ipv6 network fail (newbie alert)

Nick Edwards nick.z.edwards at gmail.com
Wed Mar 6 23:18:26 CET 2013


Hi,
On GW response is empty

on client
ip -6 neigh show:
2001:470:XXX2:524::5 dev eth0  FAILED

and I have no firewalls in debugging this all rules are flushed and
set to accept



On 3/6/13, Eric Vyncke (evyncke) <evyncke at cisco.com> wrote:
> At first sight, it seems OK (except that I usually uses RADVD so the default
> route is a link-local and not a global)
>
> Can you do: "ip -6 neigh show" & "ip6tables -L" on client/gateway?
>
>> -----Original Message-----
>> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de
>> [mailto:ipv6-ops-
>> bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Nick Edwards
>> Sent: mercredi 6 mars 2013 08:16
>> To: ipv6-ops at lists.cluenet.de
>> Subject: ipv6 network fail (newbie alert)
>>
>> Hi,
>> Firstly, I'll admit I'm not expert with ipv6, but have been around in the
>> ipv4 world for years. I have for a while been running a private
>> ipv6 LAN at home using  fd0d:......./64  that worked  fine in my linux
>> based
>> LAN.
>>
>> So I set up a tunnel with HE, from the PC that connects which I'll call
>> GW
>> I can ping  the other end of tunnel and get out to the world using that
>> machine directly.
>>
>> But now I have removed the private range on the 3 PC's, substituting it
>> for
>> the routed /64 range HE gives us (yes, the routed, not the tunnel's /64)
>>
>> The LAN does not respond on ipv6 address on any machine, no box on the
>> LAN
>> can reach any other box on the LAN using ipv6 nor access the internet via
>> ipv6 (but do still work using NAT and  ipv4 if I down all
>> ipv6) this is with the tunnel up or down.
>>
>> I am using static manually entered IP's as these are servers, so radvd
>> and
>> dhcp6 etc are not in use.
>>
>> I'll show the config for GW and one other PC (all PC's use linux)
>> XXX1 will be the tunnel and XXX2  the routed /64 subnets
>>
>>
>> GW:
>>   (sysctl.conf)   net.ipv6.conf.all.forwarding=1
>>
>> he-ipv6   Link encap:IPv6-in-IPv4
>>           inet6 addr: 2001:470:XXX1:524::2/64 Scope:Global
>>           inet6 addr: fe80::a0a:91/128 Scope:Link
>>
>>
>> eth0
>>           inet6 addr: 2001:470:XXX2:524::5/64 Scope:Global
>>           inet6 addr: fe80::211:50ff:fe08:2ad9/64 Scope:Link
>>
>> route table
>> 2001:470:XXX1:524::/64 via :: dev he-ipv6  proto kernel  metric 256 mtu
>> 1480
>> advmss 1420 hoplimit 0
>> 2001:470:XXX2:524::/64 dev eth0  proto kernel  metric 256  mtu 1500
>> advmss
>> 1440 hoplimit 0
>> fe80::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss
>> 1420
>> hoplimit 0
>> fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440
>> hoplimit
>> 0 default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 0
>>
>>
>>
>> On the second box
>>
>> eth0
>>           inet6 addr: fe80::214:c2ff:fe0b:dccf/64 Scope:Link
>>           inet6 addr: 2001:470:XXX2:524::6/64 Scope:Global
>>
>> and routing
>> 2001:470:XXX2:524::/64 dev eth0  proto kernel  metric 256
>> fe80::/64 dev eth0  proto kernel  metric 256
>> ff00::/8 dev eth0  metric 256
>> default via 2001:470:XXX2:524::5 dev eth0  metric 1024
>>
>>
>> This is loaded from rc.ipv6 as:
>>
>> /usr/sbin/ip addr add 2001:470:XXX2:524::6/64 dev eth0 /usr/sbin/ip -6
>> route
>> add default via 2001:470:XXX2:524::5 dev eth0
>>
>>
>> I have also tried swapping the GW pc around to another box.
>> PC's to world _or_ GW with ipv6 all result in:  Destination
>> unreachable: Address unreachable
>> Machines ping6'ing themselves do respond.
>>
>> I know this should work because I've set ipv6 on VPS's and upped them and
>> set routes the same way
>>
>> Also interesting if its kernel fault being as to why the routed range
>> wont
>> work locally either when the private range does. I have another box on
>> network setup same as second box with a diff IP of course, and suffers
>> same
>> fate, all boxes have been rebooted after each change to make sure there
>> is
>> no possible residue left over.
>>
>> Appreciate someone batting me with a clue stick, I'm sure the problem is
>> very obvious, just not to me.
>>
>> Thanks
>> Niki
>



More information about the ipv6-ops mailing list