justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
[ipv6] Any idea why I cannot ping?I've run out of ideas or am not seeing something obvious. Why can't I ping6 anything global? but I can ping6 the default route. And the IP is pingable from the net. There is no firewall set for ipv6. I can tcpdump and see the outgoing ICMP packets but nothing comes back. eth6 Link encap:Ethernet HWaddr a0:36:9f:4e:0d:a8
inet addr:72.52.179.213 Bcast:72.52.179.255 Mask:255.255.254.0
inet6 addr: 2607:fad0:3706:1::1000/48 Scope:Global
inet6 addr: fe80::a236:9fff:fe4e:da8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7997139845 errors:0 dropped:14673423 overruns:0 frame:0
TX packets:12122662553 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6595692147070 (6.5 TB) TX bytes:14377230343953 (14.3 TB)
ping6 ipv6.google.com
PING ipv6.google.com(ord08s11-in-x0e.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
# route -6|grep eth6
2607:fad0:32::/48 :: U 256 0 0 eth6
2607:fad0:3706::/48 :: U 256 0 1 eth6
fe80::/64 :: U 256 0 0 eth6
::/0 2607:fad0:3706::1 UG 1024 81 0 eth6
ff00::/8 :: U 256 0 0 eth6
ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ping6 2607:fad0:3706::1
PING 2607:fad0:3706::1(2607:fad0:3706::1) 56 data bytes
64 bytes from 2607:fad0:3706::1: icmp_seq=1 ttl=64 time=0.554 ms
I'm stumped. |
|
tubbynetreminds me of the danse russe MVM join:2008-01-16 Gilbert, AZ
2 recommendations |
can you ping the ipv6 equivalent of 8.8.8.8?
2001:4860:4860::8888 and 2001:4860:4860::8844
?
maybe the reason no response is your dns not returning the aaaa record?
q. |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
Good spot but no, that doesn't work either. ping6 2001:4860:4860::8888 PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes ^C --- 2001:4860:4860::8888 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4000ms here you can see the packets going out and nothing on eth6 coming back. /usr/sbin/tcpdump -n -i eth6 host 2001:4860:4860::8888
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth6, link-type EN10MB (Ethernet), capture size 65535 bytes
^Z
[1]+ Stopped /usr/sbin/tcpdump -n -i eth6 host 2001:4860:4860::8888
root@castor:~# bg
[1]+ /usr/sbin/tcpdump -n -i eth6 host 2001:4860:4860::8888 &
root@castor:~# !ping6
ping6 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
19:56:21.243025 IP6 2607:fad0:32:a017:0:1:0:1000 > 2001:4860:4860::8888: ICMP6, echo request, seq 1, length 64
19:56:22.252014 IP6 2607:fad0:32:a017:0:1:0:1000 > 2001:4860:4860::8888: ICMP6, echo request, seq 2, length 64
^C
--- 2001:4860:4860::8888 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1008ms
|
|
tubbynetreminds me of the danse russe MVM join:2008-01-16 Gilbert, AZ 1 edit
2 recommendations |
have you confirmed with your hosting provider that they arent filtering ipv6 pings (on purpose or inadvertantly)? ipv6 breaks badly when ping isnt there.
also -- did the ping always work? does your host have your netblock routed accordingly? i'm assuming they are giving you a ::/64?
(edit) nvm. i dont read. i see you have a ::/48. how have you carved it up? have you tried testing from several blocks (::/64s)?
have you tried looking at your hosting providers ipv6 looking glass (if they have one)?
q. |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
Yeah I've raised a ticket.
As far as I remember i could previously ping ipv6.google.com etc. It bothers me that ICMP isn't working now because as you point out it is probably required and we have these issues with little outages primarily with people on ipv6.
They gave me a /48 as per the ifconfig. |
|
1 recommendation |
to justin
what is the nature of 2607:fad0:3706:1::1000?
nslookup of www.dslreports.com shows
Non-authoritative answer: Name: www.dslreports.com Addresses: 2607:fad0:3706:1::1000 - i believe this is what castor is too. 64.91.255.98
nslookup of castor.dslreports.com shows
Non-authoritative answer: Name: castor.dslreports.com Address: 72.52.179.213
they are both public IPs so unless it is load balancer or traffic manager, that seems weird - off the top of my head. but this isn't really my thing. |
|
|
tubbynetreminds me of the danse russe MVM join:2008-01-16 Gilbert, AZ
2 recommendations |
to justin
yeah. i've noticed the ipv6 stalls, but i figured it was me because i'm working with my provider on some dhcpv6-pd issues and my netblock not working properly.
if you cant get beyond your gateway -- something is amiss. if your provider has a looking glass (probably not and your carrier's upstreams will only see the ::/32 or whatever they carry as aggregated space), you may be able to see if your ::/48 appears.
can you run a curl or a wget to a v6 host, just to see if all connectivity is down on v6 or just broken pings?
q. |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
1 recommendation |
to threetrolls
The nature? castor.dslreports.com is a dedicated machine, and has the IPv6 address of 2607:fad0:3706:1::1000
They told me its ipv6 gateway is 2607:fad0:3706::1
and indeed thats where I get traffic from etc.
So castor.dslreports.com acts as a proxy for the site, communicating internally with it.
I've just removed the AAAA records from dslreports.com and www.dslreports.com because this whole thing makes me uncomfortable until they get back to me on their support ticket.
telnet ipv6.google.com 80 Trying 2607:f8b0:4009:805::200e...
(hangs).
Note however there is a continual stream of ipv6 traffic to the web server on castor.dslreports.com |
|
tubbynetreminds me of the danse russe MVM join:2008-01-16 Gilbert, AZ
2 recommendations |
said by justin:The nature? castor.dslreports.com is a dedicated machine, and has the IPv6 address of 2607:fad0:3706:1::1000 from the for what its worth department: 2821-ir01#ping ipv6 2607:fad0:3706::1 source gi0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:FAD0:3706::1, timeout is 2 seconds:
Packet sent with a source address of 2600:8800:<masked>:6BA4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/71/76 ms
2821-ir01#ping ipv6 2607:fad0:3706:1::1000 source gi0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:FAD0:3706:1::1000, timeout is 2 seconds:
Packet sent with a source address of 2600:8800:<masked>:6BA4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms
routing looks solid. why you're not getting pings back on your end is odd. (edited to add) 2821-ir01#traceroute ipv6 2607:fad0:3706:1::1000
Type escape sequence to abort.
Tracing the route to 2607:FAD0:3706:1::1000
1 2600:8800:<masked>::1 16 msec 8 msec 4 msec
2 2001:578:803:107::2C 8 msec 8 msec 12 msec
3 2001:578:802:104::14 12 msec 12 msec 16 msec
4 2001:578:1:0:172:17:249:32 24 msec 28 msec 20 msec
5 10gigabitethernet9-7.core1.lax1.he.net (2001:470:0:279::1) 32 msec 20 msec 24 msec
6 100ge11-1.core1.lax2.he.net (2001:470:0:72::2) 28 msec 28 msec 24 msec
7 10ge14-1.core1.den1.he.net (2001:470:0:15D::1) 76 msec 84 msec 72 msec
8 10ge4-3.core1.chi1.he.net (2001:470:0:1AF::1) 72 msec 72 msec 128 msec
9 2001:504:0:4:0:3:2244:1 60 msec 64 msec 92 msec
10 2607:FAD0:31:2009::1 72 msec 116 msec 100 msec
11 2607:FAD0:31:200A::1 152 msec
2607:FAD0:31:201F::1 76 msec
2607:FAD0:31:200A::1 108 msec
12 2607:FAD0:31:2011::2 96 msec 96 msec
2607:FAD0:31:2012::2 72 msec
13 2607:FAD0:3706:1::1000 104 msec 104 msec 92 msec
q. |
|
1 recommendation |
to justin
is there a chance 2607:fad0:3706:1::1000 is set up on another machine? a vm you were testing with before deployment? |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
|
Nope.
The support staff asked me to change the ipv6 default gateway to fe80::1
however I'm unable to do that.
root@castor:~# ip -6 route add fe80::1 dev eth6 root@castor:~# route -6 add default gw fe80::1 SIOCADDRT: Invalid argument root@castor:~# ip -6 route add default via fe80::1 RTNETLINK answers: Invalid argument root@castor:~# route add -A inet6 default gw fe80::1 SIOCADDRT: Invalid argument |
|
tubbynetreminds me of the danse russe MVM join:2008-01-16 Gilbert, AZ
2 recommendations |
because thats a link-local address, not a globally routable address. there's a lot of automagical mechanisms behind the scenes with ipv6 and how neighbor discovery, router solicitation, router announcements, etc all tie together. tl;dr -- escalate a level until you find someone that knows what they're talking about. q. |
|
justin..needs sleep Mod join:1999-05-28 2031 |
justin
Mod
2016-Jun-9 10:10 pm
Yeah I'm trying. |
|
|
Based on the other tread problem solved so what was the issue? |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
2 recommendations |
justin
Mod
2016-Jun-12 1:13 am
eth6 had a second (older) global ipv6 address set in the interface.
Removing that, suddenly I can ping6 again.
I've no idea if this caused any other issues the random site freezes would have happened to anyone ipv6 or ipv4 because the database was just randomly slowing to molasses for 20 seconds or so now and again. |
|