dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
489
share rss forum feed


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:5
Reviews:
·ViaTalk
·AT&T U-Verse

Anyone else seeing IPv6 6rd tunnel failure?

I have been trying to get my Cisco 3825 router setup to support AT&T's 6rd tunnel offering for IPv6. I finally worked through my issues getting DMZ+ mode functioning on my 2Wire 3801 with my 3825. I have configured everything on my router to support 6rd. The tunnel shows that it is Up/Up. I am receiving the proper delegated /60 IPv6 prefix. I have 2000::/3 routed to the border relay anycast address. I have configured the local LAN interface for one of the /64 networks. My clients can reach/ping6 the router on both link-local and global unicast addresses and the tunnel interface but can go no further. I can not ping the Border Relay's IPv6 address from the router either. I have also disabled all of my security configs ACLs, CBAC, and ZBFW just to be sure it was not something simple breaking it.

So, I did some reading and debugging and found that the Zone Based Firewall does not support IPv6 until IOS version 15.2T. I'm still running 15.1(4) on it. I verified this when debugging and could see the traffic was getting dropped by the ZBFW output rules. So, I removed the interface configuration for ZBFW. I ran the debugs again just pinging the remote gateway and I can see the traffic is properly forwarding out the 6rd tunnel interface destined for the remote anycast address. However, I am getting no responses coming inbound. The only other thing I can do to debug is to try to capture on the LAN segment beyond my router and look at the IPv4 tunnel communication. Other than that, I am at a loss as to how to identify the root cause. This issue appears to be beyond my equipment.

Has anyone else seen this kind of failure with the 2Wire 3801? I got the new firmware update a few weeks ago.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/