Re: IPv6 routing issue
On Sat, Dec 29, 2007 at 02:18:51PM +0100, strawks wrote: > On Sat, 2007-12-29 at 22:26 +1100, Alex Samad wrote: > > you could set the netmask to /48 for both of them, that should get it > > working > > I finally managed to get things working, but I still don't understand > why it works now and so I don't know if this is the way it should work. i missed that > I probably need to read more docs about IPv6. > > kaname had 2 IPv6 addresses, one global and one link address, while > nadia were only having one global address. I just added a link address > to nadia and things have gone working. If I remove the scope:link > addresses on both nadia and kaname it doesn't work. > > Is this the way things should be setup? What is the purpose of these > scope:link addresses? majority of link traffic is done with link addresses > > Thanks for your help and your time. > -- > strawks <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Re: IPv6 routing issue
On Sat, 2007-12-29 at 22:26 +1100, Alex Samad wrote: > you could set the netmask to /48 for both of them, that should get it working I finally managed to get things working, but I still don't understand why it works now and so I don't know if this is the way it should work. I probably need to read more docs about IPv6. kaname had 2 IPv6 addresses, one global and one link address, while nadia were only having one global address. I just added a link address to nadia and things have gone working. If I remove the scope:link addresses on both nadia and kaname it doesn't work. Is this the way things should be setup? What is the purpose of these scope:link addresses? Thanks for your help and your time. -- strawks <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part
Re: IPv6 routing issue
On Sat, 2007-12-29 at 22:26 +1100, Alex Samad wrote: > > 2: eth0: mtu 1500 qlen 1000 > > inet6 2001:6f8:306::11/128 scope global > you have given it a /128 this is the same as using a /32 for ipv4 [...] > > 2: eth0: mtu 1500 qlen 1000 > > inet6 2001:6f8:306::1/128 scope global > > same problem here. the two addresses are not part of the same network. I > think > you were given a /48 ? > > you could set the netmask to /48 for both of them, that should get it working ok, now they both have a correct netmask. kaname : 2: eth0: mtu 1500 qlen 1000 inet6 2001:6f8:306::11/48 scope global and nadia : 2: eth0: mtu 1500 qlen 1000 inet6 2001:6f8:306::1/48 scope global But the problem still persists : kaname$ date && ping6 www.ipv6.org Sat Dec 29 12:51:00 CET 2007 PING www.ipv6.org(igloo.stacken.kth.se) 56 data bytes 64 bytes from igloo.stacken.kth.se: icmp_seq=11 ttl=49 time=239 ms 64 bytes from igloo.stacken.kth.se: icmp_seq=12 ttl=49 time=234 ms 64 bytes from igloo.stacken.kth.se: icmp_seq=13 ttl=49 time=203 ms 64 bytes from igloo.stacken.kth.se: icmp_seq=14 ttl=49 time=188 ms 64 bytes from igloo.stacken.kth.se: icmp_seq=15 ttl=49 time=222 ms [ no packet lost here ] 64 bytes from igloo.stacken.kth.se: icmp_seq=52 ttl=49 time=214 ms [ no more replies after that, until I restart the ping to nadia ] kaname$ date && ping6 nadia.irken.org Sat Dec 29 12:51:10 CET 2007 PING nadia.irken.org(nadia.irken.org) 56 data bytes 64 bytes from nadia.irken.org: icmp_seq=1 ttl=64 time=1.17 ms 64 bytes from nadia.irken.org: icmp_seq=2 ttl=64 time=0.236 ms 64 bytes from nadia.irken.org: icmp_seq=3 ttl=64 time=0.243 ms 64 bytes from nadia.irken.org: icmp_seq=4 ttl=64 time=0.239 ms 64 bytes from nadia.irken.org: icmp_seq=5 ttl=64 time=0.233 ms 64 bytes from nadia.irken.org: icmp_seq=6 ttl=64 time=0.236 ms 64 bytes from nadia.irken.org: icmp_seq=7 ttl=64 time=0.235 ms 64 bytes from nadia.irken.org: icmp_seq=8 ttl=64 time=0.234 ms 64 bytes from nadia.irken.org: icmp_seq=9 ttl=64 time=0.235 ms --- nadia.irken.org ping statistics --- 9 packets transmitted, 9 received, 0% packet loss, time 8002ms rtt min/avg/max/mdev = 0.233/0.341/1.179/0.296 ms -- strawks <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part
Re: IPv6 routing issue
On Sat, Dec 29, 2007 at 09:35:16AM +0100, strawks wrote: > On Sat, 2007-12-29 at 11:14 +1100, Alex Samad wrote: > > could you do a ip -6 r; ip -6 a on both boxes please > > On kaname : > $ ip -6 r > 2001:6f8:306::11 dev eth0 metric 256 expires 17141571sec mtu 1500 > advmss 1440 hoplimit 4294967295 > 2001:6f8:306::/48 dev eth0 metric 1 expires 21294087sec mtu 1500 > advmss 1440 hoplimit 4294967295 > 2000::/3 via 2001:6f8:306::1 dev eth0 metric 1 expires 21294163sec mtu > 1500 advmss 1440 hoplimit 4294967295 > fe80::/64 dev eth0 metric 256 expires 21304233sec mtu 1500 advmss 1440 > hoplimit 4294967295 > $ ip -6 a > 1: lo: mtu 16436 > inet6 ::1/128 scope host >valid_lft forever preferred_lft forever > 2: eth0: mtu 1500 qlen 1000 > inet6 2001:6f8:306::11/128 scope global you have given it a /128 this is the same as using a /32 for ipv4 >valid_lft forever preferred_lft forever > inet6 fe80::2e0:81ff:fe54:f91b/64 scope link >valid_lft forever preferred_lft forever > > On nadia : > $ ip -6 r > 2001:6f8:202:202::/64 dev sixxs metric 256 expires 19015336sec mtu > 1280 advmss 1220 hoplimit 4294967295 > 2001:6f8:306::/48 dev eth0 metric 1 expires 19620405sec mtu 1500 > advmss 1440 hoplimit 4294967295 > 2000::/3 via 2001:6f8:202:202::1 dev sixxs metric 1 expires > 21018930sec mtu 1280 advmss 1220 hoplimit 4294967295 > fe80::/64 dev sixxs metric 256 expires 19015336sec mtu 1280 advmss > 1220 hoplimit 4294967295 > fe80::/64 dev eth0 metric 256 expires 19616747sec mtu 1500 advmss 1440 > hoplimit 4294967295 > ff00::/8 dev sixxs metric 256 expires 19015336sec mtu 1280 advmss 1220 > hoplimit 4294967295 > ff00::/8 dev eth0 metric 256 expires 19616747sec mtu 1500 advmss 1440 > hoplimit 4294967295 > default dev sixxs metric 256 expires 19015778sec mtu 1280 advmss 1220 > hoplimit 4294967295 > default via 2001:6f8:202:202::1 dev sixxs metric 1024 expires > 19015336sec mtu 1280 advmss 1220 hoplimit 4294967295 > $ ip -6 a > 1: lo: mtu 16436 > inet6 ::1/128 scope host >valid_lft forever preferred_lft forever > 2: eth0: mtu 1500 qlen 1000 > inet6 2001:6f8:306::1/128 scope global same problem here. the two addresses are not part of the same network. I think you were given a /48 ? you could set the netmask to /48 for both of them, that should get it working >valid_lft forever preferred_lft forever > 10: sixxs: mtu 1280 qlen 500 > inet6 2001:6f8:202:202::2/64 scope global >valid_lft forever preferred_lft forever > inet6 fe80::4f8:202:202:2/64 scope link >valid_lft forever preferred_lft forever > > -- > strawks <[EMAIL PROTECTED]> > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > signature.asc Description: Digital signature
Re: IPv6 routing issue
On Sat, 2007-12-29 at 11:14 +1100, Alex Samad wrote: > could you do a ip -6 r; ip -6 a on both boxes please On kaname : $ ip -6 r 2001:6f8:306::11 dev eth0 metric 256 expires 17141571sec mtu 1500 advmss 1440 hoplimit 4294967295 2001:6f8:306::/48 dev eth0 metric 1 expires 21294087sec mtu 1500 advmss 1440 hoplimit 4294967295 2000::/3 via 2001:6f8:306::1 dev eth0 metric 1 expires 21294163sec mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0 metric 256 expires 21304233sec mtu 1500 advmss 1440 hoplimit 4294967295 $ ip -6 a 1: lo: mtu 16436 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qlen 1000 inet6 2001:6f8:306::11/128 scope global valid_lft forever preferred_lft forever inet6 fe80::2e0:81ff:fe54:f91b/64 scope link valid_lft forever preferred_lft forever On nadia : $ ip -6 r 2001:6f8:202:202::/64 dev sixxs metric 256 expires 19015336sec mtu 1280 advmss 1220 hoplimit 4294967295 2001:6f8:306::/48 dev eth0 metric 1 expires 19620405sec mtu 1500 advmss 1440 hoplimit 4294967295 2000::/3 via 2001:6f8:202:202::1 dev sixxs metric 1 expires 21018930sec mtu 1280 advmss 1220 hoplimit 4294967295 fe80::/64 dev sixxs metric 256 expires 19015336sec mtu 1280 advmss 1220 hoplimit 4294967295 fe80::/64 dev eth0 metric 256 expires 19616747sec mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev sixxs metric 256 expires 19015336sec mtu 1280 advmss 1220 hoplimit 4294967295 ff00::/8 dev eth0 metric 256 expires 19616747sec mtu 1500 advmss 1440 hoplimit 4294967295 default dev sixxs metric 256 expires 19015778sec mtu 1280 advmss 1220 hoplimit 4294967295 default via 2001:6f8:202:202::1 dev sixxs metric 1024 expires 19015336sec mtu 1280 advmss 1220 hoplimit 4294967295 $ ip -6 a 1: lo: mtu 16436 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qlen 1000 inet6 2001:6f8:306::1/128 scope global valid_lft forever preferred_lft forever 10: sixxs: mtu 1280 qlen 500 inet6 2001:6f8:202:202::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4f8:202:202:2/64 scope link valid_lft forever preferred_lft forever -- strawks <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 routing issue
could you do a ip -6 r; ip -6 a on both boxes please On Sat, Dec 29, 2007 at 01:12:50AM +0100, strawks wrote: > On Sat, 2007-12-29 at 10:24 +1100, Alex Samad wrote: > > can you ping 2001:6f8:306::1 from 2001:6f8:306::11, then can you ping > > 2001:6f8:202:202::2. > > > > if not look at ip -6 r g 2001:6f8:202:202::2 see what is says > > ping 2001:6f8:306::1 from 2001:6f8:306::11 -> works fine > ping 2001:6f8:202:202::2 from 2001:6f8:306::11 -> works like pinging > www.ipv6.org (i.e. only works when pinging 2001:6f8:306::1 at the same > time) > > kaname$ ip -6 r g 2001:6f8:202:202::2 > 2001:6f8:202:202::2 from :: via 2001:6f8:306::1 dev eth0 src > 2001:6f8:306::11 metric 1 expires 21325591sec mtu 1500 advmss 1440 > hoplimit 4294967295 > > > try the reverse ping 2001:6f8:306::11 from 2001:6f8:306::1. > > ping 2001:6f8:306::11 from 2001:6f8:306::1 -> works fine > > > Also have you turned on ipv6 forwarding ? sudo sysctl -a | grep ipv6 > > [EMAIL PROTECTED]:~# sysctl -a | grep ipv6 | grep forwarding > net.ipv6.conf.eth0.forwarding = 1 > net.ipv6.conf.sixxs.forwarding = 1 > net.ipv6.conf.default.forwarding = 1 > net.ipv6.conf.all.forwarding = 1 > net.ipv6.conf.lo.forwarding = 1 > > > also maybe check ip6tables -nvL > > it's not a firewall issue (I tried with no rules and all default > policies to ACCEPT) > > I don't see what's wrong with my setup. > > Anyway thanks for your reply. > strawks > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > signature.asc Description: Digital signature
Re: IPv6 routing issue
On Sat, 2007-12-29 at 10:24 +1100, Alex Samad wrote: > can you ping 2001:6f8:306::1 from 2001:6f8:306::11, then can you ping > 2001:6f8:202:202::2. > > if not look at ip -6 r g 2001:6f8:202:202::2 see what is says ping 2001:6f8:306::1 from 2001:6f8:306::11 -> works fine ping 2001:6f8:202:202::2 from 2001:6f8:306::11 -> works like pinging www.ipv6.org (i.e. only works when pinging 2001:6f8:306::1 at the same time) kaname$ ip -6 r g 2001:6f8:202:202::2 2001:6f8:202:202::2 from :: via 2001:6f8:306::1 dev eth0 src 2001:6f8:306::11 metric 1 expires 21325591sec mtu 1500 advmss 1440 hoplimit 4294967295 > try the reverse ping 2001:6f8:306::11 from 2001:6f8:306::1. ping 2001:6f8:306::11 from 2001:6f8:306::1 -> works fine > Also have you turned on ipv6 forwarding ? sudo sysctl -a | grep ipv6 [EMAIL PROTECTED]:~# sysctl -a | grep ipv6 | grep forwarding net.ipv6.conf.eth0.forwarding = 1 net.ipv6.conf.sixxs.forwarding = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.lo.forwarding = 1 > also maybe check ip6tables -nvL it's not a firewall issue (I tried with no rules and all default policies to ACCEPT) I don't see what's wrong with my setup. Anyway thanks for your reply. strawks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 routing issue
On Fri, Dec 28, 2007 at 11:24:22PM +0100, strawks wrote: > Hi all, > > I'm currently trying to set up an IPv6 network at home by using services > provided by SixXS. > > For the moment I'm trying to give IPv6 access to 2 PCs. > The first which will act as a router create the tunnel with a SixXS POP, > it's working fine. This machine (namely nadia.irken.org) has an IPv6 > access. To provide IPv6 access to my others PCs I have the subnet > 2001:6f8:306::/48 > > nadia.irken.org has two addresses : > 2001:6f8:202:202::2 -> my end of the tunnel with SixXS > and 2001:6f8:306::1 is 2001:6f8:306::1 attached to eth0 with netmask /48 > > My other PC, kaname.irken.org has address 2001:6f8:306::11 > > When I try to ping6 www.ipv6.org with kaname, it seems not to work : > tcpdump on nadia shows that echo requests comes from eth0 (local > network) and goes out through the sixxs interface. nadia then receives > replies from www.ipv6.org but does not forward them to kaname, instead > nadia sends back an icmp6 destination unreachable error to www.ipv6.org. can you ping 2001:6f8:306::1 from 2001:6f8:306::11, then can you ping 2001:6f8:202:202::2. if not look at ip -6 r g 2001:6f8:202:202::2 see what is says try the reverse ping 2001:6f8:306::11 from 2001:6f8:306::1. Also have you turned on ipv6 forwarding ? sudo sysctl -a | grep ipv6 also maybe check ip6tables -nvL > > Now what is strange is if I ping6 nadia from kaname (or the opposite) at > the same time kaname pings www.ipv6.org all is working fine! > > If I stop the ping between nadia and kaname, kaname still continues to > receive replies from www.ipv6.org for a few seconds and then it stops > working. > > I presume this has something to do with the neighbor > solicitation/advertisement feature, but I don't know how to solve the > problem. > > Please let me know if you need additional informations. > > Any help would be greatly appreciated. > -- > strawks <[EMAIL PROTECTED]> signature.asc Description: Digital signature