SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #984946
Ticket Status: User

PoP: deham01 - Easynet (Hamburg)

Endpoint not routing my packets
[de] Shadow Hawkins on Wednesday, 25 February 2009 17:24:01
Dear Sixxs team, I have a problem with (probably) routing. I have set up my tunnel using aiccu. I have just changed the IPv4 address of my endpoint since we moved to a new line. We are now directly connected with our endpoint's provider (easynet) via an MPLS, so we should end up right in their datacenter. To start: the configuration of my sixxs interface looks like this: freiheit-gateway ~ # ifconfig sixxs sixxs Link encap:IPv6-in-IPv4 inet6 addr: 2001:6f8:900:c28::2/64 Scope:Global inet6 addr: fe80::c3b1:3073/128 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:187 dropped:0 overruns:0 carrier:187 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) This seems to look ok. Now for the routing: freiheit-gateway ~ # ip -6 route show 2001:6f8:900:c28::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev sixxs metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 default via 2001:6f8:900:c28::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 4294967295 This also looks good as far as I can see. Now, if I ping ipv6.google.com or any other IPv6 address (even the one of my tunnel endpoint), I get the following output: freiheit-gateway ~ # ping6 ipv6.google.com PING ipv6.google.com(2001:4860:0:1001::68) 56 data bytes From cl-3113.ham-01.de.sixxs.net icmp_seq=1 Destination unreachable: Address unreachable From cl-3113.ham-01.de.sixxs.net icmp_seq=2 Destination unreachable: Address unreachable ^C --- ipv6.google.com ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms If I capture the packets with tcpdump, I can see the packets going into the tunnel, but nothing is returned. A traceroute to ipv6.google.com yields the following result: freiheit-gateway ~ # traceroute6 ipv6.google.com traceroute to ipv6.l.google.com (2001:4860:0:1001::68) from 2001:6f8:900:c28::2, 30 hops max, 16 byte packets 1 cl-3113.ham-01.de.sixxs.net (2001:6f8:900:c28::2) 0.061 ms !H 0.031 ms !H 0.027 ms !H So, I think this is a routing problem of some sort, but I cannot figure out what is happening. I can also not see the heartbeat ping from the other side. Is that a problem? The setup here is like the following: easynet -[firewall0]-[MPLS-endpoint]-- MPLS --[MPLS-endpoint/firewall1]--transfer-net--[firewall2]--internal-net The IPv6 endpoint is now on firewall2. What type of traffic is needed by the AICCU tunnel? Maybe some of the previous firewalls are blocking that type of traffic... Any help would be appreciated! Christoph
State change: user Locked
[ch] Jeroen Massar SixXS Staff on Wednesday, 25 February 2009 21:22:20
Message is Locked
The state of this ticket has been changed to user
Endpoint not routing my packets
[ch] Jeroen Massar SixXS Staff on Wednesday, 25 February 2009 21:28:12
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
No packets even traveled there, that is odd. Use "ip tunnel show <device>" and "ip link show <device>" which shows some important details
freiheit-gateway ~ # traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2001:4860:0:1001::68) from 2001:6f8:900:c28::2, 30 hops max, 16 byte packets
1 cl-3113.ham-01.de.sixxs.net (2001:6f8:900:c28::2) 0.061 ms !H 0.031 ms !H 0.027 ms !H
That is your local host reporting it can't use the tunnel. Is the local portion of the tunnel correct? (See above tunnel command to check). AICCU does not set that though and it should be 'any'.
The IPv6 endpoint is now on firewall2. What type of traffic is needed by the
AICCU tunnel? Maybe some of the previous firewalls are blocking that type of
traffic...
See FAQ: I have a firewall, what ports/protocols are used?
Endpoint not routing my packets
[de] Shadow Hawkins on Thursday, 26 February 2009 11:01:55
No packets even traveled there, that is odd.
Use "ip tunnel show <device>" and "ip link show <device>" which shows some important details
This is what I get: freiheit-gateway ~ # ip tunnel show sixxs sixxs: ipv6/ip remote 212.224.0.188 local 195.177.48.115 ttl 64 freiheit-gateway ~ # ip link show sixxs 6: sixxs@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue link/sit 195.177.48.115 peer 212.224.0.188 This seems to be fine as well... or should the local IP be the one of my local interface and not the one seen from the PoP since I'm behind a NAT firewall?
Endpoint not routing my packets
[ch] Jeroen Massar SixXS Staff on Thursday, 26 February 2009 15:31:00
or should the local IP be the one of my local interface and not the one seen from the PoP since I'm behind a NAT firewall?
Yes. As that IP is not assigned to your host, how is your host supposed to use it?

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker