Hello,
I have some issues with IPv6 routing. I mean everything works just fine - Internet browsing, test-ipv6.com and so on. But I have trouble pinging some local addresses in our NOC:
For example from Linux box in same network:
alchemyx@cerber:~$ ping6 2a03:e800::1 -c 3
PING 2a03:e800::1(2a03:e800::1) 56 data bytes
64 bytes from 2a03:e800::1: icmp_seq=1 ttl=63 time=0.696 ms
64 bytes from 2a03:e800::1: icmp_seq=2 ttl=63 time=0.711 ms
64 bytes from 2a03:e800::1: icmp_seq=3 ttl=63 time=0.726 ms
--- 2a03:e800::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.696/0.711/0.726/0.012 ms
alchemyx@cerber:~$ mtr --report -n 2a03:e800::1
HOST: cerber Loss% Snt Last Avg Best Wrst StDev
1.|-- 2a03:e800:0:3::1 0.0% 10 0.8 20.7 0.6 200.3 63.1
2.|-- 2a03:e800::1 0.0% 10 1.0 0.8 0.7 1.0 0.1
But from Mikrotik:
[admin@WiFoo] /ipv6 route> /ping 2a03:e800::1 count=3
HOST SIZE TTL TIME STATUS
timeout
timeout
timeout
sent=3 received=0 packet-loss=100%
HOST SIZE TTL TIME STATUS
[admin@WiFoo] /ipv6 route> /tool traceroute 2a03:e800::1
# ADDRESS RT1 RT2 RT3 STATUS
1 2a03:e800::3:0:0:0:1 2ms 1ms 1ms
2 2a03:e800::1 1ms 1ms 1ms
Funny thing is from 2a03:e800::1 (our edge router) I can ping and traceroute that Mikrotik router. When I watch traffic on mirrored port on our central switch I can see no traffic when pinging from Mikrotik. So it seems to me as routing / firewalling issues.
Do you have any recommendations where to look?
[admin@WiFoo] /ipv6> /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 G 2a03:e800:1:6c5:d6ca:6dff:fe21:1f7b/64 bridge-local yes
1 G 2a03:e800::3:d6ca:6dff:fe21:1f7a/64 1-WAN no
I added address manually on WAN, because it had to be EUI-64 (we are using SLAAC on our networks). Routing:
[admin@WiFoo] /ipv6> /ipv6 route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 2a03:e800::3:0:0:0:1 1
1 ADC 2a03:e800::3:0:0:0:0/64 1-WAN 0
2 ADC 2a03:e800:1:6c5::/64 bridge-local 0
Firewall rules for IPv6 are empty for now.
UPDATE:
Solution: ping 2a03:e800::001
