dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
867

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

[ipv6] Any idea why I cannot ping?

I've run out of ideas or am not seeing something obvious.
Why can't I ping6 anything global? but I can ping6 the default route.
And the IP is pingable from the net. There is no firewall set for ipv6. I can tcpdump and see the outgoing ICMP packets but nothing comes back.

eth6      Link encap:Ethernet  HWaddr a0:36:9f:4e:0d:a8  
          inet addr:72.52.179.213  Bcast:72.52.179.255  Mask:255.255.254.0
          inet6 addr: 2607:fad0:3706:1::1000/48 Scope:Global
          inet6 addr: fe80::a236:9fff:fe4e:da8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7997139845 errors:0 dropped:14673423 overruns:0 frame:0
          TX packets:12122662553 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6595692147070 (6.5 TB)  TX bytes:14377230343953 (14.3 TB)
 

 ping6 ipv6.google.com
PING ipv6.google.com(ord08s11-in-x0e.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
 

# route -6|grep eth6
2607:fad0:32::/48              ::                         U    256 0     0 eth6
2607:fad0:3706::/48            ::                         U    256 0     1 eth6
fe80::/64                      ::                         U    256 0     0 eth6
::/0                           2607:fad0:3706::1          UG   1024 81     0 eth6
ff00::/8                       ::                         U    256 0     0 eth6
 

ip6tables -L 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       
 

ping6 2607:fad0:3706::1 
PING 2607:fad0:3706::1(2607:fad0:3706::1) 56 data bytes
64 bytes from 2607:fad0:3706::1: icmp_seq=1 ttl=64 time=0.554 ms
 

I'm stumped.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

2 recommendations

tubbynet

MVM

can you ping the ipv6 equivalent of 8.8.8.8?

2001:4860:4860::8888 and 2001:4860:4860::8844

?

maybe the reason no response is your dns not returning the aaaa record?

q.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

Good spot but no, that doesn't work either.

ping6 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
^C
--- 2001:4860:4860::8888 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4000ms

here you can see the packets going out
and nothing on eth6 coming back.

/usr/sbin/tcpdump -n -i eth6 host 2001:4860:4860::8888
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth6, link-type EN10MB (Ethernet), capture size 65535 bytes
^Z
[1]+  Stopped                 /usr/sbin/tcpdump -n -i eth6 host 2001:4860:4860::8888
root@castor:~# bg
[1]+ /usr/sbin/tcpdump -n -i eth6 host 2001:4860:4860::8888 &
root@castor:~# !ping6
ping6 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
19:56:21.243025 IP6 2607:fad0:32:a017:0:1:0:1000 > 2001:4860:4860::8888: ICMP6, echo request, seq 1, length 64
19:56:22.252014 IP6 2607:fad0:32:a017:0:1:0:1000 > 2001:4860:4860::8888: ICMP6, echo request, seq 2, length 64
^C
--- 2001:4860:4860::8888 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1008ms
 

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

1 edit

2 recommendations

tubbynet

MVM

have you confirmed with your hosting provider that they arent filtering ipv6 pings (on purpose or inadvertantly)? ipv6 breaks badly when ping isnt there.

also -- did the ping always work?
does your host have your netblock routed accordingly? i'm assuming they are giving you a ::/64?

(edit) nvm. i dont read. i see you have a ::/48.
how have you carved it up? have you tried testing from several blocks (::/64s)?

have you tried looking at your hosting providers ipv6 looking glass (if they have one)?

q.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

Yeah I've raised a ticket.

As far as I remember i could previously ping ipv6.google.com etc. It bothers me that ICMP isn't working now because as you point out it is probably required and we have these issues with little outages primarily with people on ipv6.

They gave me a /48 as per the ifconfig.
threetrolls
join:2003-04-19
Bellevue, WA

1 recommendation

threetrolls to justin

Member

to justin
what is the nature of 2607:fad0:3706:1::1000?

nslookup of www.dslreports.com shows

Non-authoritative answer:
Name: www.dslreports.com
Addresses: 2607:fad0:3706:1::1000 - i believe this is what castor is too.
64.91.255.98

nslookup of castor.dslreports.com shows

Non-authoritative answer:
Name: castor.dslreports.com
Address: 72.52.179.213

they are both public IPs so unless it is load balancer or traffic manager, that seems weird - off the top of my head. but this isn't really my thing.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

2 recommendations

tubbynet to justin

MVM

to justin
yeah.
i've noticed the ipv6 stalls, but i figured it was me because i'm working with my provider on some dhcpv6-pd issues and my netblock not working properly.

if you cant get beyond your gateway -- something is amiss.
if your provider has a looking glass (probably not and your carrier's upstreams will only see the ::/32 or whatever they carry as aggregated space), you may be able to see if your ::/48 appears.

can you run a curl or a wget to a v6 host, just to see if all connectivity is down on v6 or just broken pings?

q.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

1 recommendation

justin to threetrolls

Mod

to threetrolls
The nature?
castor.dslreports.com is a dedicated machine, and has the IPv6 address of 2607:fad0:3706:1::1000

They told me its ipv6 gateway is 2607:fad0:3706::1

and indeed thats where I get traffic from etc.

So castor.dslreports.com acts as a proxy for the site, communicating internally with it.

I've just removed the AAAA records from dslreports.com and www.dslreports.com because this whole thing makes me uncomfortable until they get back to me on their support ticket.

telnet ipv6.google.com 80
Trying 2607:f8b0:4009:805::200e...

(hangs).

Note however there is a continual stream of ipv6 traffic to the web server on castor.dslreports.com

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

2 recommendations

tubbynet

MVM

said by justin:

The nature?
castor.dslreports.com is a dedicated machine, and has the IPv6 address of 2607:fad0:3706:1::1000

from the for what its worth department:

2821-ir01#ping ipv6 2607:fad0:3706::1 source gi0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:FAD0:3706::1, timeout is 2 seconds:
Packet sent with a source address of 2600:8800:<masked>:6BA4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/71/76 ms
 
2821-ir01#ping ipv6 2607:fad0:3706:1::1000 source gi0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:FAD0:3706:1::1000, timeout is 2 seconds:
Packet sent with a source address of 2600:8800:<masked>:6BA4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms
 

routing looks solid.
why you're not getting pings back on your end is odd.

(edited to add)

2821-ir01#traceroute ipv6 2607:fad0:3706:1::1000
Type escape sequence to abort.
Tracing the route to 2607:FAD0:3706:1::1000
 
  1 2600:8800:<masked>::1 16 msec 8 msec 4 msec
  2 2001:578:803:107::2C 8 msec 8 msec 12 msec
  3 2001:578:802:104::14 12 msec 12 msec 16 msec
  4 2001:578:1:0:172:17:249:32 24 msec 28 msec 20 msec
  5 10gigabitethernet9-7.core1.lax1.he.net (2001:470:0:279::1) 32 msec 20 msec 24 msec
  6 100ge11-1.core1.lax2.he.net (2001:470:0:72::2) 28 msec 28 msec 24 msec
  7 10ge14-1.core1.den1.he.net (2001:470:0:15D::1) 76 msec 84 msec 72 msec
  8 10ge4-3.core1.chi1.he.net (2001:470:0:1AF::1) 72 msec 72 msec 128 msec
  9 2001:504:0:4:0:3:2244:1 60 msec 64 msec 92 msec
 10 2607:FAD0:31:2009::1 72 msec 116 msec 100 msec
 11 2607:FAD0:31:200A::1 152 msec
    2607:FAD0:31:201F::1 76 msec
    2607:FAD0:31:200A::1 108 msec
 12 2607:FAD0:31:2011::2 96 msec 96 msec
    2607:FAD0:31:2012::2 72 msec
 13 2607:FAD0:3706:1::1000 104 msec 104 msec 92 msec
 

q.
threetrolls
join:2003-04-19
Bellevue, WA

1 recommendation

threetrolls to justin

Member

to justin
is there a chance 2607:fad0:3706:1::1000 is set up on another machine? a vm you were testing with before deployment?

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

justin

Mod

Nope.

The support staff asked me to change the ipv6 default gateway to fe80::1

however I'm unable to do that.

root@castor:~# ip -6 route add fe80::1 dev eth6
root@castor:~# route -6 add default gw fe80::1
SIOCADDRT: Invalid argument
root@castor:~# ip -6 route add default via fe80::1
RTNETLINK answers: Invalid argument
root@castor:~# route add -A inet6 default gw fe80::1
SIOCADDRT: Invalid argument

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

2 recommendations

tubbynet

MVM

said by justin:

fe80::1

because thats a link-local address, not a globally routable address. there's a lot of automagical mechanisms behind the scenes with ipv6 and how neighbor discovery, router solicitation, router announcements, etc all tie together.

tl;dr -- escalate a level until you find someone that knows what they're talking about.

q.

justin
..needs sleep
Mod
join:1999-05-28
2031

justin

Mod

Yeah I'm trying.

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA

Napsterbater

MVM

Based on the other tread problem solved so what was the issue?

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

2 recommendations

justin

Mod

eth6 had a second (older) global ipv6 address set in the interface.

Removing that, suddenly I can ping6 again.

I've no idea if this caused any other issues the random site freezes would have happened to anyone ipv6 or ipv4 because the database was just randomly slowing to molasses for 20 seconds or so now and again.