98 2013-07-21 08:02:24 (1374393744; 1 days 00:36:42 ago)
Most importantly note that "Latency Pkt Recv" is 0, instead of the 7. This clearly shows that you are not properly replying to ICMPv6 requests that the PoP is making. Note also the high number of ICMPv4 errors which indicate a connectivity issue there, though that was a day ago.
Tunnel reported as down but isn't?
[ch] Jeroen Massar SixXS Staff on Monday, 22 July 2013 08:46:34
09:43:35.343528 IP 212.113.147.150 > 212.159.78.186: IP6 2001:838:1:1:210:dcff:fe20:7c7c > 2a00:14f0:e000:127::2: ICMP6, echo request, seq 1, length 64 09:43:35.361735 IP 212.159.78.186 > 212.113.147.150: IP6 2a00:14f0:e000:127::2 > 2001:838:1:1:210:dcff:fe20:7c7c: ICMP6, echo reply, seq 1, length 64 09:44:08.631996 IP 212.113.147.150 > 212.159.78.186: IP6 2a00:14f0:e000:127::1 > 2a00:14f0:e000:127::2: ICMP6, echo request, seq 18553, length 988
First set is indeed a proper reply from a remote server. But when the PoP tries to ping you, there is no response, hence why you are marked as down. See the FAQ for possible problem reasons and their solutions. Likely you misconfigured the route towards the PoP (using a /127 is a typical mistake). As you are providing no details though, there is little we can state about it. (And no, pointing to a random site where there are some setup instructions does not matter, as that is not the actual running configuration).
Tunnel reported as down but isn't?
[ch] Jeroen Massar SixXS Staff on Monday, 22 July 2013 08:49:42
From your 'details' site:
Tell the router its new IPv6 address (the IPv6 Address in the email). Change the subnet mask from 64 to 128 otherwise the 64 subnet route is on the Local Network (not correct)
Code: :ip ipadd intf=LocalNetwork addr=2a00:14f0:e000:b7::2/128 addroute=enabled'
That must be wrong. You cannot put the address of the TUNNEL on the local interface. Also, the prefix is a /64, not a /128 or anything else.
Tunnel reported as down but isn't?
[gb] Shadow Hawkins on Monday, 22 July 2013 08:53:40
Thanks for that, I thought it didn't seem right when I read it... I'll see if I can reconfigure (remotely)
Tunnel reported as down but isn't?
[gb] Shadow Hawkins on Monday, 22 July 2013 09:02:01
Right, reconfigured to correct subnet size with my address of 2a00:14f0:e000:127::2/64 (not 2a00:14f0:e000:127::2/128 as previously configured). If I understand it correctly this will take care of the following FAQ point: * You are rerouting the ICMPv6 echo-reply through another route.
Tunnel reported as down but isn't?
[ch] Jeroen Massar SixXS Staff on Monday, 22 July 2013 09:07:17
Right, reconfigured to correct subnet size with my address of 2a00:14f0:e000:127::2/64 (not 2a00:14f0:e000:127::2/128 as previously configured).
And also on the correct interface?
If I understand it correctly this will take care of the following FAQ point:
* You are rerouting the ICMPv6 echo-reply through another route.
Likely, as you have not shown the actual running configuration it is all a guess. Note that due to configuration/vendor/distribution/setup/etc a lot of things can go wrong, without details, hard to say what is really going on. Hence why there are big yellow boxes shown when one posts which should bring attention to them so that people hopefully include these details.
Tunnel reported as down but isn't?
[gb] Shadow Hawkins on Monday, 22 July 2013 09:32:09
And also on the correct interface?
Possibly not...
:ip iplist Flags legend: [P]referred primar[Y] [R]oute [H]ost route d[E]precated [I]nvalid [T]entative d[U]plicated [A]nycast auto[C]onf [D]ynamic [O]perational Prefix Interface Type Flags Remote IP ------ --------- ---- ----- --------- 10.0.0.138/24 LocalNetwork Ethernet ..RH.......O 192.168.1.254/24 LocalNetwork Ethernet PYRH.......O 212.159.78.186/32 Internet Serial ..RH......DO 195.166.128.197 127.0.0.1/32 loop Internal ...H......DO Prefix Interface Type Flags ------ --------- ---- ----- fe80::d49f:4eba/64 6in4tunnel Tunnel ..RH......DO 2a00:14f0:e000:127::2/64 LocalNetwork Ethernet ...H.......O 2a00:14f0:e000:127::/64 LocalNetwork Ethernet ..RH....A.DO fe80::a6b1:e9ff:fe40:d592/64 LocalNetwork Ethernet ..RH......DO ::1/128 loop Internal ..RH......DO fe80::1/64 loop Internal ..RH......DO
I shall attempt to reconfigure to point to 6in4tunnel
Tunnel reported as down but isn't?
[ch] Jeroen Massar SixXS Staff on Monday, 22 July 2013 09:46:32
2a00:14f0:e000:127::/64 LocalNetwork Ethernet ..RH....A.DO
As that is the most specific route towards the PoP side of the tunnel, your replies to the ICMP packets end up on that interface, where the PoP does not exist. That is why your replies are 'lost' and never arrive at the PoP and hence why your tunnel is reported as 'down'. Note that any other reply works as the default route takes care of that. (though I don't actually see a default route there).
I shall attempt to reconfigure to point to 6in4tunnel
Any address in 2a00:14f0:e000:127::/64 should only live on that interface, nothing else, it is the tunnel prefix. There is a disjunct /64 (or on request a /48) which should go on the "LocalNetwork" interface. It seems that you are not using that prefix yet, which would be logical to do. This shows that the 'instructions' on the page you pointed to are quite wrong.
Tunnel reported as down but isn't?
[gb] Shadow Hawkins on Monday, 22 July 2013 09:51:29
Router settings now look like this:
{admin}=>ip iplist Flags legend: [P]referred primar[Y] [R]oute [H]ost route d[E]precated [I]nvalid [T]entative d[U]plicated [A]nycast auto[C]onf [D]ynamic [O]perational Prefix Interface Type Flags Remote IP ------ --------- ---- ----- --------- 10.0.0.138/24 LocalNetwork Ethernet ..RH.......O 192.168.1.254/24 LocalNetwork Ethernet PYRH.......O 212.159.78.186/32 Internet Serial ..RH......DO 195.166.128.197 127.0.0.1/32 loop Internal ...H......DO Prefix Interface Type Flags ------ --------- ---- ----- 2a00:14f0:e000:127::2/64 6in4tunnel Tunnel ...H.......O fe80::d49f:4eba/64 6in4tunnel Tunnel ..RH......DO 2a00:14f0:e000:127::/64 LocalNetwork Ethernet ...H....A..O fe80::a6b1:e9ff:fe40:d592/64 LocalNetwork Ethernet ..RH......DO ::1/128 loop Internal ..RH......DO fe80::1/64 loop Internal ..RH......DO
And live tunnel status is showing replies to its packets! However, I don't get any response from the other end of the tunnel on the router:
{admin}=>: ping proto=ip addr=2a00:14f0:e000:b7::1 Legend : Pingv6 successful(!) Pingv6 Timeout(.) Hit ctrl-g to abort... ..... --- Pingv6 statistics --- 5 packet(s) transmitted, 0 successful, 100% packet loss
...but I do get a response from other places. I write this before actioning your comment about '2a00:14f0:e000:127::/64 living on the tunnel' - what do you suggest the /48 on LocalNetwork should be? Should I be configuring 2a00:14f0:e000:127::/64 on 6in4tunnel and 2a00:14f0:e000:127::/48 on LocalNetwork?
Tunnel reported as down but isn't?
[ch] Jeroen Massar SixXS Staff on Monday, 22 July 2013 09:57:09
2a00:14f0:e000:127::2/64 6in4tunnel Tunnel ...H.......O
2a00:14f0:e000:127::/64 LocalNetwork Ethernet ...H....A..O
You have the endpoint address on the tunnel, but the rest is still on your local network, that will not work.
I write this before actioning your comment about '2a00:14f0:e000:127::/64 living on the tunnel' - what do you suggest the /48 on LocalNetwork should be?
A /48 should be requested, and you only should put a /64 out of that /48 on a interface. You already have, per default with each tunnel, a routed /64 (which looks similar but is not the same as the tunnel interface), this one should be put on the local network interface and routed there.
Should I be configuring 2a00:14f0:e000:127::/64 on 6in4tunnel and 2a00:14f0:e000:127::/48 on LocalNetwork?
2a00:14f0:e000:127::/64 is a tunnel, it should only exist on the tunnel. 2a00:14f0:e000:127::/48 would be 2a00:14f0:e000::/48, which is the prefix where all the tunnels for that PoP live in, and not yours to use. See your User Home for details on which prefixes are allocated to you, on which tunnel they are routed and how they are routed.

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker