2

So this morning, I have been trying to configure IPv6 upon my network using the guide I found on reddit (of all places) at http://ipv6friday.org/blog/2012/06/ipv6-enabling-training/. Now at first glance, this appears to be working, however, the machine that I am testing, while it is correctly obtaining an address from the range, isn't routing IPv6 where I would expect as demo'd by:

[server] output of "ping6 -c 3 www.facebook.com"

PING www.facebook.com(www6-slb-10-03-frc1.facebook.com) 56 data bytes
64 bytes from www6-slb-10-03-frc1.facebook.com: icmp_seq=1 ttl=47 time=133 ms
64 bytes from www6-slb-10-03-frc1.facebook.com: icmp_seq=2 ttl=47 time=132 ms
64 bytes from www6-slb-10-03-frc1.facebook.com: icmp_seq=3 ttl=47 time=133 ms

--- www.facebook.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 132.464/133.152/133.669/0.506 ms

and

[client] output of "ping6 -c 3 www.facebook.com"

PING www.facebook.com(www6-slb-10-03-frc1.facebook.com) 56 data bytes

--- www.facebook.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2016ms

A copy of relevant configurations is below. I have partially anonymised the ranges used:

[server] /etc/radvd.conf

interface eth0 {
    AdvSendAdvert on;
    MinRtrAdvInterval 3;
    MaxRtrAdvInterval 10;
    AdvHomeAgentFlag off;

    prefix 2a01:348:6:XXX::/64 {

        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;

    }; 

    RDNSS 2a01:348:6:XXX::2 {

        AdvRDNSSLifetime 30;

    };
};

[client] output of "sudo ifconfig"

wlan0     Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:dd  
          inet addr:192.168.1.31  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2a01:348:6:XXX:XXX:feff:fe81:70dd/64 Scope:Global
          inet6 addr: fe80::c617:XXX:XXX:70dd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:99921 errors:0 dropped:0 overruns:0 frame:0
          TX packets:74457 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:103144730 (103.1 MB)  TX bytes:10523791 (10.5 MB)

[client] output of "ip -6 route show dev wlan0"

2a01:348:6:XXX::/64  proto kernel  metric 256  expires 86405sec
fe80::/64  proto kernel  metric 256 
default via fe80::202:XXX:XXX:7345  proto kernel  metric 1024  hoplimit 64

Now by my thinking, this is trying to route IPv6 over loopback by default and not using the other route via 2a01. My question, what is going on here and how do I change the default routing?

Thanks in advance!

Edit

As requested, a traceroute from the server to facebook:

[server] output of "traceroute -6 www.facebook.com"

matthew@192:~$ traceroute -6 www.facebook.com
traceroute to www.facebook.com (2a03:2880:2110:3f03:face:b00c::), 30 hops max, 80 byte packets
 1  gw-1459.lon-02.gb.sixxs.net (2a01:348:6:5b2::1)  80.071 ms  81.407 ms  81.361 ms
 2  gblon02.sixxs.net (2a01:348:0:4:0:3:1:1)  81.271 ms  95.160 ms  109.436 ms
 3  ge-0-0-5-20.cs0.thw.uk.goscomb.net (2a01:348:0:4:0:3:0:1)  109.430 ms  109.065 ms  109.004 ms
 4  xe-0-1-1.cs0.the.uk.goscomb.net (2a01:348::36:1:1)  108.915 ms  108.905 ms  108.815 ms
 5  xe-0-1-0.cs0.gs2.uk.goscomb.net (2a01:348::24:1:1)  110.143 ms  110.089 ms  110.033 ms
 6  xe-0-1-0-0.cs1.gs2.uk.goscomb.net (2a01:348::40:1:1)  109.943 ms  46.947 ms  47.509 ms
 7  xe-0-1-0.cs0.sov.uk.goscomb.net (2a01:348::41:1:1)  53.724 ms  53.645 ms  54.847 ms
 8  ge-1-1-5.rt0.sov.uk.goscomb.net (2a01:348::17:0:1)  56.107 ms  58.176 ms  59.559 ms
 9  lonap.he.net (2001:7f8:17::1b1b:1)  63.359 ms  63.270 ms  65.433 ms
10  2001:7f8:4::80a6:1 (2001:7f8:4::80a6:1)  175.217 ms  142.380 ms  174.992 ms
11  xe-3-3-0.bb02.iad2.tfbnw.net (2620:0:1cff:dead:beef::24d)  146.202 ms  148.312 ms  149.878 ms
12  ae9.bb02.frc1.tfbnw.net (2620:0:1cff:dead:beef::d6)  126.861 ms  127.347 ms  128.946 ms
13  ae2.dr01.frc1.tfbnw.net (2620:0:1cff:dead:beef::97)  129.830 ms ae2.dr02.frc1.tfbnw.net (2620:0:1cff:dead:beef::9b)  130.823 ms  132.602 ms
14  2620:0:1cff:dead:beee::163 (2620:0:1cff:dead:beee::163)  134.811 ms 2620:0:1cff:dead:beee::15d (2620:0:1cff:dead:beee::15d)  137.022 ms 2620:0:1cff:dead:beee::153 (2620:0:1cff:dead:beee::153)  139.157 ms

And from the client with IPv6 still enabled via radvd

[client] output of "traceroute -6 www.facebook.com"

matthew@matthew-laptop:~$ traceroute -6 www.facebook.com
traceroute to www.facebook.com (2a03:2880:2110:3f01:face:b00c::), 30 hops max, 80 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
Matthew Gall
  • 355
  • 1
  • 8
  • i assume fe80:xxxxx:7345 is your router? Then this is OK. – MichelZ Jun 17 '12 at 11:14
  • Any Firewalling going on on your router/client machine(s)? – MichelZ Jun 17 '12 at 11:14
  • And another one: Make sure you have enabled forwarding on your router machine: `sudo sysctl -w net.ipv6.conf.all.forwarding=1` – MichelZ Jun 17 '12 at 11:16
  • @MichelZ No firewalling on the gateway device as far as I know. No idea where fe80:: is coming from, I assume it's the default loop address on my NIC. – Matthew Gall Jun 17 '12 at 11:18
  • Also, in /etc/sysctl.conf: net.ipv6.conf.all.forwarding=1 net.ipv6.conf.default.forwarding=1 are already set – Matthew Gall Jun 17 '12 at 11:20
  • fe80:: are link-local addresses which are generated automatically for every Interface, have a read here: `http://en.wikipedia.org/wiki/Link-local_address#IPv6` Can you do a trace of that Facebook page and post it please? – MichelZ Jun 17 '12 at 16:15
  • Just updated the main post with a traceroute from the server to Facebook, which works. And from my laptop (the offending machine) to the same site. – Matthew Gall Jun 18 '12 at 13:01
  • Have you actually requested a subnet, and not just the tunnel? You need another subnet routed to your tunnel endpoint, you CANNOT use the tunnel subnet directly: `https://www.sixxs.net/faq/connectivity/?faq=usingsubnet` `https://www.sixxs.net/home/requestsubnet/` – MichelZ Jun 18 '12 at 13:11
  • This is going to be embarrassing, looks like this is me not reading at all. If you post that as an answer, I'll mark it as such :) Just requested a subnet from sixxs to route over the network. – Matthew Gall Jun 18 '12 at 13:18

1 Answers1

2

Have you actually requested a subnet, and not just the tunnel? You need another subnet routed to your tunnel endpoint, you CANNOT use the tunnel subnet directly:

https://www.sixxs.net/faq/connectivity/?faq=usingsubnet

https://www.sixxs.net/home/requestsubnet/

How do I give connectivity to other hosts on my subnet?

The easiest way to use your subnet is to assign a /64 per network and then setup a Router Advertisement server. As SixXS serves out per tunnel a /48 (a so called site-prefix) as subnets you have the possiblity of having 65535 /64's and thus subnets inside your site. A /48 is an end-site and should thus not be delegated to other administrators.

Under Linux this Router Advertisement (RA) server is called radvd, *BSD (KAME stack) calls it rtadvd. Clients can then be configured using RFC 2462 aka "IPv6 Stateless Address Autoconfiguration".

Note well that in tunnels from the /64 only ::1 (the PoP) and ::2 (your endpoint) can be used as the rest is not routed.

The 'default routed /64' is a routed subnet though and is routed to the endpoint of your tunnel and thus can be used directly for connecting hosts on a seperate link behind your tunnel. If you need to serve multiple /64s behind your endpoint you will need to request a subnet though.

A site is defined as a network with one single administration. The moment a change occurs in administration, one is in a different site. Thus if you have 1 building operated by administration group X and another building operated by admin Y then those are two sites. Of course, when group X and Y, both administratively fall under group A, they can still be taken as to be a single site where wanted.

MichelZ
  • 11,008
  • 4
  • 30
  • 58